WARNING: "gochange.com" spam
SlinkyToy
dfw.forsale. Just got a spam from "gochange.com" quoting said post and
blahblahbla.
Either the spammers are smartening up their software to strip out antispam
measures from return addresses, or somebody is paying a real human to vett
the return addresses.
Either way, I dunna like it.
Doug McLaren
SlinkyToy <sli...@do.fysh.not.org.spam> wrote:
| I posted a FS notice a few days ago on austin.forsale, sat.forsale and
| dfw.forsale. Just got a spam from "gochange.com" quoting said post and
| blahblahbla.
|
| Either the spammers are smartening up their software to strip out antispam
| measures from return addresses
It's not like this is hard.
Given perl, a few thousand addresses pulled from Usenet and 15
minutes, I could make a program to de-spammify 70% of the
`spam-proofed' email addresses out there correctly. In 30 more
minutes I could probably get 15% more, and in another hour another 5%.
Spammers are usually pretty stupid, but when there's money involved
it's not hard to find somebody `smarter' who can do simple stuff like
this for them. And even smart people occasionally go over to the dark
side :)
| or somebody is paying a real human to vett the return addresses.
You don't need a human for long. He doesn't need to check every
address, just a small sample and use that to tweak the un-spammifying
routines as needed. Repeat every few weeks.
| Either way, I dunna like it.
I don't either. But what can you do, short of hiding your address
entirely (using do...@spam.me or something similar) or making
`unspammifing instructions' that are hard to follow (remove every
third `e' from my address ... blech!)
Currently, unspammifying 90% of the `spamproofed' address out there
automatically is pretty simple. I guess the best thing you can do is
be a part of the remaining 10%.
Something like this -- I'm dou...@frenzy.com. So I could put
something like d4651...@frenzy.com as my address, and tell people
to remove the numbers from my address. Simple to follow, but not
something that a spammer can do (because many addresses DO have
numbers.)
Oh -- I've seen no evidence that spammers actually check the bodies of
posts for email addresses (and yes, I've looked for this evidence.)
In theory they certainly could, and there's probably some spammer out
there who's tried, but since they can get From: headers 1000 times as
fast as bodies, they almost always just grab the From headers and
don't worry about the rest. So you could put something totally bogus
in the From: field, and put your real address in the body, obfuscated
slightly if you're paranoid -- but not in a way that's easy to
automatically remove.
--
Doug McLaren, dou...@frenzy.com
"The stupider it looks, the more important it probably is."
- J.R. "Bob" Dobbs, The Book of the SubGenius
SlinkyToy
filters.
I could do it to (and have) in under 30 minutes. Apparently spammers aren't
as intelligent as some of us.
"Doug McLaren" <dou...@frenzy.com> wrote in message
news:NTS1a.14874$yn1.9...@twister.austin.rr.com...
Joe D
> Oh -- I've seen no evidence that spammers actually check the bodies of
> posts for email addresses (and yes, I've looked for this evidence.)
They may not check the whole body, they may just check the signature block,
but I've seen it.
I'm on a mailing list that never got spam until some asshole decided he
didn't like some of the people on it, so he put the list's address in his
sig for a couple of weeks.
The list gets spammed several times a day now. The messages don't get
passed on because it's a members-only list, but the owner says it all
started within days of the sig going up, and none of his other lists gets
any spam at all.
This was a couple years ago though, they may have stopped doing it because,
as you say, it's faster and more productive to just grab the "From" header.
Joe D
--
If you ain't what you am, then you aren't what you is.
Dusty Rhodes
I've been trying out a freeware app called MailWasher. Allows Win users to
mark spam at the mail server for deletion before downloading. Has a bunch of
other features, too. My favorite is it allows you to send a server bounce
message in reply to any e-mail with pretty much infinite selectivity.
It's a real bounce message (see test example below, where "one of my various
real addresses" is substituted for, well...). Looks for all the world like
the address *is* invalid. To most people, anyway, and pretty much all
machines.
It's like having infinite target revocable addresses at a single click
without the usual hassles. I've never been a big fan of pop checkers, but I
like this one. Works with Hotmail accounts, too.
Cheers,
Dusty
------begin quote------
X-Apparently-To: throwawayt...@yahoo.com via 216.136.226.179; 10 Feb
2003 18:54:29 -0800 (PST)
Return-Path: <>
Received: from 24.175.39.131 (HELO texas.net) (24.175.39.131) by
mta203.mail.scd.yahoo.com with SMTP; 10 Feb 2003 18:54:29 -0800 (PST)
Date: Mon, 10 Feb 2003 20:54:25 -0600
From: "Mail Delivery Subsystem" <MAILER...@texas.net> | This is Spam |
Add to Address Book
Message-Id: <2003021020...@mx1.texas.net>
To: throwawayt...@yahoo.com
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="QYF8471.1044835200/mx1.texas.net"
Subject: Returned mail: User unknown
Auto-Submitted: auto-generated (failure)
Content-Length: 914
The original message was received at Mon, 10 Feb 2003 20:54:25 -0600
from web20705.mail.yahoo.com [216.136.226.178]
----- The following addresses had permanent fatal errors -----
<one of my various real addr...@texas.net>
(expanded from: <one of my various real addr...@texas.net>)
----- Transcript of session follows -----
mail.local: unknown name: one of my various real addresses
550 <one of my various real addr...@texas.net>... User unknown
------end quote------
Tony
> It's a real bounce message (see test example below, where "one of my various
> real addresses" is substituted for, well...). Looks for all the world like
> the address *is* invalid. To most people, anyway, and pretty much all
> machines.
> It's like having infinite target revocable addresses at a single click
> without the usual hassles. I've never been a big fan of pop checkers, but I
> like this one. Works with Hotmail accounts, too.
A 'real' bounce which really only serves to clog sucker email accounts.
You'll think it's a great idea until you are the person they insert as
the return email. BTDTGTTS and the 20,000+ 'bounces'.
I personally use bogofilter. It's a bayesian type filter that learns
as it goes. You show it what is spam and what isn't and over time it
learns your email patterns. It's actually quite ingenious in its workings.
It's currently running at about 99.5% of spam is correctly idented. I've
had zero false positives in the past two weeks. I've been using it about
six weeks. It takes a few weeks to train but it gets better over time.
I believe there are bayesian type filters for windows also. Just search
for 'spam' and 'bayesian'.
I've also used spamassassin to great success. I found that using both
was overkill.
Tony
Dusty Rhodes
> In austin.internet Dusty Rhodes <te...@spammenottexas.net> wrote:
>
>> It's a real bounce message (see test example below, where "one of my
>> various real addresses" is substituted for, well...). Looks for all
>> the world like the address *is* invalid. To most people, anyway, and
>> pretty much all machines.
>
>> It's like having infinite target revocable addresses at a single
>> click without the usual hassles. I've never been a big fan of pop
>> checkers, but I like this one. Works with Hotmail accounts, too.
>
> A 'real' bounce which really only serves to clog sucker email
> accounts. You'll think it's a great idea until you are the person
> they insert as
> the return email. BTDTGTTS and the 20,000+ 'bounces'.
That might happen if it didn't do a DNS match first, I suppose. Guess we'll
never know, as it does.
Cheers,
Dusty
Doug McLaren
Dusty Rhodes <te...@SPAMMENOTtexas.net> wrote:
...
| > A 'real' bounce which really only serves to clog sucker email
| > accounts. You'll think it's a great idea until you are the person
| > they insert as
| > the return email. BTDTGTTS and the 20,000+ 'bounces'.
|
| That might happen if it didn't do a DNS match first, I suppose. Guess we'll
| never know, as it does.
huh? You'll have to explain to me how DNS (and only DNS) can be used
to determine if
is a valid email address or not. (Yes, I'm aware that's not exactly
the address that you use.)
Here's a hint: it can't be done using only DNS.
You'll also have to explain how the program can determine (using DNS!)
if the email address is really that of the spammer, or of some
innocent victim, or of some username that doesn't exist.
Most spam has a forged From: address -- which means that your program
does nothing but generate extra bounce messages that go somewhere
other than to the spammer.
Several years ago, we (those who got tired of spam) realized that many
spams had totally fake hostnames in their From: addresses. So we set
sendmail to reject any mails where the address didn't resolve.
Stopped a lot of spam and didn't stop much legitimate email. The
spammers have since learned to avoid this, and they just put in a real
hostname -- but it's almost always not their hostname. The username
part isn't so easy to verify, so they can still pick anything for
that.
Here's the From: addresses of the last 15 spams I've received --
From: lon...@yahoo.com
From: 부동산맨<te...@empal.com>
From: 빌몰멸캴@feeding.frenzy.com
From: Sonia Semmens <Linds...@juno.com>
From: <in_ve...@aol.com>
From: Neal CPM <Fost...@eudora.com>
From: "Luz Kirkpatrick" <charla...@jippii.fi>
From: <nicho...@rhohr.ro>
From: "Sonja Tucker" <cyn...@yahoo.com>
From: "Dorothy D'Ingianni" <Ken...@hotmail.com>
From: "Hua Xiong" <cvfgb...@97.polmag.umu.se>
From: George Praeuner <Nath...@hushmail.com>
From: 빌몰멸캴@feeding.frenzy.com
From: "Concepcion Nelson" <adbro...@21cn.com>
From: "Waldo Fox" <adai...@21cn.com>
I'll bet that NONE of these addresses are actually being used by the
spammer in question -- yet every single email address resolves
correctly with DNS. (the frenzy.com addresses I know are invalid --
they come from people connecting to it's sendmail daemons and not
giving a fully qualified email address.)
--
Doug McLaren, dou...@frenzy.com
"The next time you feel like downloading 'The Little Engine That Could'
into a weapon of mass destruction -- DONT!"
Dusty Rhodes
> In article <QQb2a.17359$yn1.1...@twister.austin.rr.com>,
> Dusty Rhodes <te...@SPAMMENOTtexas.net> wrote:
> ...
>
>>> A 'real' bounce which really only serves to clog sucker email
>>> accounts. You'll think it's a great idea until you are the person
>>> they insert as
>>> the return email. BTDTGTTS and the 20,000+ 'bounces'.
>>
>> That might happen if it didn't do a DNS match first, I suppose.
>> Guess we'll never know, as it does.
>
> huh? You'll have to explain to me how DNS (and only DNS) can be used
> to determine if
Actually, I don't have to explain anything. Feel free to ask the good folks
at MailWasher about the technical aspects of their lookup, filtering, etc. I
know that in part it utilizes SpamCop and ORDB - or any other DB you choose.
How, exactly, you'll have to ask them.
I can tell you that immediately upon initiating a bounce, to Yahoo, for
example, I receive a server error - not a reply - if the account is forged
and a different error message if it's already been closed. Also, as I said,
it is infinitely selective, meaning, in part, you can send a bounce in
response to any given spam or not, as you choose.
Cheers,
Dusty
Dusty Rhodes
> I can tell you that immediately upon initiating a bounce, to Yahoo,
> for example, I receive a server error - not a reply - if the account
> is forged and a different error message if it's already been closed.
> Also, as I said, it is infinitely selective, meaning, in part, you
> can send a bounce in response to any given spam or not, as you choose.
More detail: If the address is invalid, I receive a 554 error from Yahoo.
Cheers,
Dusty
Tony
> I can tell you that immediately upon initiating a bounce, to Yahoo, for
> example, I receive a server error - not a reply - if the account is forged
> and a different error message if it's already been closed. Also, as I said,
> it is infinitely selective, meaning, in part, you can send a bounce in
> response to any given spam or not, as you choose.
You failed to say what happens when the acount is a valid account
and belongs to an innocent.
A bounce to Yahoo...how could you or the program possibly know that
that account is bogus or not and whether it belongs to an innocent
bystander? I don't think I've ever seen a spammer use a valid return
email that belongs to them.
I read up on this program and it's nearly useless in the bounce feature.
<http://www.mailwasher.net/faq.php#Bouncing_messages> for those that care.
It sends 'the bounced message back (from, reply to, return path)'. All
these things are nearly always forged in spam. So, what it does is send
bounces to innocents like myself as the owner of a couple of domains.
Thank you for contributing to my overall mail load. Next time familiarize
yourself a little better with your program before claiming you know
how it works.
Tony
Dusty Rhodes
> In austin.internet Dusty Rhodes <te...@spammenottexas.net> wrote:
>
>> I can tell you that immediately upon initiating a bounce, to Yahoo,
>> for example, I receive a server error - not a reply - if the account
>> is forged and a different error message if it's already been closed.
>> Also, as I said, it is infinitely selective, meaning, in part, you
>> can send a bounce in response to any given spam or not, as you
>> choose.
>
> You failed to say what happens when the acount is a valid account
> and belongs to an innocent.
You think my one bounce would really make a difference under the MOUNTAIN of
responses the scenario you describe would bring, do you, genius? Besides,
AFAIK, it's never happened. Not once, not ever, at least to me or as a
result of my actions, nor have I ever gotten a bounce in return.
Give it a rest. Surely there's something more useful - or at least more
entertaining - for you to obsess on.
<snip of more obsessive stuff>
Cheers,
Dusty
Tony
> You think my one bounce would really make a difference under the MOUNTAIN of
> responses the scenario you describe would bring, do you, genius? Besides,
> AFAIK, it's never happened. Not once, not ever, at least to me or as a
> result of my actions, nor have I ever gotten a bounce in return.
Ok, Dusty. If you think sending 'bounces' using that piece of
crap software actually accomplishes anything other than annoying
sysdamins and innocent people you really are an idiot.
> Give it a rest. Surely there's something more useful - or at least more
> entertaining - for you to obsess on.
As far as obsessing, if you think it's obsessing to try to educate
morons, such as yourself apparently, as to how email and spam works
then, yes, I'm obsessing. I do it because I've had to explain to too
many clue-free schmucks that, yes, that spam you got does have my
domain name in it and, no, it wasn't sent from here. I'd give you URLs
that explain how spam works but you'd not read them because you're
never one to let facts slow you down. I could draw you pretty pictures
but I think they'd just confuse you.
Now if you want honest opinions on software that'll do something other
than give you warm fuzzies, let me know. Until then, keep sending your
useless 'bounces'.
Tony
Albert Meyer
news:DXj2a.24604$yn1.1...@twister.austin.rr.com...
> Ok, Dusty. If you think sending 'bounces' using that piece of
> crap software actually accomplishes anything other than annoying
> sysdamins and innocent people you really are an idiot.
>
problems start when one of my company's clients starts sending that shit out
through our mail server. Bounces (and sometimes double-bounces), all
eventually ending up in my postmaster mailbox after clogging up the mail
queue for days, generating email from innocent victims saying stuff like
"Why is your postmaster address spamming me?"
Another problem with spam bouncers is that the fake bounce messages are
mechanically identifiable. So spamware will eventually be able to use these
fake bounces to "validate" the originating address (if it doesn't already).
They will process the fake bounce the same as the responses from the other
morons who pressed the "remove" link.
Spam bouncers are bad, mkay.
Doug McLaren
| "Tony" <to...@nowhere.nu> wrote in message
| news:DXj2a.24604$yn1.1...@twister.austin.rr.com...
| > Ok, Dusty. If you think sending 'bounces' using that piece of
| > crap software actually accomplishes anything other than annoying
| > sysdamins and innocent people you really are an idiot.
| >
| Those "bounce-spam" packages are a huge headache for netadmins.
Agreed.
Though if somebody is spamming with a return address that's yours,
you're already getting zillions of real bounces, so a few more fake
bounces aren't going to hurt much.
| Another problem with spam bouncers is that the fake bounce messages are
| mechanically identifiable.
Agreed. Though mailwasher doesn't seem to think so --
http://www.mailwasher.net/faq.php#Bouncing_messages
Q. Will the spammers know I am bouncing emails?
A. No, the bounced messages look exactly like a returned mail message
you would receive if you sent an email off to a wrong address. There
is no way the spammers can tell it is not genuine.
I guess if you're making software like this and you actually think
it's useful then you're probably not too bright in the first place. I
guess the fact that the bounce will (usually) be coming from a dialup
or dynamic address rather than the mail server isn't a giveaway?
| So spamware will eventually be able to use these fake bounces to
| "validate" the originating address (if it doesn't already).
Well, that would require that the bounces actually make it to the
spammer, which doesn't happen in the vast majority of cases. So no,
while this is possible, it's not likely.
Now, if somebody semi-legit (like SBC, Amazon, Ebay, local politician
etc.) spams you, they're likely to have a valid return address, and
the bounces will go to them, and they'd probably remove you based on
bounces they receive from you. But then again, these are the same
people who would happily remove you if you asked them to.
Big, `legitimate' companies do occasionally suffer from poor judgement
and send out spam (even though they may not think it is), but this
sort of thing makes up a *miniscule* amount of your spam. Most of my
spam claims to come from hot_chyk...@yahoo.com and similar
addresses and they're selling herbal viagra or offering to split
several million Nigerian dollars with me ...
| They will process the fake bounce the same as the responses from the other
| morons who pressed the "remove" link.
|
| Spam bouncers are bad, mkay.
Agreed.
If you want to do something *useful*, use a program that parses the
Received: headers and generates a complaint to the appropriate
addresses.
--
Doug McLaren, dou...@frenzy.com Stop me, before I kill again!
Dusty Rhodes
> In austin.internet Dusty Rhodes <te...@spammenottexas.net> wrote:
>
>> You think my one bounce would really make a difference under the
>> MOUNTAIN of responses the scenario you describe would bring, do you,
>> genius? Besides, AFAIK, it's never happened. Not once, not ever, at
>> least to me or as a result of my actions, nor have I ever gotten a
>> bounce in return.
>
> Ok, Dusty. If you think sending 'bounces' using that piece of
> crap software actually accomplishes anything other than annoying
> sysdamins and innocent people you really are an idiot.
To whom have I sent bounces? To whom do I send bounces? Do I send bounces
willy-nilly in response to anything and everything I deem spam?
If you don't know the answers, but you still rant about that which you know
not, then it is you, sir, who are the idiot.
Cheers,
Dusty
Dusty Rhodes
> If you want to do something *useful*, use a program that parses the
> Received: headers and generates a complaint to the appropriate
> addresses.
If you want to do something useful, don't assume that which you don't know.
You got a problem with that?
I handle spam at the server on a case by case basis. I never said I
automatically send bounces to all suspected spams. I never said that because
that isn't what I do.
In point of fact, I said over and over again that the settings were
infinitely variable. I also said that I used it in place of a target
revocable address. I intentionally avoided more details so as not to
encourage misuse of the app, figuring a bunch of supposedly bright guys
would easily pick up on the obvious. AFAIK, only 1 did. And it ain't anyone
who's commented in this thread.
Apparently you digital ditch digger types just aren't very good at reading
between the lines. Pity, as very few things in this world will be spelled in
complete detail for you.
Cheers,
Dusty
Tony
> To whom have I sent bounces? To whom do I send bounces? Do I send bounces
> willy-nilly in response to anything and everything I deem spam?
Apparently to at least Yahoo.
Dusty: "I can tell you that immediately upon initiating a bounce, to
Yahoo, for example, I receive a server error..."
Who else? WTF cares? It's a useless excersize. If you want to do
something that makes a difference instead of making you feel good
try Spamcop or something of the sort. Run your own mailserver and
refuse connects from open relays and known spamhauses. Until then
keep sending your useless bounces and confirming your address for
spammers.
Tony
Dusty Rhodes
> In austin.internet Dusty Rhodes <te...@spammenottexas.net> wrote:
>
>> To whom have I sent bounces? To whom do I send bounces? Do I send
>> bounces willy-nilly in response to anything and everything I deem
>> spam?
>
> Apparently to at least Yahoo.
Yahoo, isn't a "whom." To whom do you believe I've sent bounces and on what
basis do you believe it?
> Dusty: "I can tell you that immediately upon initiating a bounce, to
> Yahoo, for example, I receive a server error..."
Yes, genius, I set up a *test* account at Yahoo, then blocked it and replied
with a bounce. Even published the bounce received at the test account here
so everyone could see for themselves an actual bounce message generated by
MailWasher.
Miss that entirely, did you? Oh yeah, I bet you're one helluva coder, with
attention to detail like that. Sheesh.
Cheers,
Dusty
Tony
> Oh yeah, I bet you're one helluva coder, with attention to detail
> like that.
Talking about attention to detail. Where did I claim to be a coder? A
sysadmin, yes, never a coder. You do realize there is a difference.
And with that I do something I've put off for a long time wondering
if you'd ever get back to someone who could actually carry on an
stimulating conversation instead of just looking for an argument.
*PLONK*
Tony
Dusty Rhodes
> In austin.internet Dusty Rhodes <te...@spammenottexas.net> wrote:
>
>> Oh yeah, I bet you're one helluva coder, with attention to detail
>> like that.
>
> Talking about attention to detail. Where did I claim to be a coder? A
> sysadmin, yes, never a coder. You do realize there is a difference.
Ah, so you're saying a sysadmin *doesn't* need attention to detail, are you,
genius?
BTW, thanks for filling me in. Always satisfying when a shot in the dark
hits close enough to the mark for the mark to turn on the lights.
Oh, wait. You won't see this 'cause you PLONKed me, right? <giggle>
Cheers,
Dusty
Ken Leander
Ahhh, there goes fake boy, sociopathic, Dusty again.
The poor, lonely lad. He won't acquire the social graces.
He won't investigate his Antisocial Personality Disorder.
Ken
Dusty Rhodes
That yer pree-feshonal opinion , is it, Dr. Doofus?
Cheers,
Dusty
Ken Leander
"Dusty Rhodes" <te...@SPAMMENOTtexas.net> wrote in message
news:ahB2a.6633$in1.3...@twister.austin.rr.com...
....
> > Ahhh, there goes fake boy, sociopathic, Dusty again.
> > The poor, lonely lad. He won't acquire the social graces.
> > He won't investigate his Antisocial Personality Disorder.
>
> That yer pree-feshonal opinion , is it, Dr. Doofus?
You're obvious.
Ken
Dusty Rhodes
Me Dusty. You Doofus.
We clear, now?
Cheers,
Dusty
Ken Leander
"Dusty Rhodes" <te...@SPAMMENOTtexas.net> wrote in message
I know how relentless a sociopath is.
You're not showing me anything new.
And, you're not very good at it.
Where's the vailed threats?
Antisocial Personality Disorder:
http://faculty.ncwc.edu/toconnor/401/401lect16.htm
Rebecca Horton on"The Sociopath."
http://members.tripod.com/lheanna/sociopat.htm
The serial bully:
http://www.successunlimited.co.uk/bully/serial.htm
Characteristics of a psychopath:
http://www.geoffmetcalf.com/psychopath.html
More info on psychopathic personalities:
http://www.geocities.com/lycium7/psychopath.html
Dr. Ken
wer...@ccwf.cc.utexas.edu
well, Dr. Ken, heard of a KILLfile ?!?
I'm tempted to put you next to Dusty in mine...
btw: meet austin.flame
--
._. Austin City Council passes anti-war resolution /"\ ASCII
/v\ | Read All About It Here: | \ / ...
/( )\ | http://www.dailytexanonline.com/vnews/ | X EVERYTHING ELSE
^^ ^^ | display.v/ART/2003/02/07/3e43697351bd9 | / \ IS BLOAT !!
r5
> Who else? WTF cares? It's a useless excersize. If you want to do
> something that makes a difference instead of making you feel good
> try Spamcop or something of the sort. Run your own mailserver and
> refuse connects from open relays and known spamhauses. Until then
Well said! Most of the end-user "spam control" e-mail apps are
just another form of "just hit delete" (JHD). It is much better
to use an e-mail server that actively blocks spam from the source
and continually adapts to changing spam patterns such as what
spamcop, SPEWS, and other blacklists do.
Hitting delete won't stop the spammers. Cutting them off from
our servers initially will.
Dusty Rhodes
> And, you're not very good at it.
> Where's the vailed threats?
So, you're looking for threats that are lowered, dropped, doffed or taken
off in salutation? Interesting.
Cheers,
Dusty
Dusty Rhodes
Actually, MailWasher only marks for bounce by default spams with origins
verified by SpamCop, ORDB, and/or one more of the other spam DBs as you
choose. Possible spams identified heuristically are not marked for bounce by
default. Nor will it send a bounce, even if you check it, if it can't verify
the address first.
It is also has a great deal of flexibility in handling spam. It's not just
an automatic bounce app.
Again, you guys are jerking knees all over for no good reason. From what
I've seen in a few days of testing, it's quite a nicely designed,
responsibly functioning little end-user app. If a user simply installs and
runs with the default settings, only verified sources will receive a bounce.
I saw Doug, IIRC, claim the bounce can be identified by machine. I posted an
example of a MailWasher bounce with full headers. Can anyone point out how
it could be identified, aside from a dynamic IP? Frankly, that seems to me
an awkward and unlikely method for spammers to employ.
I generally hate pop checkers, spam blockers, etc. I've preferred to use
filters and Cloudmark. But so far I'd have to say this thing works pretty
darn well. My actual spam volume is down about a third in less than a week.
Could be just a co-inky-dink. I'm logging every action. I'll take a look at
the numbers again in another week or so.
Cheers,
Dusty
Dusty Rhodes
> On Fri, 14 Feb 2003 01:30:45 GMT, "Dusty Rhodes"
> <te...@SPAMMENOTtexas.net> wrote:
>
>> I generally hate pop checkers, spam blockers, etc. I've preferred to
>> use filters and Cloudmark. But so far I'd have to say this thing
>> works pretty darn well. My actual spam volume is down about a third
>> in less than a week. Could be just a co-inky-dink. I'm logging every
>> action. I'll take a look at the numbers again in another week or so.
>
> clients. You have to download all the headers into Mailwaaher, and
> then (manually or automatically?) filter them before you could use
> your email app to read what was left over.
Yeah, it's not a plugin like Cloudmark. But it will launch your mail app
after processing the mail at the server. Don't remember if this is a
default, but there's a checkbox for it in the general options.
Cheers,
Dusty
universityoftexa s @ austin.rr.com
Doug McLaren
Dusty Rhodes <te...@SPAMMENOTtexas.net> wrote:
| Actually, MailWasher only marks for bounce by default spams with origins
| verified by SpamCop, ORDB, and/or one more of the other spam DBs as you
| choose.
The true `origin' of a spam is found in the Received: headers.
Bounces are sent to the address found in the envelope and/or the
addresses found in the From:/Reply-To: headers.
The first is an IP address. The second is an email address.
Since you can't send a bounce to an IP address, it must be sent to an
email address. How can SpamCop, ORDB, etc. verify an email address?
You could compare the hostname part of the address and make sure it
jives with the Received: headers, but this still isn't a valid test --
it can't verify the username part of the address at all, and lots of
people send legitimate emails where the From: address doesn't bear any
relation to where they send it from.
| Possible spams identified heuristically are not marked for bounce by
| default. Nor will it send a bounce, even if you check it, if it can't verify
| the address first.
You cannot reliably verify an email address without sending an email
and then receiving a reply.
http://www.faqs.org/faqs/www/cgi-faq/section-42.html
covers this but doesn't go into much detail.
Yes, you can verify that the hostname part of the address resolves to
something, and you can even verify that there's mail server listening
on that address or another listed in it's MX records. This won't be
correct 100% of the time, but it'll be close.
Verifying the username part of the address is another matter entirely.
Most servers disable the EXPN and VRFY commands nowadays, so the only
way left to validate the email is to send an email ...
... and even sending the mail isn't good enough. It may be routed to
/dev/null, for example. You need to send a mail and get a reply to
really know that an email address is valid.
| It is also has a great deal of flexibility in handling spam. It's not just
| an automatic bounce app.
Nobody said that was all it does. What we said is that creating
bounces from spams is not effective.
| Again, you guys are jerking knees all over for no good reason.
The knee jerking is all coming from you ... you're getting all
defensive on us, when we're just telling you that this can't be
effective.
| From what I've seen in a few days of testing, it's quite a nicely
| designed, responsibly functioning little end-user app. If a user
| simply installs and runs with the default settings, only verified
| sources will receive a bounce.
How did it verify those sources again? Be specific -- saying `with
ORBS and Spamcop' is not a useful answer.
| I saw Doug, IIRC, claim the bounce can be identified by machine. I
| posted an example of a MailWasher bounce with full headers. Can
| anyone point out how it could be identified, aside from a dynamic
| IP?
How many ways do I have to give? One isn't enough?
Again, if it comes from a dynamic IP, that's a big giveaway. Real
mail servers usually don't use DHCP or dialups. It's not 100%, but
it's pretty close -- most fake bounces from end users would come from
dialup or DHCP addresses, and most real bounces would not.
Short of that, you'd compare the bounce message format to a `real' one
generated by the program that the bouncer is trying to emulate. If
the bouncer did their job right, the two would be identical, but
there's some room for differences that aren't obvious to a user.
| Frankly, that seems to me an awkward and unlikely method for
| spammers to employ.
There's a few problems with this --
1) as mentioned before, SPAMMERS ALMOST NEVER SEE BOUNCES FROM
THEIR OWN SPAMS! The bounces go to some innocent victim or to
a non-existant mailbox in almost all cases.
Sometimes a spammer will register a yahoo.com or hotmail.com
address so they can receive replies to their spam, but these
addresses are almost always shut down almost immediately (by the
ISP itself or by getting full of replies and bounces and going
over quota) so spammers know that this isn't very effective
either, so this is rare.
2) not many people use bouncers. Too much work for most people,
and it doesn't serve any useful purpose in most cases except to make
you feel clever.
| I generally hate pop checkers, spam blockers, etc. I've preferred to use
| filters and Cloudmark. But so far I'd have to say this thing works pretty
| darn well. My actual spam volume is down about a third in less than a week.
Where, exactly, are you sending the bounces to? How are you magically
making sure that they make it back to the spammers?
--
Doug McLaren, dou...@frenzy.com
"One in a million odds happen eight times a day in New York." -- Penn Jilette
Dusty Rhodes
> In article <9FX2a.12919$VI.1...@twister.austin.rr.com>,
> Dusty Rhodes <te...@SPAMMENOTtexas.net> wrote:
>
>> Actually, MailWasher only marks for bounce by default spams with
>> origins verified by SpamCop, ORDB, and/or one more of the other spam
>> DBs as you choose.
>
> The true `origin' of a spam is found in the Received: headers.
>
> Bounces are sent to the address found in the envelope and/or the
> addresses found in the From:/Reply-To: headers.
>
> The first is an IP address. The second is an email address.
>
> Since you can't send a bounce to an IP address, it must be sent to an
> email address. How can SpamCop, ORDB, etc. verify an email address?
<snip>
Why don't you ask them? The do, indeed, have origin verified lists.
Cheers,
Dusty
r5
> after processing the mail at the server. Don't remember if this is a
> default, but there's a checkbox for it in the general options.
But if the server has already accepted the spam, then the spammers
have won. It's far more effective to use a server which actively blocks
at the IP connection level. Get your ISP to use SPEWS:
Doug McLaren
Dusty Rhodes <te...@SPAMMENOTtexas.net> wrote:
Allow me to rephrase my question as a statement, since you appear to
be immune to sarcasm ...
There is no way that SpamCop, ORDB, etc. can automatically verify the
email address of a spam. If you feel that they have, then you've
misunderstood something.
--
Doug McLaren, dou...@frenzy.com We're on a mission from God.