Name and Shame Spam Senders With OpenBSD 166
Peter N. M. Hansteen writes "Once you've identified spam senders, OpenBSD provides all the tools you need to take one step further: exporting their addresses and publishing the evidence. You can even trap them yourself using known bad addresses. It's easy, fun and good netizenship."
"netizenship" (Score:5, Funny)
Re: (Score:3, Insightful)
How can we be expected to take someone seriously when they invent more bullshit.
Re: (Score:2)
Wife is gone on a trip t mother-in-law, drinking a dead guy ale, contemplative and bored.
Re: (Score:2, Funny)
Wife is gone on a trip t mother-in-law, drinking a dead guy ale, contemplative and bored.
Burma shave.
Re: (Score:2)
It's not good netiquitte to post in caps.
Hmmm? (Score:5, Interesting)
Re: (Score:2, Insightful)
Wouldn't that require beating a million computers into a million cubes to take down their bot net? Perhaps hammering their toes would be better.
Re: (Score:3, Insightful)
Couldn't we do both?
Re: (Score:2)
Just install Ubuntu on those botnets
Re: (Score:1)
OK, just kidding, but there is a hole in my brain that would like to to do it anyway ;-)
Re: (Score:3, Funny)
Re: (Score:3, Insightful)
Personally I think this point is important enough that 'fighting' spam shouldn't outright over-rule it. There are already many ways of fighting spam that don't require limiting peoples ability to 'speak':
1/ Using someone's computer without their permission is a criminal act (thus covering the use of Zombie networks).
2/ Using your own computers to serve spam email is costly due to the rate at which you'll have your
Using Windows facilitates criminal acts (Score:2)
1/ Using someone's computer without their permission is a criminal act
First there's the upfront sponsoring of criminal acts. Those supporting MS products are sponsoring anti-competitive and often illegal business methods. Second, Windows can be said to, in effect, be designed to make these takeovers easy, we can extend that observation: running Windows while connected to the net is a criminal act.
Now those are from unpatched systems. However, many remote exploits are available for years [theregister.co.uk] before Waggener Edstrom / Micr
Re: (Score:2)
What about the First Anendment? Surely spammers have free speech rights?
Sure they do. And more power to them.
But free speech doesnt effect either of the points in this thread.
A) Killing a spammer with a sledgehammer is not about repressing their speech, its about punishing them for forcing said speech on me, of which they don't, and never did, have a right to do.
and
B) If they at all cared about free speech rights, they would post their spam on their website and let people choose to view it or not. Stopping that would involve the first amendment. Fortunately the first amendm
Re: (Score:2)
"Free speech" does not protect against fraud or computer intrusion, nor does it apply to speech of a commercial nature.
Re:Hmmm? (Score:4, Funny)
If your interpretation is so loose the the First Amendment gives a spammer the right to spam, then by that same logic the Second Amendment gives me the right to shoot them in the face.
Re:Hmmm? (Score:4, Funny)
Well, I don't know about that second amendment applying here.
But, If you shoot them in the face with style and good form, that should still be covered by the first for artistic expression, no? Just put a blank canvas behind them to be sure.
Re: (Score:2)
Not painful enough. But if his knees, elbows, wrists, and ankles got in the way of the server getting pounded?
You can pound whatever you want of him, but I'll score some of that sweet, sweet server-grade gear!
Missing a few addresses (Score:1, Troll)
These have all been used by Leo Kuvayev (often under his alias "Alex Rodrigez" (note the last name spelling)) in his spamming operations. I'm sure there are more recent ones as well.
Re:Missing a few addresses (Score:4, Funny)
You forgot a couple of his aliases:
dmcbride@sco.com
bgates@gatesfoundation.org
steveb@microsoft.com
jackpeace@comcast.net
the known bad addresses part seems dangerous (Score:5, Interesting)
I agree the vast majority of email sent to "known bad" addresses will be sent by spambots, and that'll probably be the exclusive source for never-published addresses. But in the case where they publish these known-bad addresses on a page that they hope spambots will index, it seems blacklisting based on them is vulnerable to abuse. If I want to get some server blacklisted, and I have any sort of access to send mail from it, I can just send mail to the known-bad addresses. For example, good way for mischievous students to cause mayhem by getting their university's mail servers blacklisted.
Re: (Score:1)
that I think he's avoiding (Score:5, Informative)
I could be misreading, but I think he's using the IP of the server that actually connects to his server and attempts to deliver mail, not the IP reported in the mail headers.
Re: (Score:3, Interesting)
And you missed the parent...
If a blackhat already has access to something like a university's mail system (say through someone's weak password), and sends a message to these known-bad addresses (aka, honyepot) through the university's mail system, then he's successfully blacklisted the university's mail servers.
Re: (Score:2)
If a blackhat already has access to something like a university's mail system (say through someone's weak password), and sends a message to these known-bad addresses (aka, honyepot) through the university's mail system, then he's successfully blacklisted the university's mail servers
You seem to assume that this isn't already a problem. If only you were right; if only...
OTOH, in practice most spam (well, using the sample that gets in my mailbox) actually seems to be routed via hacked home systems.
Re: (Score:2)
The logs aren't based on trusting the headers in the spam. They're based on which machine tried to deliver the spam.
Re the GP: You could cause mayhem at a university by getting bsdly.net to block all mail from them? I don't think so.
Now, if there was actually any value to this name and shame list it might cause trouble, but there isn't. It's just a bad idea. There are lots more spambots than addresses in that list.
Re: (Score:2)
ACCEPT(2) Linux Programmerâ(TM)s Manual ACCEPT(2)
NAME
accept - accept a connection on a socket
int accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen);
The argument addr is a pointer to a sockaddr structure. This structure
is filled in with the address of the peer socket, as known to the com-
munications layer.
netizenship? (Score:5, Funny)
Sorry, I'd never claim citizenship on the internet, after all, who'd want to live in a place that was almost entierly composed of porn?
Oh wait...
Re: (Score:2)
Not Really (Score:5, Interesting)
I think someone tried the latter approach [washingtonpost.com] already and it didn't end up helping her much
Re:Not Really (Score:4, Insightful)
Shaw received a three-month suspended sentence for disorderly conduct, a $345 fine in restitution and a year-long restraining order barring her from the Comcast office.
I assure you that if I could get away with that kind of punishment I'd do the same thing! Only I'd use a bat instead.
Re: (Score:2)
Form response (Score:5, Funny)
Your post advocates a
( ) technical ( ) legislative ( ) market-based (X) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
(X) Spammers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(X) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
(X) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Re: (Score:2)
Wouldn't "blacklists suck" also be appropriate?
Re:Form response (Score:5, Funny)
Re: (Score:2)
tl;dr
Re:Form response (Score:5, Insightful)
Whoosh.
That form is older than I am, and it still works perfectly.
Re: (Score:2)
I've never seen or heard of this form before, but as a fan of the Jargon File (got it in hardback, baby!) I figured it had to be part of the lore and lexicon of the net. The fact that it's hilarious also gives it away.
Re:Form response (Score:5, Funny)
We're sorry to hear that you do not approve of the Universal Crackpot Spam Solution Rebuttal Form [craphound.com]. As you are no doubt aware, per Slashdot rules this form must be posted in all articles pertaining to a spam solution. This form was carefully crafted by leading experts in their field, and has been serving the community well for almost a decade.
Your opinion is important to us, but please be advised that we cannot answer all inquiries or complaints personally. If you have questions concerning the Universal Crackpot Spam Solution Rebuttal Form or its use, please feel free to pipe your inquires to
Sincerely,
The Slashdot Community
Re:Form response (Score:5, Insightful)
mark poster as redundant [..] you must work in some kind of public service office pushing paper to think a form is a good way to express an opinion.
On the contrary. The fact that someone's argument can be criticised and/or refuted via such standardised means (*) shows that it fails in one or more now well-defined areas that previous "solutions" have exhibited and should have been considered this time round. And/or that this is merely an inadvertant repackaging of an older idea.
The slightly tongue-in-cheek form makes the point well, and far from being longwinded is shorthand compared to having a tedious and pointless rehash of previous discussions.
(*) As another poster mentioned, this "form" has been around for ages.
I go with the unpopular GP comment (Score:3, Interesting)
That form looks like a wise and economical approach, but what in the earth could pass clean that form? phone calls? SSL channels with certs? SMTP-Ajax(?)?
Re:I go with the unpopular GP comment (Score:5, Insightful)
Currently, nothing. If somebody ever does come up with something that will, it will spell the end of spam. I'm not holding my breath.
Re: (Score:3, Interesting)
Maybe this is correct: a scheme that passes that "antispam-form", implies the end of spam.
But nobody has demonstrated that the end of the spam does require passing such form.
What protocol/scheme/solution is so perfect in that way? look at the imperfect (but working) TCP/IP. Maybe some people is precluding deployment of acceptable solutions because of that dogma-form.
Re: (Score:2, Interesting)
I'm sure we could have fixed spam by now, were it not for the type of people behind that form. I once saw a spam solution which, aside from irrelevant items such as "this is what I think about you," had nothing marked against it except for "it won't work for mailing lists." Well, fuck, why don't we replace mailing lists with something else? We could use RSS feeds instead, or create a special mailing list protocol (call it the newspaper protocol or something clever like that). ...but no, it seems the rule
Re: (Score:2)
You're probably right.
But the form is still funny.
Re:Form response (Score:4, Insightful)
As Bill Gates and others have noticed previously, a very obvious solution to the whole spam and e-mail viruses problem would involve removing just one single line from this form:
( ) Sending email should be free
Though it is next to atrocious to admit for anyone who's using e-mail now, setting a $$$ cost to each message sent is probably the only way both first-level spammers and owners of infected machines would be forced to go off-line. This doesn't necessarily mean establishing a central authority - ISPs could simply analyze sent traffic.
But a "solution" like that will dramatically change the nature of Internet. It's really tough come up with a working solution that's not worse than the problem.
Re: (Score:2)
Not only will it dramatically change the nature of the Internet, it'll do so with no benefit at all. Most spammers send their mail with botnets. The people paying won't be the spammers, but the people who's machines have been infected.
Re:Form response (Score:5, Insightful)
As Bill Gates and others have noticed previously, a very obvious solution to the whole spam and e-mail viruses problem would involve removing just one single line from this form:
( ) Sending email should be free
(x) Users of email will not put up with it
(x) Requires immediate total cooperation from everybody at once
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
(x) Unpopularity of weird new taxes
(x) Armies of worm riddled broadband-connected Windows boxes
(x) Extreme profitability of spam
(x) Joe jobs and/or identity theft
(x) Countermeasures must work if phased in gradually
(x) Sorry dude, but I don't think it would work.
Re: (Score:2)
Since most of the spam that I get is illegal even according to the CANSPAM act, how would charging people who do illegal things (and thus be unlikely to ever pay up) help?
Re: (Score:3, Insightful)
Actually, if email gets replaced by some other messaging system, it very easily could eliminate spam. The sole reason email spam can't be taken care of with a technological solution is that the infrastructure changes would be too massive and you couldn't get 100% opt-in for any new scheme by such a large number of players.
If SMTP were replaced by something else entirely, that whole problem goes away and you can design proper security into the protocol. All you really need is a protocol that enforces end-t
Re: (Score:2)
No, no, no, you misunderstand. Servers have to sign the communication. Users have to connect to a server. The only thing a spammer could do is to masquerade as a user or masquerade as a server.
If they masquerade as a server, that's a crypto key that the spammers have to pay for, which gets rapidly banned by every mail server in the world after the first email message from it.
If they masquerade as a user, the person receiving the spam could reliably contact that user's ISP, forward the message, and that u
Re: (Score:2)
And then you say "stop doing that or I'll block you" and your friends stop... or you block them. Either way, that's not spam. That's your friend being a jerk. It's a fine line.
Re:Form response (Score:5, Interesting)
Re: (Score:2)
"Miracle cures" for spam are overdone too, but that's no excuse to overdo the reactionary spam list meme too.
Easy, fun... (Score:5, Insightful)
They can call it easy, fun, and good netizenship... But I say they're just putting a friendly face on vigilanteism.
From a technical perspective this isn't that different from other collaborative filtering systems (though since the listing criteria is based on secondary sources, it's going to be susceptible to confirmation bias and other sampling errors, so this isn't likely to be a good one). I take big issue with the naming, though: Other collaborative filters say that "This machine is listed because it met these criteria", which you then make your own decisions on.
It crosses a line when you're saying they should be "shamed", especially when you're not taking extensive precautions to make sure you're not listing innocents.
Re: (Score:3, Interesting)
That's why they do it.
Seriously, it's almost trivial to completely avoid spam now. All of the three major free email vendors, Yahoo, Microsoft and Google, all have excellent spam filters. Every mail client has excellent spam filters. In a world of streaming video being one of the most popular internet uses, the bandwidth consumed by spam isn't a huge deal anymore. (Bittorrent on the other hand...)
Point is, these "spam vigilantes" basically have to go out of their way to even see spam. They enjoy seeing the
Re: (Score:2)
Seriously, it's almost trivial to completely avoid spam now. [...] They enjoy seeing the spam, because then they can get outraged and do stuff like this.
I wouldn't attribute that much malice to it.
Sure, the big players have great spam filtering, but the work it takes to get there isn't trivial. And there are a lot of us who don't use webmail. Having configured a few mail systems, it takes a lot of poking and prodding and fine tuning to get an anti-spam configuration that works really well. In the course of doing it, you see these strong spam signals, and get drawn into them. "Hey, what if I just turn up this setting here? That'd catch a ton of spam!"
Re: (Score:2)
So you're saying that every company and organization should now use the big free email vendors for their email? Dude, what are you smoking? That's a fine solution for Grandma and even myself, but I'd never recommend that some organization rely on a 3rd party server for anything, especially for email. Spam vigilantes aren't random people who get offended by seeing Viagra spam, but most likely people who administer mail servers and know first-hand how insane the problem of spam is, in terms of management h
Re: (Score:2)
It is trivial if you tolerate false positives. But if you cannot accept false positives, it is not trivial. The problem isn't solved until everybody who has a legitimate use for email can set up their own server on which they don't receive any significant amount of spam and at the same time gets all legitimate emails through. Try it, and you will see, that it is not easy. In fact it is already almost impossible to set up a server in a way that give
Re: (Score:2)
Right. It's a blacklist, and suffers from all of the problems that blacklists suffer from. Except, like you say, it's deceitful because they want to dumb things down so that you can treat it like a game.
Maybe blacklists don't grow quickly enough when people are careful. I'd guess that in that case the solution is to start whitelisting. But regardless of what's effective or ethical there will always be some moron who says "let's just make a bigger blacklist".
Re: (Score:2)
Yes, that creates unnecessary backscatter, and facilitates joe jobs.
Re: (Score:2)
I call it "enumerating badness". Continuing to approach spam as a social problem when it is in fact sent out by botnets is not going to help any more than it already has.
I'm not sure if you were saying that society now tolerates *all* crime but note that here in the US violent crime is much lower now than it was even 30 years ago, so something's working.
That's a really bad idea (Score:2, Insightful)
If you want to "name and shame" someone, you need to be 100% sure you got the right person. E-Mail is such a vague and diverse system that you really need to know your network technologies to be able to find who's spamming you with any certainty. There's no automatism which can do it for you. Besides, you don't want to turn into one of those bitter and overzealous anti-spammer types, do you? Work with people who operate or host compromised computers which send spam, improve your spam classification systems,
Really? (Score:5, Informative)
Re:Really? (Score:5, Insightful)
> Really is spam that big of a problem anymore?
For people who actually run email servers the fact that 99% of their traffic is spam is a problem, yes.
Re: (Score:2)
I used to run the main mail router for a major Canadian university. Incoming mail to us was accepted, outgoing from us was sent. Through email, except to bitnet and uucp, was not. While total spam volume increased without bound, the spam volume we had to deal with climbed only rather slowly.
The problem space is harder these days, but these basic steps limited it substantially. If I were still running the service, I'd be concentrating on spotting outgoing spam and notifying the sender that they'd been z
Re:Really? (Score:5, Insightful)
Really is pollution that big of a problem anymore? Ever since I've switched to BigAssFilter air conditioning system, all of the pollution has been filtered out of my home.
Re: (Score:3, Informative)
You don't get spam because of a combination of anti-spam techniques similar to this one. We have to keep developing them, or else the spammers will get ahead.
YOU may not have much of a spam problem, but mail admins everywhere - including google's - most certainly do.
Re: (Score:2)
Tools like these are precisely why many users don't perceive spam to be a problem anymore. If the people running your e-mail servers weren't already using these kinds of spam-fighting tools, then you wouldn't think spam was no longer a problem, because your inbox would be full of it.
Re: (Score:2)
Then again, maybe we just abdicate solving the problem to the big mail handlers like AOL, GMail, Hotmail, etc.
Eventually, almost everyone will use one of these services to filter spam. At that point, those big email carriers can work with each other to coordinate real solutions to the problem that will fix their bandwidth drains.
Re: (Score:2)
While the idea of choking the spam servers with a 1-byte-per second response sounds cute, it won't work for long (the bot-herders are clever, and will learn to work around it), and causes collateral damage. Their "one byte per second" means sending "one packet per second, with a one byte payload. It still has all the TCP/IP overhead needed for every packet, so they're wasting far more bandwidth than the spam message. In other words, they're making themselves another part of the problem (the problem being wasting the shared bandwidth on the network). So yes, I do agree with checking the "vigilante action" box on the obligatory form response.
Whoosh. The point of tarpits is to tie up spammers in the tarpit, to keep them from sending mail elsewhere.
http://www.invisibill.net/2008/01/17/spamd-ftw/ [invisibill.net]
TCP/IP packets have an overhead of about 40 bytes. What would nor
Shame!? (Score:5, Insightful)
What's the point of trying to *shame* a spammer? You can't shame someone who has no shame.
Naming them is pointless, too. "Oh, hey, I found out it's a guy named Viktor in the Ukraine sending me all this spam!" Now what?
Re: (Score:2)
Re: (Score:2)
You have to shame the idiots buying crap from spam. If spam didn't make money, their would be no spam. Its not the spam that is the problem, its that it is a viable business model. You can't stop people from making money from something that works, and obviously works really well.
Re: (Score:2)
Discussion with Ukrainian hitman:
"Look, there's this guy Viktor I want killed..."
"Viktor who?"
"I don't know actually..."
"Well how am I going to find him?"
"All I know is he's a spammer..."
"And you think Viktor is his real name?"
"...oh..."
"So all you know is that you want one spammer killed?"
"It depends... can I have a quantity discount?"
It's too bad (Score:1)
Asking for trouble (Score:4, Insightful)
Most of the article is about grey listing. That's nearly suicidal for most mail server administrators. When I tried it, it did make a difference.
Of course, while it is working..........
Executive A, "This guy just sent me a contract 60 seconds ago. I keep clicking the damn send/receive button but it's not coming in. Are you a fucking moron or something? What the HELL is going on?!!"
Either paranoia, or people trying to send email with attachments to each other while *on the phone*, makes grey listing a huge hassle for the administrator. You just can't force a delay in email of 10 or 20 minutes for most users. The pitch forks and torches come out.
Once you do use it, you cannot control the duration of the delay either. The other mail server has its own settings on how often it retries mail as well. So yours is set to 3, theirs is set to 20. The delay is 20.
I also find it hard to believe that the spammers have not figured this out. It's not like they are stupid. They try very hard to deliver their payloads. It would be trivial to update their software to retry messages that receive those codes.
Oh, and if you have high volume get ready to drain some resources. Keeping track of thousands and thousands of IP addresses in a grey list to determine which one can communicate at what point is resource intensive.
Re: (Score:2)
Most of the article is about grey listing. That's nearly suicidal for most mail server administrators.
That would depend on a lot of things
Executive A, "This guy just sent me a contract 60 seconds ago. I keep clicking the damn send/receive button but it's not coming in. Are you a fucking moron or something? What the HELL is going on?!!"
Chances are high that anyone sending contracts has already sent previous messages, so the receipt of the contract would not be subject to any delay. That's assuming that you
Re: (Score:2, Interesting)
Chances are high that anyone sending contracts has already sent previous messages, so the receipt of the contract would not be subject to any delay.
I did not have such luxury.
So yes, I received Executive A's anger sometimes while not being able to do a
Greylevels & Feedback (Score:2)
It is nice to have some feedback from someone who has actually tried something of the sort, instead of the usual gut-driven reactions. How does just posting 'No' get moderated to 5? Kinda makes you distrust all trust-based networks.
I would have thought the original articles description ought to work. You don't slam someone from white to black because their posting has crossed some arbitrary line. You slowly crank up the delay. Just asking for a resend ought to filter out most of the dumber spambots. If
Re: (Score:2)
BOFH: "What the hell is going on is that the message is currently working through our anti-spam measures -- the ones that filter out all the \/!Agr/\ ads because you keep visiting pr0n sites -- and if you really wanted it right now dammit, you would have had him FAX it.
"But, for a modest rise in salary, I can
Re: (Score:2)
Most of the article is about grey listing.
Not really. Maybe you just saw what you wanted to see.
That's nearly suicidal for most mail server administrators.
Not really. There are many thousands of administrators who have the skill to implement it properly.
When I tried it, it did make a difference.
Of course, while it is working..........
Executive A, "This guy just sent me a contract 60 seconds ago. I keep clicking the damn send/receive button but it's not coming in. Are you a fucking moron or something? What the HELL is going on?!!"
You must not have been one of the competent admins.. sounds like executive A knows it too
Either paranoia, or people trying to send email with attachments to each other while *on the phone*, makes grey listing a huge hassle for the administrator.
Again, not for admins who implement greylisting in a sane way.
You just can't force a delay in email of 10 or 20 minutes for most users. The pitch forks and torches come out.
True, and greylisting (when implemented correctly) does not do this.
Once you do use it, you cannot control the duration of the delay either. The other mail server has its own settings on how often it retries mail as well. So yours is set to 3, theirs is set to 20. The delay is 20.
I also find it hard to believe that the spammers have not figured this out. It's not like they are stupid. They try very hard to deliver their payloads. It would be trivial to update their software to retry messages that receive those codes.
Some have, most haven't. Despite your beliefs, evidence of greylisting's effectiveness is quite easy to come by.
Oh, and if you have high volume get ready to drain some resources. Keeping track of thousands and thousands of IP addresses in a grey list to determine which one can communicate at what point is resource intensive.
No, it isn't. Compared t
Re: (Score:3, Interesting)
also find it hard to believe that the spammers have not figured this out. It's not like they are stupid. They try very hard to deliver their payloads. It would be trivial to update their software to retry messages that receive those codes.
Most spam-sending agents are very simple, and don't even bother looking at the SMTP error codes. Which is pretty sensible, given that most of what they get is probably 550 for bad addresses in their lists. Why even bother spending the time parsing these errors - there's going to be a whole lot of them, and it's mostly trash because your mailing list is mostly trash.
But lets say a spammer does make a spambot that looks for 451 errors and properly tries again later. Many sites recommend a greylist delay of
Re: (Score:2)
Actually, some have. I started greylisting about a year ago, initially with a 1200 second interval. It cut the amount of spam actually delivered to the filters by 90%. Experimentally, I cut the delay period to 60 seconds and the numbers stayed steady, implying that
Re: (Score:2)
Re: (Score:2)
I suppose this can't be construed as libel, right? ;)
T-Mobile and Capital One. Logs showed no retries for either one. They just took 451 as a permanent failure.
Re: (Score:2)
``Most of the article is about grey listing. That's nearly suicidal for most mail server administrators.''
How so?
``Of course, while it is working..........
Executive A, "This guy just sent me a contract 60 seconds ago. I keep clicking the damn send/receive button but it's not coming in. Are you a fucking moron or something? What the HELL is going on?!!"''
I use greylisting, but only for addresses that are on a blacklist. The idea is that, if there is no indication that the mail is spam, it gets through right
Re: (Score:2)
Worse, yours is set to 10, theirs is set to 11. The delay is still 20.
Which is why only highly trained professional musicians should be allowed machines that go as high as 11. :-)
Re: (Score:2)
Worse, yours is set to 10, theirs is set to 11. The delay is still 20.
Which is why only highly trained professional musicians should be allowed machines that go as high as 11. :-)
That's one more louder than ten, innit!?!?
[cue dwarves]
What a bad idea! (Score:1)
Wow, what a stupid idea. He is just adding to the problem.
Most spammers never look at return mail. The return address is usually bogus, or, worse, somebody ELSE's legitimate email address.
As a one-time victim I can attest to the potential damage of the approach this idiot is advocating. (My domain name was used in a prolific spammer's return address - the resulting deluge shut-down my ISP for a few hours. My domain at the time was live.net - the spammer was advertising a phone service with "live girls"...)
S
You're an idiot. (Score:2, Informative)
Wow you're an idiot and you don't understand email. He's using the TARGET address to blacklist the IP ADDRESS from the SMTP CONNECTION. That's the envelope sender, not the mail header's return address.
Do your research before you start casting wild allegations around.
Re:Nothing at all to do with Joe Jobs (Score:2)
He's generating a list of spamtrap addresses, based on his server logs of the unknown addresses in his own domain. If your address isn't in his domain, you're unaffected.
He is publishing his list of bad addresses on a page as a spamtrap. If you don't harvest email addresses off this page, you're unaffected.
He's publishing a list of IPs which have sent messages to those spamtrap addresses (at his own domain, using his own mailserver). If your server didn't send mail to a spamtrap address on his server, yo
But... (Score:3, Insightful)
One nice feature... (Score:2)
Re: (Score:2)
That "frustration" can stop spammers. If they cannot deliver spam quickly and cheaply, they cannot be profitable.
But is it worth the consequences of slowing down legitimate traffic? No.
Re: (Score:2)
Good point, but requires universal adoption.
Project Honeypot (Score:2)
I'm a contributing member of Project Honeypot, having been responsible for "catching" several spammers with my little honeypot, and I'm also contributing an MX record for its use. I think that's good enough. If everyone who had even a simple blog contributed to the Project, there'd be no place left for spammers to hide. Its http:BL [bl] database exists as a free resource for anyone to use. Not only do I contribute to Project Honeypot, I also use http:BL [bl] to help keep the comment spammers out of my blog:
http:/ [vulcantourist.info]
BSD guy living behind the moon... (Score:2)
Fighting Back (Score:2)
Re: (Score:2)