The quickest, meanest, most effective thing you can do is ignore them.

100+ spam emails a day is nothing. I get at least 200. I'm sure some people here get 1000's of spam mails a day and just throw them out and get on with their lives.

You don't really want to join them and become one of them do you?

Ska

I feel your pain!

It's easy to say just throw them out but these emails are sent by some of the lowest, most despicably unscrupulous people in the business. They send all sorts of viruses, worms, etc. to people knowing full well that they are causing people major trauma and costing them £££s to get their PCs fixed.

They send the vilest spam to email lists that they know include minors and they don't give a **** about this. The feel that the law does not apply to them because they know that they can get away with it.

It really is quite sad that this has been allowed to go on for all these years and we are no closer to a solution. It really is high time something positive was done about it because it gets so frustrating having to deal with it. I reckon I spend about 15 to 30 minutes a day on this and this is time that I can ill afford.

Isn't there someone out there that can come up with a scheme that can stop this? It's hard to believe that in the fifteen or more years that this has been going on the situation has been allowed to get steadily worse. Perhaps it's now time for email postage stamps. I would happily pay to get rid of these scum.

There are two solutions that seem to be only partly effective.

1. Systems that only allow pre-screened emails
2. Creating disposable email addresses (plan to use them for a certain time)

I have the following emails:

junk@mydomain.com
red@mydomain.com
orange@mydomain.com
blue@mydomain.com
green@mydomain.com

...for various levels of harvester exposure. After a while, I'll just toss one and make another. But this makes life hard when you "discontinue" an address. It's currently impossible to leave a "forwarding address" that passes a captcha test as well.

I still occasionally, like 5 times a year, use my old university email address (13 years old) and I'm still getting spammed there. Probably the same spammers from 13 years ago. That drives me crazy. It is currently WAY to easy for them to abuse people, with virtually NOTHING that can be done to stop it, or fight it, or seek retribution.

[edited by: physics at 9:11 pm (utc) on Nov. 6, 2006]
[edit reason] Let's keep it civil... [/edit]

I don't know how much spam is sent from infected personal computers, but ISPs could easily stomp on this by scanning outgoing mail, and blocking the affected computer for 24 hours whilst at the same time sending an email with links to various security software such as ZoneAlarm and AVG.

To allow emails to be sent (whilst otherwise blocked) a special code could be added to the subject (by the user) - the ISP could then filter out the code when sending the mail. However, this level of complication is probably not required.

This would not be effective in all cases because many people have email accounts that are not with ISPs but then again, most of those are probably more aware of security anyway.

Kaled.

I don't know how much spam is sent from infected personal computers, but ISPs could easily stomp on this by scanning outgoing mail, and blocking the affected computer for 24 hours whilst at the same time sending an email with links to various security software such as ZoneAlarm and AVG.

Kaled, do you mean send an email to the person who owns the computer? If so I am not sure that this would be totally effective. The problem now is that just about everyone seems to have a computer and not many of them are fully aware of the problems they are causing. The may not even understand the email?

The email would have to read something like this...

Your computer appears to be infected with a virus and is being used to send spam email. Your account will be restricted for 24 hours - you will be able to receive email during this period but not send it.

If you urgently need to send an email, you may do so through the internet. Visit webmail.thisisp.com

We recommend that you install and/or update antivirus and firewall software. You may find the links below useful.

If this procedure were followed each time a spam email from a personal computer was detected, it would make a significant difference.

Kaled.

Unfortunately, I've received thousands of phishing emails that are worded almost exactly like that. :-(

Yep, I've seen plenty of the same too, but users would be able to validate it by sending an email - it would immediately fail.

It's even possible that client-side spam filters would bin such an email - now that would be ironic.

However, if you take the view that most infected computers belong to gullible people, the fact that this email would look suspicious to you and me, etc. would not be important.

Kaled.

I use spam filtering software right on my server.. maybe 1 spam message gets delivered to me per day, and about 200+ (on my account) get filtered. Sure, it's annoying that my server still has to filter it, but atleast i dont get it in my inbox (or my Blackberry, which was a huge pain in the a$$)

My filter also sends me daily reports with a list of the emails incase (rarely) it filters a client's or other legit email. I can then release/whitelist the person right from the email report, which is very nice.

Yes, still *some* work but a heck of a lot better than getting them delivered to my pc's and mobile device!

If this procedure were followed each time a spam email from a personal computer was detected, it would make a significant difference.

I agree. This is a great suggestion but I would make it more than 24 hours. The people who are affected by this are likely to be those who use their PCs less often. Perhaps it should an indefinite ban on sending mail until they sort things out?

Your computer appears to be infected with a virus and is being used to send spam email. Your account will be restricted for 24 hours - you will be able to receive email during this period but not send it.

If you urgently need to send an email, you may do so through the internet. Visit webmail.thisisp.com

Spammers would just start sending out loads of emails that look exactly like this except with their web site hidden where 'webmail.thisisp.com' should be, and probably links to free firewall software that's actually spyware. As menioned they already do stuff like this anyway.

Whilst it is accurate to state that such an email message as I have suggested would appear to be phishing and it is also likely that spammers would send out similar emails, logically, neither of these is relevant.

1) The essence of the suggestion is that ISPs scan emails that are being sent and disable accounts sending spam. Provided the rate of false positives was very low, I presume no one here is actually going to argue against this.
2) If an account is disabled, a notification and explanation must be sent.
3) Irrespective of whether the message appears to be phishing or not, and irrespective of whether false messages are sent by spammers, by disabling accounts, spam will be reduced - this is an incontravertible fact.

Kaled.

My ISP blocks outgoing port 25 access of all customers who have their PCs infected with spamware. The port 25 access keeps blocked until the customer has cleaned the PC. The ISP uses this policy some years now and it has been very effective to keep the network free from spam sources. Many other ISPs have setup their routers in such a way that port 25 access to destinations outside of the ISP network is blocked, which forces the customers to use one of the ISP's relay hosts. These relay hosts have often spam and/or virus scanners installed.

My personal experience is that blocking at the receiving SMTP server can also be very effective. With a combination of solutions, I have reduced the number of 200+ spam messages each day to only one or two that reach my inbox. Most spam is rejected by the mail server before it is even delivered, because of non-RFC compliance or IP blacklists. The handful that gets through this first line of defence is screened by the Basyesian filtering in Spamassassin.