On Mon, Dec 18, 2000 at 08:48:38PM -0500, Curtis Johnstone wrote:
> Gerald,
>
> Your spam filter doesn't work with Microsoft OutLook.
If you're using MS Lookout, you have bigger problems than spam :)
> Joking aside, every since I used Travelocity's Web site, and
> unfortunately gave them my e-mail address, I have been getting
> about 4-7 spam messages a day and it is getting really
> irritating.
Hmm... they shouldn't be giving out your email address without
your consent. Some people use specific variations of their email
address for each site they sign up for, so they can tell for sure
who to blame for the spam.
It's also fairly likely that your address was harvested from the
fogo mailing list archives.
> I would like to write a "double spam" anti-spam filter. In
> addition to filtering rubbish, once the filter (or user) has
> found a 'spammer' (via the originator e-mail address), any
> messages received from the spammer triggers 100 messages
> (filter configurable) back to that originator address. Even if
> the originator's mailbox has magically disappeared, hopefully
> it would cause pain for the ISP's that allow spammers to work.
When I was a student with lots of time on my hands and spam was
just starting, I used to write back to each one saying "here is
the core dump you requested, please let me know if you need any
more", with a 4 meg attachment (which was big in those days ;)
But I have found that trying to track down spammers is just a
waste of time -- by the time you reply, either the open relay
has been shut down (or flooded with other complaints), or the
spammer's temporary ISP account has been shut down.
Once all the open relays are shut down, all the spam will have
to come from temporary ISP accounts. Some ways I have thought
of to elimate that problem are:
1. ISPs should enforce a limit on the number of outgoing
messages per day per account (maybe 10/day for new accounts,
increasing to 100/day otherwise.)
2. ISPs should require a credit card for signup (maybe they do
already), with a condition in the agreement that they will
charge $1000 to the credit card if it's used for spamming.
But ISPs want to make it as easy as possible for new people to
sign up, so they need to be convinced this stuff is worth doing
somehow.
(#1 above seems easy and cost-effective to me, but #2 is trickier
to justify unless they can collect enough $1000 penalties to make
up for the loss of potential new customers.)
> Yeah it is easy enough to spoof an SMTP address. Usually in the
> message headers there is enough information to make a valid
> attempt at the address or the Gateway though (of course if it
> went through a gateway that allow relaying you just nailed the
> wrong person).
Open relays deserve to be nailed...
> I just got a spam from an e-mail address : "uniqueproduct" just
> now (that's all in the originator address -- no '@' or
> right-hand side). The message header says shows it came from
> the gateway : (nwb1.nwb.co.jp [210.164.95.2]) -- see below. I
> telneted to port 25 and it accepted a message to
> "uniqueproduct". Who knows where it actually went though.
:
I use a perl script called rlytest to check for open relays:
http://www.unicom.com/sw/rlytest/
The previous system I used for spam filtering [1] could block mail
from known open relays using ORBS [2], but I found that it didn't
really solve my problem since a lot of spam was still getting
through, yet it would occasionally block a valid message. So I
decided to try a whitelist-based approach instead for a while.
So far, so good -- it trapped 18 messages from unknown senders,
three of them non-spam: one test message from a friend, and a bulk
email each from amazon.com and ebay (I could opt out of those,
but I'm interested in how those companies use email for marketing.)
I haven't enabled this filter for my w3c mail yet, or it would
have caught a lot more.
[1]
http://impressive.net/archives/fogo/[email protected]
[2]
http://www.orbs.org/
--
Gerald Oskoboiny <
[email protected]>
http://impressive.net/people/gerald/