homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

This 72 message thread spans 3 pages: 72 ( [1] 2 3 > >     
Email Spam Kill Ratios?

 3:37 pm on Dec 2, 2002 (gmt 0)

41 Spammers Reported
12 ISP kills.

What can I do to better the odds of a successful report to an ISP and get the spammer booted?



 3:38 pm on Dec 2, 2002 (gmt 0)

muffin basket?


 3:44 pm on Dec 2, 2002 (gmt 0)

Explain the situation a little further, what kinda spam? (E-Mail?) Whos server, what services, what OS (software solutions?)


 4:17 pm on Dec 2, 2002 (gmt 0)

tell the ISP you'll dump them unless they get rid.


 4:30 pm on Dec 2, 2002 (gmt 0)

Missouri has done a fine job getting rid of spam phone callers with legislation imposing stiff penalties and a willing Attorneys General to prosecute.

Now, the state is proposing this legislation to curb email spam:


I will work for its passage and hope it is as effective as the Missouri phone spam law when it is passed.


 4:42 pm on Dec 2, 2002 (gmt 0)

I find varying attitudes by the ISP's when i report spammers.. i mainly just report the nigerian scams as they blatantly put their email address within the text to get back to em.

Yahoo - always pretty quick in shutting their accounts down

MSN - lots of autogen-mails back from them telling me to make sure from them etc etc - eventually most accounts seem to be shut down...

Excite - Their abuse@ address always seems full and my report is bounced back to me

Lycos - slow to do anyhthing if anything...

-- therefore I find it depends who you are reporting to that makes the big difference..


 5:24 pm on Dec 2, 2002 (gmt 0)

By the way Brett, these guys track every known large scale spammer on the planet in realtime. Very interesting site that might help:



 10:05 pm on Dec 2, 2002 (gmt 0)

My legitimate e-mails are now being returned due to the self appointed spam police - 5000 users penalised due to one spammer - and bloody well not me!

Don't sound so proud "spam killers" - you're destroying the Internet.

Wait until your e-mails are returned - and you'll realise how dangerous and indiscriminate this is getting!


 10:33 pm on Dec 2, 2002 (gmt 0)


I've never received legitimate spam.


 10:40 pm on Dec 2, 2002 (gmt 0)

I report my spam mail to SpamCop. They then contact the ISP on my behalf.

Long ramble on what I do ahead...

I have a fairly elaborate system in place. I have my own domain (finally) and I want to route all my email through it but that will never happen as certain free web mails don't let you forward on or download the mail, I want those accounts to die but people still write me there...

So mail comes to my domain, SpamAssassin processes and labels it. I download it in MailSmith, I filter the SpamAssassin labeled mail to my Spam? folder. I also have three rules based Spam filters. One for from address, one for subject, and one for body text looking for spam as well. Mail caught by these rules is moved into the Spam? folder.

Then the SpamSeive filter (a recent find) is run and any mails it doesn't like are moved to Spam? folder. Before I run black lists I have some minimal white lists, but so far only SpamAssassin has had a false positive, but I have yet to have it running that long due to web host issues.

Then on about a weekly basis I go over the mail in my Spam? filter and report them all to SpamCop with a single click.

SpamSeive uses Bayesian spam filtering so I'm continually training it. SpamAssassin is controlled by my budget webhost. My own filters took time to set up and maintain but now that I have SpamSeive I haven't updated them in a week or two.

Roughly 1 or 2 Spams still get through a day. Really short bodies give SpamSeive problems for instance. When I get all three running concurrently I hope to have an almost spam free inbox, this should happen on Dec. 8th according to my web host.

As for kill ratio I don't know as SpamCop handles that. All but the SpamAssassin (which we have running at work now too, (on an OS X box)) runs on Mac OS X.

My university's domain once got put in a black hole that igcom.net subscribed too, this was several years back and I had to get an iname.com account to post to my favorite mailing list so I'm all too familiar with being blacklisted. That said I report every spam I get and have since I bought MailSmith, to SpamCop.



 11:12 pm on Dec 2, 2002 (gmt 0)

I've laced the forums with some "mickey" email addresses. When anything pops up on them, I know it is spam instantly. I've even written a util to prefill out an abuse report with headers and a note about the infraction. I also go back to logs to find what ip accessed that email. From all that, it's a simple click to report them to their isp or whatever open relay they came through.


 11:27 pm on Dec 2, 2002 (gmt 0)


I think you missed WebManager's concern, the problem of spam-fighting tactics that interfere with the delivery of legitimate email.

Over-eager filtering can (and does) create a whole new set of problems.

[edited by: buckworks at 11:43 pm (utc) on Dec. 2, 2002]


 11:38 pm on Dec 2, 2002 (gmt 0)

Yes, I guess I did miss the point. I just would not have believed that anyone could make this claim except bulk/mass mailers of some kind. Pardon my ignorance. I would be interested in knowing how someone becomes blacklisted that does not deserve it and what is done to reverse the improper listing.


 11:42 pm on Dec 2, 2002 (gmt 0)

If your whole ISP gets blacklisted by a major spam blocking service when only a handful of members were the actual offenders, you lose your ability to send out email as well...

If, OTOH, you're reporting individuals to their ISPs to have their individual accounts shut down, it ought to be very easy to prove it wasn't you who sent the offending email if you get wrongly penalized, just by checking ISP mail server logs and showing faked headers.

[edited by: mivox at 11:54 pm (utc) on Dec. 2, 2002]


 11:49 pm on Dec 2, 2002 (gmt 0)

My own ISP did some blocking a couple of months ago that kept a lot of spam out of my mailbox, but also blocked a number of legitimate messages. After more than a week of wondering why my mail volume was reduced, I finally had the wit to ask about filtering, and they changed something that unleased an avalanche of about 400 emails in ten minutes. Some of them were true junk, but there were some important business and personal messages in there as well.

I don't trust anyone except myself to filter my mail.


 12:38 am on Dec 3, 2002 (gmt 0)

>>What can I do to better the odds of a successful report
>>to an ISP and get the spammer booted?

you've had a much better success rate than most people i know. i gave up reporting spammers and now i use the "close to perfect ban list" to get spammers added to spam lists.

in theory, anyone sending me spam will get a lot of spam in return. if more of us do it, spammers could find their business mailboxes unusable within days because they end up on so many spam lists.


 1:44 am on Dec 3, 2002 (gmt 0)

I've even written a util to prefill out an abuse report with headers and a note about the infraction.

Brett, you are amazing. I sit back and watch what you do around here with complete and utter awe.

<Wayne and Garth> We're not worthy! </Wayne and Garth>


 2:42 am on Dec 3, 2002 (gmt 0)

I agree with "WebManager" who posted about legitimate emails being blocked by "spam killer" companies.

Unfortunately the "spam" name-game is becoming mob rule, where a few people complain and then it becomes a witch-hunt.

Overzealous anti-spam people are more of a menace to me and my business than the "spammers". Obviously I'm against forged headers, hijacking etc. But the spam definition has gotten pushed to be very broad, now it seems if a few just complain about your email then you are a spammer.

In my one run-in so far with SpamCop: 4 complaints out of 2500 emails = one week disruption. Also, I get a lot of people who forget they signed up, changed their mind etc. All this despite an opt-in and email validation procedure.

It's one thing to shut down/shut out abusers who are sending out millions of forged spam emails on hijacked servers advertising erectile dysfunction. It's quite another thing to disrupt legitimate emails from somebody's servers because of a few complaints.

Also I didn't like how I got unsolicited emails from SpamCop which then referred me to a page with advertising on it.

That's spam isn't it?


 3:18 am on Dec 3, 2002 (gmt 0)

>the nigerian scams

Oh No! Don't tell me that after I just transferred $50,000 to the bank account of a Nigerian Prince to help him get his $25,000,000 out of the country!

I reply to repeating e-mail spammers with a "Oh yes please! I want to buy now!" letter with a friendly attachment.

(They'd better have a current version of Norton to scan it first.)


 3:31 am on Dec 3, 2002 (gmt 0)

The problem with Nell's virus return and Crazy_Fool's spam-back solutions is they both presume that the source address is valid.

WebManager's comments are to the heart - I send out a tripple opt-in (yes I call and voice talk to them!), some messages are bounced by overzealous software. For example a message was bounced from a large photo-film maker because the subject contained the word "cocktail party in NY". Guess which word tripped the software up.

BUT I am also very very much aware of the daily bombardment of true spam. I get about 200 a day even with MailWasher, it takes me a good 30 minutes to clean them up.

So what is the solution? I think sending a virus back is too dangerous - it might be spread even further with the next spam...
I would love to have a system that not just scans the message for spam information but actually open about a million connections to the spamming mail server immediately while the spam is flowing in, and completely halt the spam.


 4:09 am on Dec 3, 2002 (gmt 0)

Twice or more a week I get a complaining mail in my inbox about a newsletter we send out about once a month. Generally these guys will threaten us with all manner of mayhem; generally they fall into two categories:

1) Mailing lists from one of our cobrand partners where we're mentioned, prominently or otherwise. We have no control over these.
2) Lusers who signed up for an account on our site who couldn't bother to uncheck the "Please send me your newsletter" checkbox on the signup page.

I have some sympathy for (1), but not much; generally, I have a suspicion that they are category (2) for our cobrand partners (i.e., someone who could have opted out but elected not to). We don't spam; we have no reason to, as it means reduced effectiveness of our site and added headaches for us. I only wish the people who keep roaring for our heads would think about that.

I do get a lot of spam in my inbox -- Nigerian scams, various organ enlargement scams, MLM scams, dating services (one recent one in French, no less!), and stock scams by the railroad car. I get Chinese/Korean/Japanese stuff I can't even read, and guys trying to sell me spamming software and e-mailing lists. My favorite is this one outfit that produces link farms under a hundred or more domains. It's always the same form letter pointing to an identically formatted link farm asking for reciprocal links. Their domains are always registered to the same guy in the same office in some podunk California town. I have, on occaision, half a mind to call this guy up and ask him why he thinks I'd even consider such a thing.

Spamassassin is your friend. 99% of it ends up in my spam folder.


 4:49 am on Dec 3, 2002 (gmt 0)

Spam is intrusive and unwanted. Unsolicited email because one forgot to "check a box" is intrusive and unwanted. This problem will have to be dealt with because it makes a mockery of the web. Spam is for shysters and carpetbaggers.

I think:
1) The law will track these people down and prosecute them.
2) The public will use hacking and phreaking to wipe them out.(Although this has no judge or jury and the law may track them down as well)
3) We will accept something in-between that MS develops for Outlook such as junkmail filters.(of course this means we would have to allow their junk mail)


 9:48 am on Dec 3, 2002 (gmt 0)

>3) We will accept something in-between that MS develops for Outlook such as junkmail filters.(of course this means we would have to allow their junk mail)

Please think for yourself before relying on others. There are lots of ways to avoid incoming spam already. One option: Use SpamAssassin (already mentioned and very, very good), Vipul's Razor, and your filters.

I once saw someone state "If you want spam, then do nothing - the tools are there to avoid it". I once thought that this was arrogance. Now I agree with it as with the above combination I can eliminate 99.99% of spam.


 9:49 am on Dec 3, 2002 (gmt 0)

I just got an email to my hotmail account from MSN promoting their MSN pay for email service.

Ironically, they sent me unsolicited mail, ie spam, with the following subject line....

"Slamming spam is the best revenge do it now! "

....well, OK then...



 1:11 pm on Dec 3, 2002 (gmt 0)

There was an article on CNN last night. They claim that the average user will get 2300 spam
email messages in 2003.

Running a commerical site with a public email address, I would be happy to only recieve 2300 spam emails in 2003.


 6:14 pm on Dec 3, 2002 (gmt 0)


I do take pride in getting particular spammers' accounts canceled. By the time I've taken the trouble to read the source of the message, decipher the headers to determine the true source of the message, and send a notification to their ISP, I don't think there's any chance left that I'm getting an innocent person's account canceled.

I don't know what my kill ratios are. Half the messages I send out to ISPs never get a response, and of the ones that do respond, about 90% are automated "we received your message, someone will read it, please make sure you included full headers" messages. Very occasionally I get a note back telling me that the account of the person responsible has been terminated. Since I'm very careful to make a clear case and include full headers, I assume more than that actually do get canceled.


 8:30 pm on Dec 3, 2002 (gmt 0)

Dear various,

It is my *customer e-mail confirmations* that are being blocked! I have never sent out spam - in fact, I object to unsolicited mail so strongly that I don't even contact my past customers, and indeed promise that I won't in my privacy policy.

But due to what appears to be a "whole block" punitive spam blacklist - aimed at the person who owns the servers I rent from my shop software developers (who are equally innocent!) - my proper functioning is being affected.

Although its an emotive word my fellow web people, it is like a sort of terrorism - you hit enough innocent folks like me, and the big guys get the message!

Totally unfair - and in danger of closing down e-comms if these equally unregulated spam police get too out of hand!

(p.s. I keep getting "spam" from my major UK ISP Btinternet.com - asking me to sign up for a bl**dy spam filter service! It occurred to me that if I signed up, I might lose all of my e-mails to myself..)


 8:47 pm on Dec 3, 2002 (gmt 0)

I see legitimate email subscriptions blocked.
I am a webmaster for several organizations of over 10,000 web logins.

AOL and then the others, began dumping email after the first 32 were delivered to their server.
e.g. The first 32 were delivered, and the rest of the members complained that they were not receiving their digests. Drove me crazy(er) at first.


 8:58 pm on Dec 3, 2002 (gmt 0)


your originating "a hunting we will go.." call to arms against spam:

41 Spammers Reported
12 ISP kills.
What can I do to better the odds of a successful report to an ISP and get the spammer booted?

Has opened up a lot of wounds. Would you care to comment further on this Net machismo, given the light now being cast in this thread on the damage now being done to legitimate and innocent users by the unregulated spam-police?


 9:19 pm on Dec 3, 2002 (gmt 0)

I didn't think that I was very vigilant this year, but I just checked and found that I have five confirmed kills so far, out of roughly three times as many reports. But then, I primarily report european spammers, which makes things easier. I also had an interesting run-in with the french chamber of commerce here in Germany, but I believe they have learned their lesson in the process...

If your ISP doesn't terminate the spammer on the IP block next to yours, then you'll have to complain to them. If they managed to get their complete IP range banned that way, then they're not providing you the service you're paying for.

Hunting down spammers will never harm any innocent bystanders, if it is done correctly (and I trust Brett with that). It will simply reduce the amount of spam sent, at least temporarily.

The most collateral damage is caused by naive (or outright stupid) filtering software, that triggers on the first incidence of specific words in the message text. My own filters primarily operate on formal aspects of the message headers, and are surprisingly effective, as most spam software leaves its characteristic "signature". Ask any good cloakers how they detect new and unknown spiders, and you'll get the idea. Keyword filtering of the message text is only useful as a very last line of defense, and should never bounce or discard a message, only file them seperately for later review.

2) Lusers who signed up for an account on our site who couldn't bother to uncheck the "Please send me your newsletter" checkbox on the signup page.

Finding a newsletter subscription prechecked on a form that I am filling out for a completely different purpose will severely damage the reputation of that site in my eyes. I'm not surprised at all that you're getting complaints, and I consider those completely justified.

This 72 message thread spans 3 pages: 72 ( [1] 2 3 > >
Global Options:
 top home search open messages active posts  

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved