Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Causing spammers serious pain
View unanswered posts
View posts from last 24 hours

Goto page 1, 2  Next  
Reply to topic    Gentoo Forums Forum Index Off the Wall
View previous topic :: View next topic  
Author Message
Lovechild
Advocate
Advocate


Joined: 17 May 2002
Posts: 2858
Location: Århus, Denmark

PostPosted: Wed May 28, 2003 12:11 pm    Post subject: Causing spammers serious pain Reply with quote

during some downtime I was surfing /. comments (always good for wasting time) and I found this article.

http://www.martiansoftware.com/articles/spammerpain.html

Now basically this is about doing what I've been thinking about for a long time - instead of everyone wasting ressources running SpamAssassin, bogofilter etc. to get rid of spam - we should be causing the spammer harm. Thus enabling us to solve the problem using the simple rules of ecoonmy, if their income is approaching negative, there's a good chance they will stop (or think of a way around this - which in my understanding should be hard).

What do you guys think ?
Back to top
View user's profile Send private message
iKiddo
Guru
Guru


Joined: 27 Jun 2002
Posts: 329
Location: Europe?

PostPosted: Wed May 28, 2003 12:53 pm    Post subject: Reply with quote

It sounds good, but I think it will only work if some of the providers start using it. And it would be hard talking them into using this.

Edit: I haven't read all of the article (I stopped a bit after he started about TarProxy), but won't this also hurt the mailservers? It will at least make the number of connections go up quite a bit, right?
Back to top
View user's profile Send private message
krusty_ar
Guru
Guru


Joined: 03 Oct 2002
Posts: 560
Location: Rosario, Argentina

PostPosted: Wed May 28, 2003 1:06 pm    Post subject: Reply with quote

I think it's a great idea, in the future, all anti-spam solutions should be preventive (aggresive) and posibly distributed.
Actually, if there weren't open relays, you could just ddos spam servers just minues after they go active
_________________
I am Beta, don't expect correct behaviour from me.
Take part of the adopt an unaswered post initiative
Back to top
View user's profile Send private message
jkcunningham
l33t
l33t


Joined: 28 Apr 2003
Posts: 649
Location: 47.49N 121.79W

PostPosted: Wed May 28, 2003 9:45 pm    Post subject: Reply with quote

I think this is a TERRIBLE idea. What it would do is give the spammers direct, immediate feedback on the algorithms used to detect them so that they can tailor the text of their spam to get through. It would end up defeating the whole purpose of statistical identification of spam. All they would have to do is tweak their messages till they got higher throughput rates and it would *defacto* increase our false-positive rate. The only thing we have going for us now is that they have no idea how well we can filter them out. With this system they would have feedback. I already get a few false-positives I never used to get - messages with only tiny amounts of text, no html, not a lot of blather, conversational. They will all be that way soon if a system like this gets widely implemented.

They will always be ahead, for the same reason that copy protection schemes will always be broken: there's more of them then people writing schemes, and they have a profit motive.

Summary: TERRIBLE IDEA. DONT DO IT.

-Jeff
Back to top
View user's profile Send private message
Lovechild
Advocate
Advocate


Joined: 17 May 2002
Posts: 2858
Location: Århus, Denmark

PostPosted: Wed May 28, 2003 10:29 pm    Post subject: Reply with quote

that leaves the one sure method to stopping spam.

beat anyone who buys stuff from spammail with large sticks - thus removing the spammers income little by little - I'm betting people would rather live without penis enlargement magic cures than with several broken bones and a cracked scull
Back to top
View user's profile Send private message
gsfgf
Veteran
Veteran


Joined: 08 May 2002
Posts: 1266

PostPosted: Wed May 28, 2003 11:30 pm    Post subject: Reply with quote

1) Colelct list of spammer IPs.
2) DDOS them for 24hrs. Make a program like SETI@HOME to ue unused network traffic to ddos spammers. I'd do it(use the program, i already tried to make one and decided i suck at programming)
3) less spam.
_________________
Aim:gsfgf0
Back to top
View user's profile Send private message
puggy
Bodhisattva
Bodhisattva


Joined: 28 Feb 2003
Posts: 1992
Location: Oxford, UK

PostPosted: Wed May 28, 2003 11:50 pm    Post subject: Reply with quote

Lovechild wrote:
that leaves the one sure method to stopping spam.

beat anyone who buys stuff from spammail with large sticks - thus removing the spammers income little by little - I'm betting people would rather live without penis enlargement magic cures than with several broken bones and a cracked scull


Like I've always said, just give me a carbine and a very large box of ammo, a list of address' and a free pardon.... no problem...
_________________
Where there's open source , there's a way.
Back to top
View user's profile Send private message
Matje
l33t
l33t


Joined: 29 Oct 2002
Posts: 617
Location: Hasselt, Belgium

PostPosted: Thu May 29, 2003 12:37 am    Post subject: Reply with quote

jkcunningham wrote:
I think this is a TERRIBLE idea. What it would do is give the spammers direct, immediate feedback on the algorithms used to detect them so that they can tailor the text of their spam to get through. It would end up defeating the whole purpose of statistical identification of spam. All they would have to do is tweak their messages till they got higher throughput rates and it would *defacto* increase our false-positive rate. The only thing we have going for us now is that they have no idea how well we can filter them out. With this system they would have feedback. I already get a few false-positives I never used to get - messages with only tiny amounts of text, no html, not a lot of blather, conversational. They will all be that way soon if a system like this gets widely implemented.

They will always be ahead, for the same reason that copy protection schemes will always be broken: there's more of them then people writing schemes, and they have a profit motive.

Summary: TERRIBLE IDEA. DONT DO IT.

-Jeff

Tools like SpamAssassin are OSS you know... People can freely browse through the code to look at the filters...
_________________
Life is like a box of chocolates... Before you know it, it's empty...
Back to top
View user's profile Send private message
jkcunningham
l33t
l33t


Joined: 28 Apr 2003
Posts: 649
Location: 47.49N 121.79W

PostPosted: Thu May 29, 2003 5:13 am    Post subject: Reply with quote

Sure they can - but most of them don't, I'll warrant. Most don't even know about it, because their primary mark is a windows client. But you start throttling their pipeline and their going to figure it out damn fast, I guarentee it. Every one of them.
Back to top
View user's profile Send private message
DeathRow
n00b
n00b


Joined: 11 May 2003
Posts: 29

PostPosted: Thu May 29, 2003 5:36 am    Post subject: Reply with quote

jkcunningham wrote:
Sure they can - but most of them don't, I'll warrant. Most don't even know about it, because their primary mark is a windows client. But you start throttling their pipeline and their going to figure it out damn fast, I guarentee it. Every one of them.


He's probably a spammer as he's getting scared already...
Back to top
View user's profile Send private message
antik
Apprentice
Apprentice


Joined: 01 Oct 2002
Posts: 212

PostPosted: Thu May 29, 2003 6:13 am    Post subject: Reply with quote

DeathRow wrote:
jkcunningham wrote:
Sure they can - but most of them don't, I'll warrant. Most don't even know about it, because their primary mark is a windows client. But you start throttling their pipeline and their going to figure it out damn fast, I guarentee it. Every one of them.


He's probably a spammer as he's getting scared already...


When I got spam I reply approx. 10000 mails and so long noone send me this shit twice. Maybe my mail address moved to blacklist :twisted: (actually I dont use my address to reply). Looks like I am spammer too.... :oops:
_________________
"Yes, I know Linux runs faster, but they can do that because they have thrown out the weight of the airbag, collision frame and safety belt." —Poul-Henning Kamp
Back to top
View user's profile Send private message
felicita
n00b
n00b


Joined: 29 May 2003
Posts: 5

PostPosted: Thu May 29, 2003 6:18 am    Post subject: Reply with quote

gsfgf wrote:
1) Colelct list of spammer IPs.
2) DDOS them for 24hrs. Make a program like SETI@HOME to ue unused network traffic to ddos spammers. I'd do it(use the program, i already tried to make one and decided i suck at programming)
3) less spam.


not quite wise :twisted:

i got a box running an smtp server. spammers use that to flood emails until setting up a pop-before-smtp. my point is not every spammer's ip is the really ip of them, they sometimes are also victims
_________________
oh~~doooom, plz, don't speak Italian to me.
Back to top
View user's profile Send private message
snutte
Apprentice
Apprentice


Joined: 24 Apr 2002
Posts: 181
Location: Sweden, Malmö

PostPosted: Thu May 29, 2003 7:52 am    Post subject: Reply with quote

Quote:

Like I've always said, just give me a carbine and a very large box of ammo, a list of address' and a free pardon.... no problem...


Im with you, gotta sharpen my shooting. Its gone a while since I came out of the army. :)
Back to top
View user's profile Send private message
Ari Rahikkala
Guru
Guru


Joined: 02 Oct 2002
Posts: 370
Location: Finland

PostPosted: Thu May 29, 2003 9:49 am    Post subject: Reply with quote

antik wrote:
When I got spam I reply approx. 10000 mails and so long noone send me this shit twice. Maybe my mail address moved to blacklist :twisted: (actually I dont use my address to reply). Looks like I am spammer too.... :oops:


OUCH. I hope you're joking... since if you aren't, all those innocent people whose addresses spammers have forged their From: headers as hate you if you aren't.
_________________
<laurentius> gentoo linux?
<ari> Yesh.
<laurentius> they look horny
Back to top
View user's profile Send private message
jkcunningham
l33t
l33t


Joined: 28 Apr 2003
Posts: 649
Location: 47.49N 121.79W

PostPosted: Thu May 29, 2003 3:37 pm    Post subject: Reply with quote

Spammers almost never spam from their real point of origin. What do you think the main point of hacking into other people's computers is? Its to set up temporary distribution centers for, basically, illegal activities like spamming which would have their own ISP's shutting them down. Most of the time if you reply to a spammer it just bounces back, so if you reply with "10000" emails, you are flaming yourself with all the returned messages. Pretty dumb. I used to contact the source ISP as near as I could determine it, but found it was basically futile - a waste of time. The few spams that have enough true info in the header to get that close to their ISP's are located in countries that don't care, run by ISP's that basically exist to sell access to spammers. Best to just block those domains with a blacklist. But all the other spam is just hard to stop at its source. Filtering is the best method, and I sure don't want them having any more insight into it than they already do, which is exactly what they would be forced to have if you throttle their throughput as a function of how much it "looks like spam".
Back to top
View user's profile Send private message
zephyr1256
Apprentice
Apprentice


Joined: 10 Mar 2003
Posts: 170
Location: Kingsport, TN

PostPosted: Thu May 29, 2003 4:09 pm    Post subject: Reply with quote

Well, if spammers try to change their messages to look more 'legitimate', there is still going to be a pattern, and any time we see a message that went into our inbox instead of the spam folder, just check it as such and delete it. Thus the algorithms to detect spam can evolve. I seriously am not convinced, however, that they can change enough to make a significant dent in what gets through the filter or false positives, at least long term, even if they have some feedback. Remember, their motive is try to sell people stuff, so there are going to be some pretty obvious patterns unless they completely abandon their sales pitch in the content of the email, which I think will be less effective at targeting those people that DO read spam.
_________________
The Congress shall have power...To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries; --U.S. Constitution. Article 1, Section 8.
Back to top
View user's profile Send private message
schmuck
n00b
n00b


Joined: 21 May 2002
Posts: 31
Location: sthlm, sweden

PostPosted: Thu May 29, 2003 4:54 pm    Post subject: Reply with quote

You'all might wanna take a look at Daniel Hartmeier's setup for annoying spammers. it is not based on what looks like spam, but on official and local blacklists. It sure looks like a good idea to me and i will setup it up meself in the near future.
http://www.benzedrine.cx/relaydb.html

regards /jens
_________________
rules do not apply to me
Back to top
View user's profile Send private message
antik
Apprentice
Apprentice


Joined: 01 Oct 2002
Posts: 212

PostPosted: Thu May 29, 2003 6:01 pm    Post subject: Reply with quote

Ari Rahikkala wrote:
antik wrote:
When I got spam I reply approx. 10000 mails and so long noone send me this shit twice. Maybe my mail address moved to blacklist :twisted: (actually I dont use my address to reply). Looks like I am spammer too.... :oops:


OUCH. I hope you're joking... since if you aren't, all those innocent people whose addresses spammers have forged their From: headers as hate you if you aren't.


I do not reply to "innocent people" address! I reply to mails with real domain names and of course I read mail header for actual relay.:!:

As ISP myself I deny all spammers request for spam mail hosting.
_________________
"Yes, I know Linux runs faster, but they can do that because they have thrown out the weight of the airbag, collision frame and safety belt." —Poul-Henning Kamp
Back to top
View user's profile Send private message
gsfgf
Veteran
Veteran


Joined: 08 May 2002
Posts: 1266

PostPosted: Thu May 29, 2003 10:35 pm    Post subject: Reply with quote

felicita wrote:
gsfgf wrote:
1) Colelct list of spammer IPs.
2) DDOS them for 24hrs. Make a program like SETI@HOME to ue unused network traffic to ddos spammers. I'd do it(use the program, i already tried to make one and decided i suck at programming)
3) less spam.


not quite wise :twisted:

i got a box running an smtp server. spammers use that to flood emails until setting up a pop-before-smtp. my point is not every spammer's ip is the really ip of them, they sometimes are also victims


If you aren't gonna secure your mailserver, you are as bad as a spammer. I have no pity. Maybe you'll set it up securely next time. There's a reason most ISPs blick port 25 on home user's accounts.
_________________
Aim:gsfgf0
Back to top
View user's profile Send private message
GXTi
n00b
n00b


Joined: 24 May 2003
Posts: 17
Location: Raleigh, North Carolina

PostPosted: Thu May 29, 2003 10:42 pm    Post subject: Reply with quote

aah...good ol' spam...

of course there will always be spamming n00bs who just find an open relay and let loose, but those can be traced back with 0 effort...it's the ones that hack into another machine as a starting point that you have to be careful for.
typically, you rDNS the source, and if it reverses to something significant, its been cracked. otherwise, ddos away :D
_________________
<insert witticism here>
Back to top
View user's profile Send private message
absinthe
Retired Dev
Retired Dev


Joined: 06 Oct 2002
Posts: 111
Location: San Francisco, CA, USA

PostPosted: Sat May 31, 2003 3:29 pm    Post subject: Reply with quote

Matje wrote:
Tools like SpamAssassin are OSS you know... People can freely browse through the code to look at the filters...


This is why you ditch SpamAssassin/Razor for bogofilter and run your own db.

A properly trained bogofilter is much better than SpamAssassin because it's trained on the spam that you get, not Somebody Else's Spam.

Furthermore, it doesn't drag your system through the mud like SpamAssassin does. Sorry, but I don't think that any spam package is worth hearing my CPU fan spin up every time my machine pulls mail. That's ridiculous.

Use bogofilter.
Back to top
View user's profile Send private message
Reciclagem
n00b
n00b


Joined: 17 Mar 2003
Posts: 3

PostPosted: Sun Jun 01, 2003 1:40 am    Post subject: Reply with quote

I know we can't replay the spam mail, so they could know that is a valid mail adress, but I can't resist.

I mail bomb that guys. I have a great colection of nasty pictures I send attached with my mail reply with a great, long text with this words:

S.P-A.M S.UCKS - S.P-A.M S.UCKS - S.P-A.M S.UCKS - S.P-A.M S.UCKS - ...

Repeat hundreds ..., I avoid write spam and any legible word, so this nasty mail pass through any filter. Sometimes I send mails with and without attachment.

Of course I did that when the mail adress looks valid. Some chinese spammer stoped after a long mail bomb session. The famous africa "win a million dolars" spam, I reply with, "yes, I could help you, pleas call me at xx xx xxxxxxxxx, a valid phone number of my city (police department, ...).

The support@microsoft.com is the traditional M$ virus carrier, and, of course, is not valid.

Spam the spammer.
Back to top
View user's profile Send private message
antik
Apprentice
Apprentice


Joined: 01 Oct 2002
Posts: 212

PostPosted: Sun Jun 01, 2003 7:06 am    Post subject: Reply with quote

Reciclagem wrote:
I know we can't replay the spam mail, so they could know that is a valid mail adress, but I can't resist.

Of course I did that when the mail adress looks valid. Some chinese spammer stoped after a long mail bomb session. The famous africa "win a million dolars" spam, I reply with, "yes, I could help you, pleas call me at xx xx xxxxxxxxx, a valid phone number of my city (police department, ...).


Hmm.. really good idea. :idea:
_________________
"Yes, I know Linux runs faster, but they can do that because they have thrown out the weight of the airbag, collision frame and safety belt." —Poul-Henning Kamp
Back to top
View user's profile Send private message
jkcunningham
l33t
l33t


Joined: 28 Apr 2003
Posts: 649
Location: 47.49N 121.79W

PostPosted: Sun Jun 01, 2003 4:14 pm    Post subject: Reply with quote

Absinthe is seriously behind on SpamAssassin. Since at least 2.50 it runs Bayes tests - same as bogofilter. There's probably little difference now. It trains on my particular spam (and ham) quite nicely. I've never noticed the load. Maybe there's a difference if you're a mail gateway or something, but for small LAN's I doubt you can quantify it.
-Jeff
Back to top
View user's profile Send private message
absinthe
Retired Dev
Retired Dev


Joined: 06 Oct 2002
Posts: 111
Location: San Francisco, CA, USA

PostPosted: Sun Jun 01, 2003 9:51 pm    Post subject: Reply with quote

jkcunningham wrote:
Absinthe is seriously behind on SpamAssassin. Since at least 2.50 it runs Bayes tests - same as bogofilter. There's probably little difference now. It trains on my particular spam (and ham) quite nicely. I've never noticed the load. Maybe there's a difference if you're a mail gateway or something, but for small LAN's I doubt you can quantify it.
-Jeff


This is entirely quantifiable. You should know I only stopped using SpamAssassin entirely (on all boxes) approximately 1 month ago.

The performance difference is significant, and that's because bogofilter is written in C and uses sleepycat as a database engine. This combination is an order of magnitude faster than SpamAssassin's considerably slower perl code.

The bayesian algorithm in SpamAssassin is not the same, nor as tuned as it is in bogofilter (which uses Robinson-Fisher). You would do well to do more research on this subject before suggesting that I'm wrong here.

Any bayesian mail filter is only as good as you train it -- but not all bayesian filters are created equal -- either in how well they work or how fast they work.

Since switching to bogofilter entirely, I have experienced a significant drop in false negatives over SpamAssassin 2.53. bogofilter also runs transparently in the background taking up no CPU at all.

If you haven't noticed then you don't get much mail... or much spam, then SpamAssassin is probably fine for you. If you get as much mail as I do and my organizations do, you need a more adaptable and scalable system -- and bogofilter is it. At least, until something better comes along...
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Off the Wall All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum