[OT] Beware, Spam Source

I decided not to try to fight them, I disabled the catch-all tag for my
domain and shortly
they stopped using my email.

The spammers were selling medicine. The usual crap.

SioL
this is by far the best thing to do, just ignore it and take it on the
chin...
 
"UncleWobbly" <hendy@talk21.com> wrote in message news:40a5eafd$0$4588$db0fefd9@news.zen.co.uk...
I decided not to try to fight them, I disabled the catch-all tag for my
domain and shortly
they stopped using my email.

The spammers were selling medicine. The usual crap.

SioL

this is by far the best thing to do, just ignore it and take it on the
chin...
Do you have a better idea?

SioL
 
"Richard Henry" <rphenry@home.com> wrote in message
news:R%Toc.29106$fE.14751@fed1read02...
"Jim Thompson" <thegreatone@example.com> wrote in message
news:6a28a0hpg5ft6i1103ikhibauaaqngdpj2@4ax.com...
As many of you know I have been finagling my E-mail addresses so
that
(basically) everyone has their own personalized address to send to.

Naturally enough I created a special E-mail address for my domain
registrations.

Almost exactly a month has gone by, and I'm now seeing spam to that
address.

So spammers are scanning domain registrations :-(

Fortunately the address is so unique that it's easy to filter and
send
spam straight to the blackhole, yet receive legitimate registrar
E-mails.

So be careful.

(Apparently someone is offering "blind" registrations, BUT they
actually hold the registration which makes me a bit uneasy.)


My ISP (Cox Communications in San Diego) jut started offering SPAM
filtering
as a free service. All suspected Spam is modified so that the header
includes

-- Spam --

which makes it easy to divert into a separate folder for later
examination
(so far nothing has gone in there by mistake). I'm down to about 5 or
6
spams leaking through per day, and currently there are 19 in the spam
folder
since I cleared it out about an hour ago.

Holy smokes! And I thought 75 a week was bad on my freebie email acct.
So tell us what product youe ISP is using for filtering.

At work we started using Sophos Pure Message about a month ago and it
has eliminated a lot of spam. I've talked to a anumber of the users and
they have all said that it has reduced the spam dramatically.

But the company is secretive about how they do the filtering. All I can
find in their website is that they use a 'cocktail' approach, with more
than one method of filtering.

But a nigerian 419 letter slipped thru the other day, and in the headers
it was marked as 43% probability. We have the cutoff point set at 50%.
I was further dismayed to find out that a legit piece of email
advertising was marked at 44%, so if I set Outhouse to filter out
percentages below 50%, it may filter out some false positives. Bummer.

I was reading that one of the oompanies said that they found that spam
made up over 3/4 of the emails last month. That's really dismaying, and
should be viewed with great consternation, because it means that laws
haven't been enforced enough, and spammers are just deluging the net
with sewage to get past the heavy filtering that almost every ISP is now
doing. If the increase in spam isn't brought to a halt, the whole net
will become logjammed with spam.

Both AOL and Microsoft have publicly stated that they filter out 2.4
Billion spams a day or more, just a staggering amount of net pollution -
over 50 thousand a second!

--
@@F@r@o@m@@O@r@a@n@g@e@@C@o@u@n@t@y@,@@C@a@l@,@@w@h@e@r@e@@
###Got a Question about ELECTRONICS? Check HERE First:###
http://users.pandora.be/educypedia/electronics/databank.htm
My email address is whitelisted. *All* email sent to it
goes directly to the trash unless you add NOSPAM in the
Subject: line with other stuff. alondra101 <at> hotmail.com
Don't be ripped off by the big book dealers. Go to the URL
that will give you a choice and save you money(up to half).
http://www.everybookstore.com You'll be glad you did!
Just when you thought you had all this figured out, the gov't
changed it: http://physics.nist.gov/cuu/Units/binary.html
@@t@h@e@@a@f@f@l@u@e@n@t@@m@e@e@t@@t@h@e@@E@f@f@l@u@e@n@t@@
 
"Watson A.Name - "Watt Sun, the Dark Remover"" <NOSPAM@dslextreme.com>
wrote in message news:10afu56s9drge0d@corp.supernews.com...
Both AOL and Microsoft have publicly stated that they filter out 2.4
Billion spams a day or more, just a staggering amount of net
pollution -
over 50 thousand a second!
I have a junk account at hotmail that I use for things that might
generate spam. I used it for the free trial of Mathematica, and the
download and password message wasn't showing up. After a while I
decided to toss my 'junk', and for some reason the hotmail filters
decided that the download and password message belonged with the
Viagra ads. Actually, everything from wolfram is getting filtered...

Regards
Bob Monsen
 
But a nigerian 419 letter slipped thru the other day, and in the headers
it was marked as 43% probability. We have the cutoff point set at 50%.
I was further dismayed to find out that a legit piece of email
advertising was marked at 44%, so if I set Outhouse to filter out
percentages below 50%, it may filter out some false positives. Bummer.
This is always a risk you take... we have a cut-off of 80% which works
fairly well - only had 3 spam today... the rule is a composite... the
scanning is the 80% bit but an additional rule that checks the mail first is
to see if it has originated from a known source or bounced through a realy..
if it has, no further scanning happens, it is deleted without notice.

The hits on these two rules seem to be about 55% relayed, 45% spam "looking"

When spam does get through, we forward it to a special address to teach the
engine about it - very effective.

I do know that we have lost required mail though in tiny quantities. This is
bounced back to the sender and at least they know it wasn't recievede. What
can you do about it? Raise the threshold and more spam gets through. What we
have done is to introduce a "magic word" so that if a mail is sent with that
word in it, it is passed directly with no further scanning. Which helps.

Current hits for May are:
--------------------------------------
FastTrack 38
4_RLY 0% 1809
1_DEFSPAM 80% 1444
2_KNWNWDS 20% 21

so that is 3000+ spam stopped in 17 days *sigh*
 
"UncleWobbly" <hendy@talk21.com> wrote in message
news:40a906d2$0$4575$db0fefd9@news.zen.co.uk...
But a nigerian 419 letter slipped thru the other day, and in the
headers
it was marked as 43% probability. We have the cutoff point set at
50%.
I was further dismayed to find out that a legit piece of email
advertising was marked at 44%, so if I set Outhouse to filter out
percentages below 50%, it may filter out some false positives.
Bummer.


This is always a risk you take... we have a cut-off of 80% which works
fairly well - only had 3 spam today... the rule is a composite... the
scanning is the 80% bit but an additional rule that checks the mail
first is
to see if it has originated from a known source or bounced through a
realy..
if it has, no further scanning happens, it is deleted without notice.

The hits on these two rules seem to be about 55% relayed, 45% spam
"looking"

When spam does get through, we forward it to a special address to
teach the
engine about it - very effective.

I do know that we have lost required mail though in tiny quantities.
This is
bounced back to the sender and at least they know it wasn't recievede.
What
can you do about it? Raise the threshold and more spam gets through.
What we
have done is to introduce a "magic word" so that if a mail is sent
with that
word in it, it is passed directly with no further scanning. Which
helps.

Current hits for May are:
--------------------------------------
FastTrack 38
4_RLY 0% 1809
1_DEFSPAM 80% 1444
2_KNWNWDS 20% 21

so that is 3000+ spam stopped in 17 days *sigh*
What antispam software are you using? I'm not sure that we can use
Outhouse or exchange for that matter to prefilter before the Pure
Messages gets to it. One reason that I say this is that we are still
using sendmail on a *nix box as our email gateway. And also, our admin
doesn't give the users permission to train the software.

On the other front, I was reading this article.
http://www.axcessnews.com/stockpatrol_051404.shtml

All of a sudden, it dawned on me. The authors of the Can Spam Act
forgot one thing, that now that I think back on it, is all too obvious
to be forgotten. Remember back when almost all spams lied, "This email
complies with S.1618 passed by congress in blah-blah.. and cannot be
called spam.."

Well, the authors of the Can Spam Act forgot to add an "egregiosity
clause". It should have said, if spammer fraudulently claims that their
spam complies with the Can Spam Act, then the penalties of section
so-and-so are DOUBLED. Or maybe even tripled. So the spammer could get
10 or 15 years instead of five, and be fined 20 or 30 thousand instead
of 10 thousand!

Don't you think that, for spammers, this is a much more fitting
punishment?

YES!
--
@@F@r@o@m@@O@r@a@n@g@e@@C@o@u@n@t@y@,@@C@a@l@,@@w@h@e@r@e@@
###Got a Question about ELECTRONICS? Check HERE First:###
http://users.pandora.be/educypedia/electronics/databank.htm
My email address is whitelisted. *All* email sent to it
goes directly to the trash unless you add NOSPAM in the
Subject: line with other stuff. alondra101 <at> hotmail.com
Don't be ripped off by the big book dealers. Go to the URL
that will give you a choice and save you money(up to half).
http://www.everybookstore.com You'll be glad you did!
Just when you thought you had all this figured out, the gov't
changed it: http://physics.nist.gov/cuu/Units/binary.html
@@t@h@e@@a@f@f@l@u@e@n@t@@m@e@e@t@@t@h@e@@E@f@f@l@u@e@n@t@@
 
Don't you think that, for spammers, this is a much more fitting
punishment?

YES!
not nearly sufficient... nothing short of flayed alive then rolled in salt
:eek:)
 
"UncleWobbly" <hendy@talk21.com> wrote in message
news:40aa74d1$0$4592$db0fefd9@news.zen.co.uk...
Don't you think that, for spammers, this is a much more fitting
punishment?

YES!

not nearly sufficient... nothing short of flayed alive then rolled in
salt
:eek:)
I just knew someone would chime in with the usual 'boil 'em in oil' type
of punishment. AS much as we'd all like to see that, it'll never
happen. But we really need to deal with reality, and get the gummint
crackin' on dragging these parasites into the legal system and grinding
them down. It's common knowledge that only a couple hundred of them are
responsible for causing most of the damage, so a concerted effort from
law enforcement would do some serious damage to their abuse of the net.

We needed this done years ago. It's gone way past the crisis stage.

--
@@F@r@o@m@@O@r@a@n@g@e@@C@o@u@n@t@y@,@@C@a@l@,@@w@h@e@r@e@@
###Got a Question about ELECTRONICS? Check HERE First:###
http://users.pandora.be/educypedia/electronics/databank.htm
My email address is whitelisted. *All* email sent to it
goes directly to the trash unless you add NOSPAM in the
Subject: line with other stuff. alondra101 <at> hotmail.com
Don't be ripped off by the big book dealers. Go to the URL
that will give you a choice and save you money(up to half).
http://www.everybookstore.com You'll be glad you did!
Just when you thought you had all this figured out, the gov't
changed it: http://physics.nist.gov/cuu/Units/binary.html
@@t@h@e@@a@f@f@l@u@e@n@t@@m@e@e@t@@t@h@e@@E@f@f@l@u@e@n@t@@
 
I just knew someone would chime in with the usual 'boil 'em in oil' type
of punishment.
dammit... disengage predictable mode... :eek:)
 
UncleWobbly wrote:

I just knew someone would chime in with the usual 'boil 'em in oil' type
of punishment.

dammit... disengage predictable mode... :eek:)
Heh.. It would be a comedy, if it wasn't such a tragedy. They're
saying in the newsmedia that 3 out of 4 (or more!) emails are spam.
Seriously. It's just an unbelievable disaster waiting to happen.
 
"Watson A.Name - "Watt Sun, the Dark Remover"" <NOSPAM@dslextreme.com> wrote
in message
I just knew someone would chime in with the usual 'boil 'em in oil' type
of punishment. AS much as we'd all like to see that, it'll never
happen. But we really need to deal with reality, and get the gummint
crackin' on dragging these parasites into the legal system and grinding
them down. It's common knowledge that only a couple hundred of them are
responsible for causing most of the damage, so a concerted effort from
law enforcement would do some serious damage to their abuse of the net.
Every body wants Da Gubmint to take care of their problems for them.
Sheesh! Whatever happened to that "shitlist" dealie, where somebody
maintained a file of IPs of spammers, and other ISPs and people who
shuttle traffic back and forth would start bouncing packets from these
IPs. It'd sure be simple to do.

And you say they go through anonymizers? Fuck'em. Bounce the anonymizer.

They spoof their "from" addy? Well, fix whatever computer's letting
them get away with _that_!

Cheers!
Rich
 
Rich Grise wrote:
"Watson A.Name - "Watt Sun, the Dark Remover"" <NOSPAM@dslextreme.com> wrote
in message
I just knew someone would chime in with the usual 'boil 'em in oil' type
of punishment. AS much as we'd all like to see that, it'll never
happen. But we really need to deal with reality, and get the gummint
crackin' on dragging these parasites into the legal system and grinding
them down. It's common knowledge that only a couple hundred of them are
responsible for causing most of the damage, so a concerted effort from
law enforcement would do some serious damage to their abuse of the net.

Every body wants Da Gubmint to take care of their problems for them.
-----------------------
That's because we want all of us to gang up on criminal bullies and
do away with them, the govt is merely ALL OF US!!


Sheesh! Whatever happened to that "shitlist" dealie, where somebody
maintained a file of IPs of spammers, and other ISPs and people who
shuttle traffic back and forth would start bouncing packets from these
IPs. It'd sure be simple to do.
-------------------------
Because it has an uncertain result we don't have to bother with.


And you say they go through anonymizers? Fuck'em. Bounce the > anonymizer.
--------------------------
We should cut any anonymizer that emits spam off the Net.


They spoof their "from" addy? Well, fix whatever computer's letting
them get away with _that_!

Cheers!
Rich
------------
Yup. But the govt does this best.

-Steve
--
-Steve Walz rstevew@armory.com ftp://ftp.armory.com/pub/user/rstevew
Electronics Site!! 1000's of Files and Dirs!! With Schematics Galore!!
http://www.armory.com/~rstevew or http://www.armory.com/~rstevew/Public
 
"Watson A.Name "Watt Sun - the Dark Remover"" <NOSPAM@dslextreme.com> wrote
in message news:c8gpon$74gdq$1@hades.csu.net...
UncleWobbly wrote:

I just knew someone would chime in with the usual 'boil 'em in oil' type
of punishment.

dammit... disengage predictable mode... :eek:)

Heh.. It would be a comedy, if it wasn't such a tragedy. They're
saying in the newsmedia that 3 out of 4 (or more!) emails are spam.
Seriously. It's just an unbelievable disaster waiting to happen.
saw a figure from message labs saying that 83.2% of traffic in the US for
April was spam .. OH. MY. GOD!
 
And you say they go through anonymizers? Fuck'em. Bounce the
anonymizer.

see my stats in earlier post... the RLY is for anytning that bounced through
a known relay or from any "media company" that is a known source... deleted
without notification. The S/W does a dns (ip) lookup on spambag, et al... if
one matches then it's curtains. I am sure that some are on there for duff
reasons (badly configed server) but as you say... Fuck 'em

We should cut any anonymizer that emits spam off the Net.
agreed. We used to firewall the whole of Asia from traffic inbound port 25
but we started to lose mail from japan that we wanted and it was just
getting tooooooooo big-a-job to keep on top of the firewall rules... still a
few there tho'

what would be better IMHO is is the ISPs did not allow *automatic* outbound
SMTP from their users. Joe public with an AOL account will only want to
connect to AOL's mailer... This would scotch nearly every spambot infected
PC in a NY minute... Anyone who WANTS outbound 25 only has to ask for it...
the vast majority of net users wouldn't even know what this is all about and
so wouldn't be impacted. Probs then with port blocking and users on DHCP
etc... :eek:( what to do?

I am convinced this will only be solved by statue... but then if someone
send out a million spams and one person replies sying "yes please" (and they
do) then you have evidence the spamer can use to fight the corner. I think I
am just going to kill myself instead... then they'll be sorry :eek:)
 
"Rich Grise" <null@example.net> wrote in message
news:jpTqc.3219$dq4.2308@nwrddc01.gnilink.net...
"Watson A.Name - "Watt Sun, the Dark Remover"" <NOSPAM@dslextreme.com
wrote
in message
I just knew someone would chime in with the usual 'boil 'em in oil'
type
of punishment. AS much as we'd all like to see that, it'll never
happen. But we really need to deal with reality, and get the
gummint
crackin' on dragging these parasites into the legal system and
grinding
them down. It's common knowledge that only a couple hundred of them
are
responsible for causing most of the damage, so a concerted effort
from
law enforcement would do some serious damage to their abuse of the
net.

Every body wants Da Gubmint to take care of their problems for them.
Well, laws aren't worth the paper they're printed on unless they're
enforced. And spamming may be lucrative enough that the spammers are
willing to take the risk of being caught if the chances are slim. The
LEAs just need to make the chances a lot less slim.

Sheesh! Whatever happened to that "shitlist" dealie, where somebody
maintained a file of IPs of spammers, and other ISPs and people who
shuttle traffic back and forth would start bouncing packets from these
IPs. It'd sure be simple to do.
Already happening. Spamhaus has one, MAPS has a list, and there are
several others. One problem is that spammers or their lackies are doing
Denial of Service on some lists.

And you say they go through anonymizers? Fuck'em. Bounce the
anonymizer.

Problem is that as soon as a good portion of the proxies get blocked,
another worm/virus is released, and it infects another hundred thousand
or more PCs, mostly on home broadband DSL or cable, and the block list
is ineffective and has to be reupdated. It's a neverending battle, and
the spammers have managed to keep ahead of the game. Some ISPs have
stopped allowing any poret 25 email traffic from their users to pass
thru to the outside world. Another help is a DUL list, which gives the
IPs of all of an ISP's cable or DSL users.

They spoof their "from" addy? Well, fix whatever computer's letting
them get away with _that_!
That's what Microsoft's 'Caller ID for Email', SPF (sender policy
framework), and Yahoo's DomainKeys are all about. One or more of these
is about to be pushed and/or implemented. But already at least one
spammer has a server with SPF.

They're saying that over 2/3 of the spam servers are in China. Some
companies block all traffic from there and have some success. But the
problem is that more and more companies have legit email from china, so
that's a problem.

Filtering helps, but there's always the risk of losing an important
email as a false positive. Believe it, Rich, if there was an easy
solution, spam wouldn't be such a big problem.

Check this out: (As of May 19, 2004)
http://click.wh5.com/redirect.php?c=25680&u=xk725pggvc83zv4x


Cheers!
Rich

--
@@F@r@o@m@@O@r@a@n@g@e@@C@o@u@n@t@y@,@@C@a@l@,@@w@h@e@r@e@@
###Got a Question about ELECTRONICS? Check HERE First:###
http://users.pandora.be/educypedia/electronics/databank.htm
My email address is whitelisted. *All* email sent to it
goes directly to the trash unless you add NOSPAM in the
Subject: line with other stuff. alondra101 <at> hotmail.com
Don't be ripped off by the big book dealers. Go to the URL
that will give you a choice and save you money(up to half).
http://www.everybookstore.com You'll be glad you did!
Just when you thought you had all this figured out, the gov't
changed it: http://physics.nist.gov/cuu/Units/binary.html
@@t@h@e@@a@f@f@l@u@e@n@t@@m@e@e@t@@t@h@e@@E@f@f@l@u@e@n@t@@
 
"UncleWobbly" <hendy@talk21.com> wrote in message
news:40ac54f3$0$4576$db0fefd9@news.zen.co.uk...
"Watson A.Name "Watt Sun - the Dark Remover"" <NOSPAM@dslextreme.com
wrote
in message news:c8gpon$74gdq$1@hades.csu.net...
UncleWobbly wrote:

I just knew someone would chime in with the usual 'boil 'em in
oil' type
of punishment.

dammit... disengage predictable mode... :eek:)

Heh.. It would be a comedy, if it wasn't such a tragedy. They're
saying in the newsmedia that 3 out of 4 (or more!) emails are spam.
Seriously. It's just an unbelievable disaster waiting to happen.

saw a figure from message labs saying that 83.2% of traffic in the US
for
April was spam .. OH. MY. GOD!

Exactly. Holy crap! That's 5 out of 6 emails! AOL has said months ago
that 80 to 90% of their emails are spam. Now it's holding true for ther
other ISPs. And that is still happening even tho AOL has prosecuted
numerous spammers in court. It's not a matter of if, but _when_ the
straw that breaks the camel's back will occur.
 
"UncleWobbly" <hendy@talk21.com> wrote in message
news:40ac5773$0$4580$db0fefd9@news.zen.co.uk...
And you say they go through anonymizers? Fuck'em. Bounce the
anonymizer.

see my stats in earlier post... the RLY is for anytning that bounced
through
a known relay or from any "media company" that is a known source...
deleted
without notification. The S/W does a dns (ip) lookup on spambag, et
al... if
one matches then it's curtains. I am sure that some are on there for
duff
reasons (badly configed server) but as you say... Fuck 'em

We should cut any anonymizer that emits spam off the Net.

agreed. We used to firewall the whole of Asia from traffic inbound
port 25
but we started to lose mail from japan that we wanted and it was just
getting tooooooooo big-a-job to keep on top of the firewall rules...
still a
few there tho'

what would be better IMHO is is the ISPs did not allow *automatic*
outbound
SMTP from their users. Joe public with an AOL account will only want
to
connect to AOL's mailer... This would scotch nearly every spambot
infected
PC in a NY minute... Anyone who WANTS outbound 25 only has to ask for
it...
the vast majority of net users wouldn't even know what this is all
about and
so wouldn't be impacted. Probs then with port blocking and users on
DHCP
etc... :eek:( what to do?

I am convinced this will only be solved by statue... but then if
someone
send out a million spams and one person replies sying "yes please"
(and they
do) then you have evidence the spamer can use to fight the corner. I
think I
am just going to kill myself instead... then they'll be sorry :eek:)
The newsmedia are saying that some users are shying away from using
email because of the spam problem.

Check this out: (As of May 19, 2004)
http://www.ftc.gov/opa/2004/05/sexexplicit.htm
 

Welcome to EDABoard.com

Sponsor

Back
Top