Forum Moderators: open
What can I do to better the odds of a successful report to an ISP and get the spammer booted?
Now, the state is proposing this legislation to curb email spam:
[mdn.org...]
I will work for its passage and hope it is as effective as the Missouri phone spam law when it is passed.
Yahoo - always pretty quick in shutting their accounts down
MSN - lots of autogen-mails back from them telling me to make sure from them etc etc - eventually most accounts seem to be shut down...
Excite - Their abuse@ address always seems full and my report is bounced back to me
Lycos - slow to do anyhthing if anything...
-- therefore I find it depends who you are reporting to that makes the big difference..
[spamhaus.org...]
Don't sound so proud "spam killers" - you're destroying the Internet.
Wait until your e-mails are returned - and you'll realise how dangerous and indiscriminate this is getting!
I've never received legitimate spam.
Long ramble on what I do ahead...
I have a fairly elaborate system in place. I have my own domain (finally) and I want to route all my email through it but that will never happen as certain free web mails don't let you forward on or download the mail, I want those accounts to die but people still write me there...
So mail comes to my domain, SpamAssassin processes and labels it. I download it in MailSmith, I filter the SpamAssassin labeled mail to my Spam? folder. I also have three rules based Spam filters. One for from address, one for subject, and one for body text looking for spam as well. Mail caught by these rules is moved into the Spam? folder.
Then the SpamSeive filter (a recent find) is run and any mails it doesn't like are moved to Spam? folder. Before I run black lists I have some minimal white lists, but so far only SpamAssassin has had a false positive, but I have yet to have it running that long due to web host issues.
Then on about a weekly basis I go over the mail in my Spam? filter and report them all to SpamCop with a single click.
SpamSeive uses Bayesian spam filtering so I'm continually training it. SpamAssassin is controlled by my budget webhost. My own filters took time to set up and maintain but now that I have SpamSeive I haven't updated them in a week or two.
Roughly 1 or 2 Spams still get through a day. Really short bodies give SpamSeive problems for instance. When I get all three running concurrently I hope to have an almost spam free inbox, this should happen on Dec. 8th according to my web host.
As for kill ratio I don't know as SpamCop handles that. All but the SpamAssassin (which we have running at work now too, (on an OS X box)) runs on Mac OS X.
My university's domain once got put in a black hole that igcom.net subscribed too, this was several years back and I had to get an iname.com account to post to my favorite mailing list so I'm all too familiar with being blacklisted. That said I report every spam I get and have since I bought MailSmith, to SpamCop.
Muskie
I think you missed WebManager's concern, the problem of spam-fighting tactics that interfere with the delivery of legitimate email.
Over-eager filtering can (and does) create a whole new set of problems.
[edited by: buckworks at 11:43 pm (utc) on Dec. 2, 2002]
If, OTOH, you're reporting individuals to their ISPs to have their individual accounts shut down, it ought to be very easy to prove it wasn't you who sent the offending email if you get wrongly penalized, just by checking ISP mail server logs and showing faked headers.
[edited by: mivox at 11:54 pm (utc) on Dec. 2, 2002]
I don't trust anyone except myself to filter my mail.
you've had a much better success rate than most people i know. i gave up reporting spammers and now i use the "close to perfect ban list" to get spammers added to spam lists.
[webmasterworld.com...]
in theory, anyone sending me spam will get a lot of spam in return. if more of us do it, spammers could find their business mailboxes unusable within days because they end up on so many spam lists.
I've even written a util to prefill out an abuse report with headers and a note about the infraction.
Brett, you are amazing. I sit back and watch what you do around here with complete and utter awe.
<Wayne and Garth> We're not worthy! </Wayne and Garth>
Unfortunately the "spam" name-game is becoming mob rule, where a few people complain and then it becomes a witch-hunt.
Overzealous anti-spam people are more of a menace to me and my business than the "spammers". Obviously I'm against forged headers, hijacking etc. But the spam definition has gotten pushed to be very broad, now it seems if a few just complain about your email then you are a spammer.
In my one run-in so far with SpamCop: 4 complaints out of 2500 emails = one week disruption. Also, I get a lot of people who forget they signed up, changed their mind etc. All this despite an opt-in and email validation procedure.
It's one thing to shut down/shut out abusers who are sending out millions of forged spam emails on hijacked servers advertising erectile dysfunction. It's quite another thing to disrupt legitimate emails from somebody's servers because of a few complaints.
Also I didn't like how I got unsolicited emails from SpamCop which then referred me to a page with advertising on it.
That's spam isn't it?
Oh No! Don't tell me that after I just transferred $50,000 to the bank account of a Nigerian Prince to help him get his $25,000,000 out of the country!
I reply to repeating e-mail spammers with a "Oh yes please! I want to buy now!" letter with a friendly attachment.
(They'd better have a current version of Norton to scan it first.)
WebManager's comments are to the heart - I send out a tripple opt-in (yes I call and voice talk to them!), some messages are bounced by overzealous software. For example a message was bounced from a large photo-film maker because the subject contained the word "cocktail party in NY". Guess which word tripped the software up.
BUT I am also very very much aware of the daily bombardment of true spam. I get about 200 a day even with MailWasher, it takes me a good 30 minutes to clean them up.
So what is the solution? I think sending a virus back is too dangerous - it might be spread even further with the next spam...
I would love to have a system that not just scans the message for spam information but actually open about a million connections to the spamming mail server immediately while the spam is flowing in, and completely halt the spam.
1) Mailing lists from one of our cobrand partners where we're mentioned, prominently or otherwise. We have no control over these.
2) Lusers who signed up for an account on our site who couldn't bother to uncheck the "Please send me your newsletter" checkbox on the signup page.
I have some sympathy for (1), but not much; generally, I have a suspicion that they are category (2) for our cobrand partners (i.e., someone who could have opted out but elected not to). We don't spam; we have no reason to, as it means reduced effectiveness of our site and added headaches for us. I only wish the people who keep roaring for our heads would think about that.
I do get a lot of spam in my inbox -- Nigerian scams, various organ enlargement scams, MLM scams, dating services (one recent one in French, no less!), and stock scams by the railroad car. I get Chinese/Korean/Japanese stuff I can't even read, and guys trying to sell me spamming software and e-mailing lists. My favorite is this one outfit that produces link farms under a hundred or more domains. It's always the same form letter pointing to an identically formatted link farm asking for reciprocal links. Their domains are always registered to the same guy in the same office in some podunk California town. I have, on occaision, half a mind to call this guy up and ask him why he thinks I'd even consider such a thing.
Spamassassin is your friend. 99% of it ends up in my spam folder.
I think:
1) The law will track these people down and prosecute them.
2) The public will use hacking and phreaking to wipe them out.(Although this has no judge or jury and the law may track them down as well)
Or
3) We will accept something in-between that MS develops for Outlook such as junkmail filters.(of course this means we would have to allow their junk mail)
Please think for yourself before relying on others. There are lots of ways to avoid incoming spam already. One option: Use SpamAssassin (already mentioned and very, very good), Vipul's Razor, and your filters.
I once saw someone state "If you want spam, then do nothing - the tools are there to avoid it". I once thought that this was arrogance. Now I agree with it as with the above combination I can eliminate 99.99% of spam.
Ironically, they sent me unsolicited mail, ie spam, with the following subject line....
"Slamming spam is the best revenge – do it now! "
....well, OK then...
JOAT ;)
Running a commerical site with a public email address, I would be happy to only recieve 2300 spam emails in 2003.
I do take pride in getting particular spammers' accounts canceled. By the time I've taken the trouble to read the source of the message, decipher the headers to determine the true source of the message, and send a notification to their ISP, I don't think there's any chance left that I'm getting an innocent person's account canceled.
I don't know what my kill ratios are. Half the messages I send out to ISPs never get a response, and of the ones that do respond, about 90% are automated "we received your message, someone will read it, please make sure you included full headers" messages. Very occasionally I get a note back telling me that the account of the person responsible has been terminated. Since I'm very careful to make a clear case and include full headers, I assume more than that actually do get canceled.
It is my *customer e-mail confirmations* that are being blocked! I have never sent out spam - in fact, I object to unsolicited mail so strongly that I don't even contact my past customers, and indeed promise that I won't in my privacy policy.
But due to what appears to be a "whole block" punitive spam blacklist - aimed at the person who owns the servers I rent from my shop software developers (who are equally innocent!) - my proper functioning is being affected.
Although its an emotive word my fellow web people, it is like a sort of terrorism - you hit enough innocent folks like me, and the big guys get the message!
Totally unfair - and in danger of closing down e-comms if these equally unregulated spam police get too out of hand!
(p.s. I keep getting "spam" from my major UK ISP Btinternet.com - asking me to sign up for a bl**dy spam filter service! It occurred to me that if I signed up, I might lose all of my e-mails to myself..)
AOL and then the others, began dumping email after the first 32 were delivered to their server.
e.g. The first 32 were delivered, and the rest of the members complained that they were not receiving their digests. Drove me crazy(er) at first.
your originating "a hunting we will go.." call to arms against spam:
41 Spammers Reported
12 ISP kills.
What can I do to better the odds of a successful report to an ISP and get the spammer booted?
Has opened up a lot of wounds. Would you care to comment further on this Net machismo, given the light now being cast in this thread on the damage now being done to legitimate and innocent users by the unregulated spam-police?
If your ISP doesn't terminate the spammer on the IP block next to yours, then you'll have to complain to them. If they managed to get their complete IP range banned that way, then they're not providing you the service you're paying for.
Hunting down spammers will never harm any innocent bystanders, if it is done correctly (and I trust Brett with that). It will simply reduce the amount of spam sent, at least temporarily.
The most collateral damage is caused by naive (or outright stupid) filtering software, that triggers on the first incidence of specific words in the message text. My own filters primarily operate on formal aspects of the message headers, and are surprisingly effective, as most spam software leaves its characteristic "signature". Ask any good cloakers how they detect new and unknown spiders, and you'll get the idea. Keyword filtering of the message text is only useful as a very last line of defense, and should never bounce or discard a message, only file them seperately for later review.
2) Lusers who signed up for an account on our site who couldn't bother to uncheck the "Please send me your newsletter" checkbox on the signup page.
Finding a newsletter subscription prechecked on a form that I am filling out for a completely different purpose will severely damage the reputation of that site in my eyes. I'm not surprised at all that you're getting complaints, and I consider those completely justified.
