anti-spam e-mail addresses
Andy Harper
This is not specifically an info-vax question except that I receive all my mail
on a VMScluster and that's where it affects me.
As a postmaster of a large site (some 16,000 users), I've become inundated with
bounced e-mail addresses, primarily caused by users sending e-mail with invalid
e-mail addresses in the headers designed to confuse the spammers.
This is now occupying a huge amount of my tim esince I have to sort out the
genuine postmaster enquiries from the crap caused by this and other spam
attempts.
Maybe this is just a problem for postmasters but I'm coming around to the view
that using duff e-mail addresses is an extremely unfriendly thing to do, even
though it's done for sensible reasons. It causes a lot more problems than it
solves (for me at least).
Wouldn't it be better if the community got together and stomped on the source
of the spammers rather than trying to confuse them with bad addresses?
Ultimately, they will found ways around it and we're back to square one except
with a lot more work for postmasters.
What are the authorities (government, legal, IETF etc.) doing to solve this
problem (if anything)? Personally, I think it should be illegal to send
junk-mail and use invalid e-mail address.
Any views and suggestions from the community welcomed.
Regards,
Andy Harper
Kings College London
John Macallister
I, too, am tired of people using "anti-spam" reply addresses.
The result is that one cannot use the "REPLY" option to mail.
"Anti-social" would be a better description for people who do this.
People should deal with the source of the spam or shut off spam
mail in some way rather than creating new, and equally, annoying
failed mail messages.
John
Name: John B. Macallister E-mail: J.Macal...@physics.oxford.ac.uk
Post: Nuclear Physics Laboratory, Keble Road, Oxford OX1 3RH, UK.
Phone: +44-1865-273388 (direct) 273333(reception) 273418(Fax)
Todd
I appologize in advance.... I use a NOSPAM in my address, I also have
mail filtered on the smtp server...yet still some spam comes
through.... I have done some reading and there are bills being
proposed (in the U.S.) to stop/limit spam..
here is a good link:
jue...@saph1.physik.uni-bonn.de (Henry G. Juengst) wrote:
>
>In article <009BADF6.B...@alder.cc.kcl.ac.uk>, Andy Harper <A.HA...@kcl.ac.uk> writes:
>>This is not specifically an info-vax question except that I receive all my mail
>>on a VMScluster and that's where it affects me.
>>
>>As a postmaster of a large site (some 16,000 users), I've become inundated with
>>bounced e-mail addresses, primarily caused by users sending e-mail with invalid
>>e-mail addresses in the headers designed to confuse the spammers.
>>
>>This is now occupying a huge amount of my tim esince I have to sort out the
>>genuine postmaster enquiries from the crap caused by this and other spam
>>attempts.
>>
>>Maybe this is just a problem for postmasters but I'm coming around to the view
>>that using duff e-mail addresses is an extremely unfriendly thing to do, even
>>though it's done for sensible reasons. It causes a lot more problems than it
>>solves (for me at least).
>>
>>Wouldn't it be better if the community got together and stomped on the source
>>of the spammers rather than trying to confuse them with bad addresses?
>>Ultimately, they will found ways around it and we're back to square one except
>>with a lot more work for postmasters.
>
>There are some interesting (and amusing:-) threads and also an FAQ about
>this topic in alt.2600.
>
>Because these idiots who send the spams are using faked addresses and
>others are changing their host names more frequently than their sockets,
>it is hard to filter these mails based on the mail header information.
>But, most of the spams were sent by the same guys, namely Spamford Wallace
>and AGIS. They can change their domain names, but it is much harder for
>them to get more IP class numbers. Therefore my machine rejects mails
>from their class at all (UCX SET SERVICE SMTP/REJECT=NETWORK=...). Works
>fine.
>
>Of course there are always new saps in this business from other sites.
>They, if known, and always their postmasters (postmaster@...) get their
>mail including the RFC 822 header back with a short remark plus a nice
>picture (uuencoded, of course:-). I take the real IP address of the sender
>from the operator log file. Most of the postmasters know what they
>have to tell these mad people. BTW, one of the spambots has sent me his
>apology and asked for permission to use the picture. ==:-)
>
>The picture (a special view of a mascot;-):
>ftp://boss1.physik.uni-bonn.de/pub/elch/lanzarote/swf3elch_lanzarote_11.jpg
>(use http://saph1.physik.uni-bonn.de/ as starting point if you like to
>surf there with a WWW browser - the DG/UX FTP server on boss1 has problems
>with most WWW browsers).
>
>>
>>What are the authorities (government, legal, IETF etc.) doing to solve this
>>problem (if anything)? Personally, I think it should be illegal to send
>>junk-mail and use invalid e-mail address.
>>
>>Any views and suggestions from the community welcomed.
>
>"Madness has no purpose. Or reason. But it may have a goal."
>[Spock, "The Alternative Factor", stardate 3088.7]
>
>>
>>Regards,
>>
>>Andy Harper
>>Kings College London
>
>Henry
>
>--
>jue...@saph1.physik.uni-bonn.de [131.220.161.1] (Internet or DECnet/OSI)
>saph1::juengst [26.358] (DECnet PhaseIV, only local)
>http://saph1.physik.uni-bonn.de/ (WWW)
>
>Any opinions in this article/mail are my own.
Henry G. Juengst
Tim Llewellyn
I too am getting bored of dealing with bounced mails, and
thats only the ones I get when I reply or cc to news with mail
and forget to despam the address (which is usually what I
do).
I can imagine the problem as postmaster is far far worse.
I get spam to email accounts I havn't posted from since the
early 90's. I started getting spam within a couple of days
of posting from my new site. It takes me a few minutes
each day to delete it from my inbox. There is no need to actually
read any of it.
Of course, it can be slightly embarrasing when your manager
looks over your shoulder at the subject list of your intray
and see's all the colourful spam subjects you havn't deleted
yet :-)
It seems that for anti-spam to be effective you need a new email
account too. I would prefer if I post asking for information
that people wanting to reply by email have to do nothing more that
hot the "reply by email" button.
Just my 'tuppence worth
--
Tim Llewellyn, OpenVMS System Manager, Remarcs Project
BBC, Whiteladies Road, Bristol, UK. Email tim.ll...@bbc.co.uk.
Sorry, my web server is down due to circumstances beyond my control
Read at your own risk, standard disclaimer applies.
I want a newsreader that does crossposting and line wrapping.
Wayne Sewell
In article <21A996716DF4D011BDC...@ppnt41.physics.ox.ac.uk>, John Macallister <J.Macal...@physics.ox.ac.uk> writes:
> I, too, am tired of people using "anti-spam" reply addresses.
> The result is that one cannot use the "REPLY" option to mail.
Depends on the newsreader. I munge mine in a way that is easy to edit with ANU
News.
> "Anti-social" would be a better description for people who do this.
> People should deal with the source of the spam or shut off spam
> mail in some way
Easy to say, not so easy to do.
>rather than creating new, and equally, annoying
> failed mail messages.
As I said in another post, if you munge in the domain part of the address, this
problem goes away.
Wayne
--
===============================================================================
Wayne Sewell, Tachyon Software Consulting (214)553-9760 wa...@tachyon.xxx
http://www.tachyon.xxx/www/tachyon.html and wayne.html
change .xxx to .com in addresses above, assuming you are not a spambot :-)
===============================================================================
If George Lindsay ran for Governor, he would be the Goober-natorial candidate.
Wayne Sewell
In article <009BADF6.B...@alder.cc.kcl.ac.uk>, Andy Harper <A.HA...@kcl.ac.uk> writes:
> This is not specifically an info-vax question except that I receive all my mail
> on a VMScluster and that's where it affects me.
>
> As a postmaster of a large site (some 16,000 users), I've become inundated with
> bounced e-mail addresses, primarily caused by users sending e-mail with invalid
> e-mail addresses in the headers designed to confuse the spammers.
I don't see the point of munging return addresses on email, since it goes
directly to the recipient and is not subject to harvesting by bots. What you
are probably seeing is replies to posts in usenet. Many people here munge
addresses and if someone replies without unmunging, then you get bounces. And
of course, any spam sent using the harvested address would also bounce in the
same way.
Many people are against munging period, which I can understand. However, as
discussed in the newsgroup on email abuse (news.admin.net-abuse.email), there
is a right and wrong way to munge. The wrong way is to do the munging in the
username part of the address, i.e. "bogu...@realsite.com". Since the domain
actually exists and the user doesn't, a bounce occurs, causing the grief you
describe above. A better way to munge is to put bogus info into the domain
part of the address, as in "realname@bogus-site-name". This way the message
doesn't go anywhere. The machine from which the spam is sent is unable to make
a connection to a nonexistent domain name. The spammer's machine wastes time
waiting for the DNS lookup to fail. (Of course, the machine making the SMTP
connection is more likely to be an innocent relay site, but hopefully this
waste of their resources will convince them to disable relay.) In any case,
the mail never makes it to *your* domain, so the problem is solved.
I personally like for the munging to be at the end of the address, as in mine
above, because it makes it easy to edit with ANU news. All you have to do is
hit the delete key to get rid of the munged part, then type in the correct end
of the address, e.g. ".com".
Of course, depending on newsreader, it may not be *possible* for individuals to
change their domain name for security reasons. In general, forgery is a Bad
Thing, though I think it is justified to prevent harvesting as long as people
understand that you are doing it and can easily see how to unmunge.
In the case of ANU News, all you have to do is change the news_address logical
to be the bogus domain. (Note: I have not tried this when using the ANU NNTP
module for news transfer, since I wrote custom software to do on-the-fly spam
filtering in my news transfers. Standard ANU NNTP may use this logical.)
As a side note, the reason my own munged address looks so strange is because it
contains a process id and time stamp. Since the bots insist on grabbing email
addresses out of posts, I thought I would oblige them by providing a new one
every time I post (assuming they would be smart enough to recognize a duplicate
anyway). I figure the more time the spammers spend trying to gather bogus
addresses and then send mail to them, the better off we are.
In a command procedure that runs every two minutes, I have the following:
$ pid = f$getjpi ("", "pid")
$ pid = f$extract (4, 8, pid)
$ chartime = f$cvtim(f$time()) - " " - " " - ":" - ":" - "." - "-" - "-"
$ chartime = f$extract (10, 20, chartime)
$ define/sys/exec NEWS_ADDRESS "tachyon.xxx''chartime'killspam-''pid'"
> This is now occupying a huge amount of my tim esince I have to sort out the
> genuine postmaster enquiries from the crap caused by this and other spam
> attempts.
>
> Maybe this is just a problem for postmasters but I'm coming around to the view
> that using duff e-mail addresses is an extremely unfriendly thing to do, even
> though it's done for sensible reasons. It causes a lot more problems than it
> solves (for me at least).
Again, it's not so much *if* you munge as *how* you munge.
> Wouldn't it be better if the community got together and stomped on the source
> of the spammers rather than trying to confuse them with bad addresses?
What do you think we are trying to do? The big ISPs are the main problem.
agis.net provides a safe haven for spammers and allows them to do anything they
wish. The other big boys provide only lip service to stopping spam. Most of
them have unprotected dialup ports that any bozo can apparently access and use
to insert spam into the internet mail system. uunet is by far the worst about
this. 90% of the spam I receive originates from a .uu.net dialup port.
Another major factor is the huge number of systems in the internet with open
SMTP ports. Most SMTP software is apparently distributed with the relay
function enabled (including MX!), and many of the administrators of these sites
don't see the need for disabling it or don't know how to do so. The spammers
have an uncanny ability to find these sites all over the world and relay their
spam through them. This bypasses blocking by domain name or IP address (I
automatically block connections from all known spam domains and from all IP
addresses assigned to agis.net), since the SMTP connection is made from the
relay site. You don't know it's spam until at least the header has been
transferred.
> Ultimately, they will found ways around it and we're back to square one except
> with a lot more work for postmasters.
>
> What are the authorities (government, legal, IETF etc.) doing to solve this
> problem (if anything)?
Check out news.admin.net-abuse.email for information about the Smith Amendment.
Also, there are a lot of anti-spam web pages that have information about
fighting spam. I have links to a couple of these from my tachyon and wayne
pages (below in sig), from which you can find others. There is also the
Coalition Against Unsolicited Commercial Email (CAUCE). Their web page is
"http://www.cauce.org".
>Personally, I think it should be illegal to send
> junk-mail and use invalid e-mail address.
Sounds good to me. I would certainly stop munging if junk email stopped.
t_w...@animo.eurokom.ie
In article <009BADF6.B...@alder.cc.kcl.ac.uk>, Andy Harper <A.HA...@kcl.ac.uk> writes:
> As a postmaster of a large site (some 16,000 users), I've become inundated with
> bounced e-mail addresses, primarily caused by users sending e-mail with invalid
> e-mail addresses in the headers designed to confuse the spammers.
>
now do a DNS lookup on the sender's domain address, and reject the message if
an MX record can't be found for it.
------------------------------------------------------------------------------
Tom Wade | Internet: T.W...@vms.eurokom.ie (all domain mailers).
Network Manager | DEC Enet: DECWRL::"t.w...@vms.eurokom.ie" (VMS Mail)
EuroKom | PSI-Mail: PSI%272431001992::_T_WADE
UCD Belfield | JANET: t.wade%ie.euro...@UK.AC.EARN-RELAY
Dublin 4 | X400: g=tom;s=wade;o=eurokom;p=eurokom;a=eirmail400;c=ie
Ireland | Telex: (0500) 91178 UCD EI ("TO: WADE" at start)
-------------------+----------------------------------------------------------
Tel: +353-1-2830555| Official Disclaimer: "This is not a disclaimer"
Fax: +353-1-2838605| Unix .... Just say No !
Wayne Sewell
In article <1997Sep26...@animo.eurokom.ie>, t_w...@animo.eurokom.ie writes:
> In article <009BADF6.B...@alder.cc.kcl.ac.uk>, Andy Harper <A.HA...@kcl.ac.uk> writes:
>> As a postmaster of a large site (some 16,000 users), I've become inundated with
>> bounced e-mail addresses, primarily caused by users sending e-mail with invalid
>> e-mail addresses in the headers designed to confuse the spammers.
>>
> This can be a real nuisance. I have noticed that a number of service providers
> now do a DNS lookup on the sender's domain address, and reject the message if
> an MX record can't be found for it.
This can work if the mail is actually sent with a munged from: address.
However, I believe most of the mail causing Andy problems is the result of
replying to a usenet post with a munged address or spam sent to munged
addresses harvested by spambots.
Checking the from address of outgoing email will have no effect on these.
Richard B. Gilbert
Andy Harper <A.HA...@kcl.ac.uk> Writes:
>This is not specifically an info-vax question except that I receive all my mail
>on a VMScluster and that's where it affects me.
>
>As a postmaster of a large site (some 16,000 users), I've become inundated with
>bounced e-mail addresses, primarily caused by users sending e-mail with invalid
>e-mail addresses in the headers designed to confuse the spammers.
>
>This is now occupying a huge amount of my tim esince I have to sort out the
>genuine postmaster enquiries from the crap caused by this and other spam
>attempts.
>
>Maybe this is just a problem for postmasters but I'm coming around to the view
>that using duff e-mail addresses is an extremely unfriendly thing to do, even
>though it's done for sensible reasons. It causes a lot more problems than it
>solves (for me at least).
>
>Wouldn't it be better if the community got together and stomped on the source
>of the spammers rather than trying to confuse them with bad addresses?
>Ultimately, they will found ways around it and we're back to square one except
>with a lot more work for postmasters.
>
>What are the authorities (government, legal, IETF etc.) doing to solve this
>problem (if anything)? Personally, I think it should be illegal to send
>junk-mail and use invalid e-mail address.
>
>Any views and suggestions from the community welcomed.
>
Other than taking up a collection to hire assasins, I can't think what
we might do. . . . Well, actually, I can but it looks like a lot of work.
If mailing lists would verify the ostensible From and/or reply-to address;
e.g. if the message purports to come from mumble.com, then try to match the
incoming IP address with the proper address for mumble.com. AOL addresses
have to begin with a letter and are limited to some number of characters (10?
12?). Verify that AOL return addresses are syntactically correct. CompuServe
addresses consist of two 18-bit octal numbers separated by period. There's an
8 or a 9 in there? Throw the bum out.
SPAM filters at mailing list and usenet sites? "Sex" or "$$$" in the
subject line? Throw the bum out! "www.sexy.girls.com" in the text? Out! A
message to info-vax that fails to mention VAX, Alpha or VMS? Out!! Etc.
Somehow, it seems easier and more emotionally satisfying to think about
hiring assasins. A jury of netizens would call it justifiable pesticide!
--
*************************************************************************
* Here, there be dragons! *
* DRA...@CIS.CompuServe.Com *
* *
* Richard B. Gilbert *
* Computer Systems Consultant *
*************************************************************************
Mark Tarka
In article <199709262204_...@compuserve.com>, "Richard B.
Gilbert" <76702...@compuserve.com> writes:
[NB Quote symbol is "# " for the current message.]
# Andy Harper <A.HA...@kcl.ac.uk> Writes:
#
# >This is not specifically an info-vax question except that I receive all my
# mail
# >on a VMScluster and that's where it affects me.
# >
# >As a postmaster of a large site (some 16,000 users), I've become inundated
[Snip...]
# Somehow, it seems easier and more emotionally satisfying to think about
# hiring assasins. A jury of netizens would call it justifiable pesticide!
Assassin n. 1. a murderer or killer, esp. a fanatic who kills a
prominent person.
Seek out the services of one David P. Murphy.
He has demonstrated an ability to destroy objectionable sources of
offensive postings.
Mark :-)
Michael Moroney
In article <009BADF6.B...@alder.cc.kcl.ac.uk>,
Andy Harper <A.HA...@kcl.ac.uk> wrote:
> As a postmaster of a large site (some 16,000 users), I've become inundated with
> bounced e-mail addresses, primarily caused by users sending e-mail with invalid
> e-mail addresses in the headers designed to confuse the spammers.
>
> This is now occupying a huge amount of my tim esince I have to sort out the
> genuine postmaster enquiries from the crap caused by this and other spam
> attempts.
I'd guess that 95+% of the bounced email is from spammers attempting to spam
the addresses forged by the users to prevent the spams. I'd suggest writing
some sort of computerized script that eliminates messages from fake addresses,
since the addresses are on spammers' lists and they aren't about to take them
off their lists just to make you happy.
My suggestion: Teach your users to use a nonexistant domain if they are going
to use forged addresses when posting news, not a nonexistant address at your
site.
Wrong: bo...@kcl.ac.uk
Correct: us...@kcl.ac.DontSpamMe.uk
Also tell them not to use forged addresses when sending email (there's no
reason to, unless emailing spammers)
Anyway, even if 100% of the users comply with your wishes tomorrow, you'll
still be seeing bounces as spammer attempt to spam the bogus addresses.
> Maybe this is just a problem for postmasters but I'm coming around to the view
> that using duff e-mail addresses is an extremely unfriendly thing to do, even
> though it's done for sensible reasons. It causes a lot more problems than it
> solves (for me at least).
It is unfortunate that it has come to this, but it does reduce (or even
eliminate, if you were always extremely careful) spam for the users.
> Wouldn't it be better if the community got together and stomped on the source
> of the spammers rather than trying to confuse them with bad addresses?
If you know of a way to eliminate spammers there are many people who'd LOVE
to know about it!
-Mike
Shane...@ranplc.co.uk
[snips]
>
> My suggestion: Teach your users to use a nonexistant domain if they are going
> to use forged addresses when posting news, not a nonexistant address at your
> site.
>
> Wrong: bo...@kcl.ac.uk
> Correct: us...@kcl.ac.DontSpamMe.uk
>
It wouldn't be easy to do from my current site, but I've always thought a fake
reply-to address of "ab...@127.0.0.0" might be interesting. (127.0.0.0 is the
loopback address, isn't it? 'Scuse memory cell failure, some git's nicked my
reference books....) Let the spammers report themselves!
> If you know of a way to eliminate spammers there are many people who'd LOVE
> to know about it!
>
> -Mike
I've got one, but it involves a sawn-off shotgun and jailtime for cruelty
to animals..... May all SPAMmers rot in hell for eternity. (No smiley.)
##### | Shane (Sh...@ranplc.co.uk) I said that, not R&N. |
#-O-O-# --------------------------------------------------------------------
# L # "The universe runs on the complex interweaving of three elements:
#===# energy, matter and enlightened self-interest." - G'Kar, Babylon 5
### "Bad things happen when the 'enlightened' bit is missing." - Shane
Wayne Sewell
In article <9709291...@axpw3.ranplc.co.uk>, Shane...@ranplc.co.uk writes:
> [snips]
>>
>> My suggestion: Teach your users to use a nonexistant domain if they are going
>> to use forged addresses when posting news, not a nonexistant address at your
>> site.
>>
>> Wrong: bo...@kcl.ac.uk
>> Correct: us...@kcl.ac.DontSpamMe.uk
>>
> [snip]
>
> It wouldn't be easy to do from my current site, but I've always thought a fake
> reply-to address of "ab...@127.0.0.0" might be interesting. (127.0.0.0 is the
> loopback address, isn't it?
Close. 127.0.0.1. Also, raw IP addresses need square brackets:
"abuse@[127.0.0.1]"
>'Scuse memory cell failure, some git's nicked my
> reference books....) Let the spammers report themselves!
Well, it's not just the spammers. Sometimes legitimate correspondents forget
to (or don't know how to) un-munge the reply address. In this case, sending to
the abuse address would not be appropriate and would cause confusion and even
more traffic to an already-overloaded address.
>> If you know of a way to eliminate spammers there are many people who'd LOVE
>> to know about it!
>>
>> -Mike
>
> I've got one, but it involves a sawn-off shotgun and jailtime for cruelty
> to animals..... May all SPAMmers rot in hell for eternity. (No smiley.)
What he said.
Scott Snadow -GTE Directories- 972-453-7727
In article <009BADF6.B...@alder.cc.kcl.ac.uk>,
Andy Harper <A.HA...@kcl.ac.uk> writes:
[The following post has been modified. It has been re-formatted to
fit your screen.]
> This is not specifically an info-vax question except that I receive
>
> As a postmaster of a large site (some 16,000 users), I've become
> inundated with bounced e-mail addresses, primarily caused by users
> sending e-mail with invalid e-mail addresses in the headers designed
> to confuse the spammers.
> Any views and suggestions from the community welcomed.
Well, since the original question has drifted a bit from the charter
of comp.os.vms, I'll continue that drifiting a bit more (and then we'd
better get back to shore)!
Take a cruise over to http://www.whiteice.com/ --- it's a site run by
David Cathey, a local (Plano, Texas, USA) software consultant and
all-around good guy. He's also the chairman of the DECUS DFWLUG,
though that affiliation has nothing to do with whiteice. . .
I stumbled across his web page recently, didn't know anything about it
prior to that --- but it looks like he's got a system that will give
you a spam-free e-mail account, and a web page too, for a very tiny
annual fee. He has apparently taken e-mail filtering to a new level,
and does his best to keep the junk from ever arriving at your mailbox
. . .so folks with e-mail at whiteice.com don't need "anti-spam" when
they post to usenet. . .and they can put real e-mail addresses on
their whiteice web pages too.
Again, I stress that I've got no connection to this, although it may
*appear* that way --- I was formerly the DFWLUG librarian, but that
was more than 2 years ago (in spite of the fact that I'm still listed
as such on some web pages & some newsletters). . .
And, of course, to tie this all back to comp.os.vms. . .I believe that
whiteice.com is running OpenVMS! (Not sure if it's a VAX or an
Alpha.)
Scott "not on whiteice.com, but thinking about it" Snadow
--
+--------------------------------------------------------------+
| Scott Snadow, Former Californian. I wasn't born in Texas, |
| but I got here as fast as I could! |
+--------------------------------------------------------------+
Waylon
On Fri, 26 Sep 1997 11:45:17 +0100, John Macallister
<J.Macal...@physics.ox.ac.uk> wrote:
It's not "anti-social". They are providing their address. You just have to do
a little work to reply.
I've totally given up on using my e-mail in usenet at all. I get so much crap
mail that it's hard to filter out the *real* ones.
How do yo propose dealing with source of the different hundreds of thousands of
spamming addresses?
>I, too, am tired of people using "anti-spam" reply addresses.
>The result is that one cannot use the "REPLY" option to mail.
>"Anti-social" would be a better description for people who do this.
>People should deal with the source of the spam or shut off spam
> mail in some way rather than creating new, and equally, annoying
> failed mail messages.
>
>John
>
>Name: John B. Macallister E-mail: J.Macal...@physics.oxford.ac.uk
>
>Post: Nuclear Physics Laboratory, Keble Road, Oxford OX1 3RH, UK.
>
>Phone: +44-1865-273388 (direct) 273333(reception) 273418(Fax)
>
>> -----Original Message-----
>> From: Andy Harper [SMTP:A.HA...@kcl.ac.uk]
>> Sent: Friday, September 26, 1997 12:21 PM
>> To: macal...@exchng1.physics.ox.ac.uk
>> Subject: anti-spam e-mail addresses
>>
>> This is not specifically an info-vax question except that I receive
>> all my mail
>> on a VMScluster and that's where it affects me.
>>
>> As a postmaster of a large site (some 16,000 users), I've become
>> inundated with
>> bounced e-mail addresses, primarily caused by users sending e-mail
>> with invalid
>> e-mail addresses in the headers designed to confuse the spammers.
>>
>> This is now occupying a huge amount of my tim esince I have to sort
>> out the
>> genuine postmaster enquiries from the crap caused by this and other
>> spam
>> attempts.
>>
>> Maybe this is just a problem for postmasters but I'm coming around to
>> the view
>> that using duff e-mail addresses is an extremely unfriendly thing to
>> do, even
>> though it's done for sensible reasons. It causes a lot more problems
>> than it
>> solves (for me at least).
>>
>> Wouldn't it be better if the community got together and stomped on the
>> source
>> of the spammers rather than trying to confuse them with bad addresses?
>> Ultimately, they will found ways around it and we're back to square
>> one except
>> with a lot more work for postmasters.
>>
>> What are the authorities (government, legal, IETF etc.) doing to solve
>> this
>> problem (if anything)? Personally, I think it should be illegal to
>> send
>> junk-mail and use invalid e-mail address.
>>
>> Any views and suggestions from the community welcomed.
>>
jf mezei
Michael Moroney wrote:
> My suggestion: Teach your users to use a nonexistant domain if they are going
> to use forged addresses when posting news, not a nonexistant address at your
> site.
Some moderated newsgroups refuse to post items with such senders. Their
sites blocks incoming mail from unresolvable sites and the moderators
tell the posters to add the spam counter measures to the username
portion to ensure that they receive the messages and can then release
them to the newsgroup.
Dan Wing
In article <cZdL0kOJ...@world.std.spaamtrap.com>,
mor...@world.std.spaamtrap.com says...
> In article <009BADF6.B...@alder.cc.kcl.ac.uk>,
> Andy Harper <A.HA...@kcl.ac.uk> wrote:
> > As a postmaster of a large site (some 16,000 users), I've become inundated with
> > bounced e-mail addresses, primarily caused by users sending e-mail with invalid
> > e-mail addresses in the headers designed to confuse the spammers.
> >
> > This is now occupying a huge amount of my tim esince I have to sort out the
> > genuine postmaster enquiries from the crap caused by this and other spam
> > attempts.
>
> the addresses forged by the users to prevent the spams. I'd suggest writing
> some sort of computerized script that eliminates messages from fake addresses,
> since the addresses are on spammers' lists and they aren't about to take them
> off their lists just to make you happy.
>
> to use forged addresses when posting news, not a nonexistant address at your
> site.
>
> Correct: us...@kcl.ac.DontSpamMe.uk
What do you mean "Wrong" and "Correct"? Many sites, such as AOL.COM, and
TGV.COM, validate the host portion of MAIL FROM and reject it if the
domain doesn't exist in DNS.
So, knowing that, the above recommendation is backwards -- a domain name
that doesn't exist won't be received by some sites. Thus, the spam-
blocking posting you send to vmsnet.networks.tcp-ip.multinet,
comp.os.vms, or any other USENET newsgroup which is gatewayed to email,
and has a subscriber at AOL.COM (or TGV.COM) will not be seen by the AOL
person because of AOL's spamming protection.
Note that AOL's spamming protection is a common patch to sendmail - it
isn't unique to AOL.
> Also tell them not to use forged addresses when sending email (there's no
> reason to, unless emailing spammers)
>
> Anyway, even if 100% of the users comply with your wishes tomorrow, you'll
> still be seeing bounces as spammer attempt to spam the bogus addresses.
>
> > Maybe this is just a problem for postmasters but I'm coming around to the view
> > that using duff e-mail addresses is an extremely unfriendly thing to do, even
> > though it's done for sensible reasons. It causes a lot more problems than it
> > solves (for me at least).
>
> It is unfortunate that it has come to this, but it does reduce (or even
> eliminate, if you were always extremely careful) spam for the users.
I haven't used my wi...@tgv.com account for any purpose for two years. I
still receive spam to that account (all of it is blocked, but I see an
OPCOM message anytime someone tries to send mail to wi...@tgv.com).
-Dan Wing
Fred W. Bach, TRIUMF Operations
In article <21A996716DF4D011BDC...@ppnt41.physics.ox.ac.uk>,
John Macallister <J.Macal...@physics.ox.ac.uk> writes...
#I, too, am tired of people using "anti-spam" reply addresses.
#The result is that one cannot use the "REPLY" option to mail.
#"Anti-social" would be a better description for people who do this.
#People should deal with the source of the spam or shut off spam
# mail in some way rather than creating new, and equally, annoying
# failed mail messages.
#
#John
#
#Name: John B. Macallister E-mail: J.Macal...@physics.oxford.ac.uk
#
#Post: Nuclear Physics Laboratory, Keble Road, Oxford OX1 3RH, UK.
#
#Phone: +44-1865-273388 (direct) 273333(reception) 273418(Fax)
You sure talk big but you don't have any real recommendations, do
you? Obviously you don't know where of you speak. Look, John, I
have and continue to be hit by this email-spam buisness very hard
here at TRIUMF. Dealing with email spam at the source is extremely
difficult, virtually impossible, and prohibitively time consuming
for the average user. No one has time for that; several good
people have tried and failed.
It's not anti-social, it's self-preservation. It's easy enough to
delete a few characters in most mail windows To: line. Not in VMS
Mail, however, unless you use FORWARD/EDIT and use the mouse to
copy the address which you can then edit.
I'd sure like to know a few effective ways to block spam or shut
off spam. It is IMPOSSIBLE to deal with at the source due to all
the address spoofing.
You will have to admit that these so-called "anti-social" people
are dealing with a serious problem which has obviously not hit you
very hard.
Fred W. Bach , Operations Group | Internet: mu...@triumf.ca
TRIUMF (TRI-University Meson Facility) | Voice: 604-222-1047 loc 6327/6278
4004 WESBROOK MALL, UBC CAMPUS | FAX: 604-222-1074
University of British Columbia, Vancouver, B.C., CANADA V6T 2A3
"Accuracy is important. Details can mean the difference between life & death."
These are my opinions, which should ONLY make you read, think, and question.
They do NOT necessarily reflect the views of my employer or fellow workers.
Matthew N. Dodd
t_w...@animo.eurokom.ie wrote:
> This can be a real nuisance. I have noticed that a number of service
> providers now do a DNS lookup on the sender's domain address, and reject
> the message if an MX record can't be found for it.
I've got all my systems setup to do DNS verification of MAIL FROM: and
RCPT TO: addresses, and while it does burn more CPU and network, it does
cut down on spam.
I think the only good form of email address munging is a plussed email
address as I have in this message. While I am not automatically
bitbucketing email addressed in this way, it does keep it from hitting
my inbox and demanding my immediate attention.
The only acceptable way of munging your hostname would be to setup
DNS records for the 'bogus' domain and use domaintables to /dev/null
all messages to that domain.
I'm afraid I can't offer any practical answers to this end under VMS
though.
--
/*
Matthew N. Dodd | A memory retaining a love you had for life
winte...@jurai.net | As cruel as it seems nothing ever seems to
http://www.jurai.net/~winter | go right - FLA M 3.1:53
*/
Wayne Sewell
In article <21A996716DF4D011BDC...@ppnt41.physics.ox.ac.uk>, John Macallister <J.Macal...@physics.ox.ac.uk> writes:
> Unfortunately I do have first hand experience of dealing with junk mail.
> However, I
> find that most of my user problems are dealing with unreplyable
> addresses.
As I said in another post, munging the domain name rather than the user name
causes *no* problems for any postmaster other than possibly at the spammers
site or the relay site. The former deserves the hassle. The latter is usually
an innocent site, but the aggravation will convince them they should shut off
relay, which will be one less pipe for the spammers to shove their crap
through.
>Most
> users are unsphosticated and many mailers/news servers don't help by
> hiding the
> headers. It can be a real hassle, even for an expert, to find the
> 'correct' mail address
> for a reply.
I cannot comment on this, since I have never used such newsreaders. With ANU
news, replying to munged addresses is trivially easy. The reply address
automatically appears on a prompt and can be edited. Even the bizarre return
address I use requires only a few hits of the delete key, followed by typing
"com". That's why I do all the munging at the end of the address rather than
in the middle as some people do.
>
> I take the view that it's easier to hit delete than to search for a
> fool-proof blocking scheme.
The spammers love people with this view, because it does absolutely nothing to
inhibit them. Keep hitting delete. You will find that you will be doing it
more and more all the time, as the old spammers continue, and new spammers come
online and buy their lists. Keep posting with an unmunged address so they can
all find you. You will eventually spend all day hitting delete. Whoops!
Deleted a real message because it was buried in hundreds of sex ads and pyramid
scams. Oh, well. Probably wasn't important anyway.
Apparently your internet access is free, because you don't mind paying for all
this wasted bandwidth. By the time you hit delete, you've paid for it.
> The 'authorities' will eventually have to deal with offensive spamming
> as well as large mailings
> which can cause congestion. However, junk E-mail is a fact of life and
> will not disappear.
Not if we just sit here and do nothing but meekly hit delete.
> Perhaps the only real solution is to make spoofing illegal and it would
> certainly help a great
> deal if ordinary users could not change their mail header addresses. I
> believe these two
> simple measures would solve the problem to some extent.
This would solve the problem Andy was complaining about in the original post,
but would have no effect on the greater problem of spam. If people were not
getting so much unsolicited crap, there would never have been a reason to munge
addresses in the first place.
> There will, however, always be advertising junk E-mail : that will not
> disappear unless advertising
> is banned or adverts have to be flagged in some way so that they can
> easily be filtered out.
> Perhaps we need an advertising mail type/header flag?
This assumes the spammers would follow the rules. They are supposed to honor
remove requests now, but if you ask to be removed, you get even more spam.
They use the request to validate your address.
Besides, the drawback to any kind of header-based filtering is that you have to
allow the SMTP connection to be made and receive enough of the header to see
the flag. If the filtering is not done within the server, you have to receive
the entire message and deal with it later. The pyramid/chain-letter spam-scams
in particular typically run to hundreds of lines of gibberish and testimonials
about how many billions everybody made. So the resources have been wasted even
if the message does not actually appear in your mailbox.
Spams sent to addresses with the domain munged don't go *anywhere*. True, the
domain name system has to reject a nonexistent domain, but DNS would have been
involved anyway to send to your real address.
Wayne
John Macallister
Name: John B. Macallister E-mail: J.Macal...@physics.oxford.ac.uk
Post: Nuclear Physics Laboratory, Keble Road, Oxford OX1 3RH, UK.
Phone: +44-1865-273388 (direct) 273333(reception) 273418(Fax)
> -----Original Message-----
> From: n...@physics.oxford.ac.uk [SMTP:n...@physics.oxford.ac.uk]
> Sent: Monday, September 29, 1997 4:50 PM
> To: macal...@exchng1.physics.ox.ac.uk
> Subject: Re: anti-spam e-mail addresses
>
> On Fri, 26 Sep 1997 11:45:17 +0100, John Macallister
> <J.Macal...@physics.ox.ac.uk> wrote:
>
> It's not "anti-social". They are providing their address. You just
> have to do
> a little work to reply.
>
[John Macallister]
Having to search through mail headers is something the software
should be doing not the user.
> I've totally given up on using my e-mail in usenet at all. I get so
> much crap
> mail that it's hard to filter out the *real* ones.
>
> How do yo propose dealing with source of the different hundreds of
> thousands of
> spamming addresses?
>
[John Macallister]
Deal with it in the same way as you would deal with junk mail at
home: mostly bin it! It's not that
difficult to delete an obviously junk mail item. Junk mail at
some level is going to be a fact of
life with E-mail and that's no different from the world outside
your computer.
I guess with the potentially large volume of junk that E-mail
can produce sophisticated bespoke
filtering software is the only answer.
John
> >I, too, am tired of people using "anti-spam" reply addresses.
> >The result is that one cannot use the "REPLY" option to mail.
> >"Anti-social" would be a better description for people who do this.
> >People should deal with the source of the spam or shut off spam
> > mail in some way rather than creating new, and equally, annoying
> > failed mail messages.
> >
> >John
> >
> >Name: John B. Macallister E-mail:
> J.Macal...@physics.oxford.ac.uk
> >
> >Post: Nuclear Physics Laboratory, Keble Road, Oxford OX1 3RH, UK.
> >
> >Phone: +44-1865-273388 (direct) 273333(reception) 273418(Fax)
> >
> >> -----Original Message-----
> >> From: Andy Harper [SMTP:A.HA...@kcl.ac.uk]
> >> Sent: Friday, September 26, 1997 12:21 PM
> >> To: macal...@exchng1.physics.ox.ac.uk
> >> Subject: anti-spam e-mail addresses
> >>
> >> This is not specifically an info-vax question except that I receive
> >> all my mail
> >> on a VMScluster and that's where it affects me.
> >>
> >> As a postmaster of a large site (some 16,000 users), I've become
> >> inundated with
> >> bounced e-mail addresses, primarily caused by users sending e-mail
> >> with invalid
> >> e-mail addresses in the headers designed to confuse the spammers.
> >>
> >> This is now occupying a huge amount of my tim esince I have to sort
> >> out the
> >> genuine postmaster enquiries from the crap caused by this and other
> >> spam
> >> attempts.
> >>
> >> Maybe this is just a problem for postmasters but I'm coming around
> to
> >> the view
> >> that using duff e-mail addresses is an extremely unfriendly thing
> to
> >> do, even
> >> though it's done for sensible reasons. It causes a lot more
> problems
> >> than it
> >> solves (for me at least).
> >>
John Macallister
Unfortunately I do have first hand experience of dealing with junk mail.
However, I
find that most of my user problems are dealing with unreplyable
users are unsphosticated and many mailers/news servers don't help by
hiding the
headers. It can be a real hassle, even for an expert, to find the
'correct' mail address
for a reply.
I take the view that it's easier to hit delete than to search for a
fool-proof blocking scheme.
The 'authorities' will eventually have to deal with offensive spamming
as well as large mailings
which can cause congestion. However, junk E-mail is a fact of life and
will not disappear.
Perhaps the only real solution is to make spoofing illegal and it would
certainly help a great
deal if ordinary users could not change their mail header addresses. I
believe these two
simple measures would solve the problem to some extent.
There will, however, always be advertising junk E-mail : that will not
disappear unless advertising
is banned or adverts have to be flagged in some way so that they can
easily be filtered out.
Perhaps we need an advertising mail type/header flag?
John
Name: John B. Macallister E-mail: J.Macal...@physics.oxford.ac.uk
Post: Nuclear Physics Laboratory, Keble Road, Oxford OX1 3RH, UK.
Phone: +44-1865-273388 (direct) 273333(reception) 273418(Fax)
> -----Original Message-----
> From: Fred W. Bach, TRIUMF Operations [SMTP:mu...@triumf.ca]
> Sent: Monday, September 29, 1997 10:13 PM
> To: macal...@exchng1.physics.ox.ac.uk
> Cc: mu...@triumf.ca
> Subject: RE: anti-spam e-mail addresses
>
> To: JohnMacallister<J.Macal...@physics.ox.ac.uk
> CC: mu...@triumf.ca
> Message-ID: <009BB060.C...@triumf.ca>
> Subject: RE: anti-spam e-mail addresses
>
> In article
> <21A996716DF4D011BDC...@ppnt41.physics.ox.ac.uk>, you
> write...
> #I, too, am tired of people using "anti-spam" reply addresses.
> #The result is that one cannot use the "REPLY" option to mail.
> #"Anti-social" would be a better description for people who do this.
> #People should deal with the source of the spam or shut off spam
> # mail in some way rather than creating new, and equally, annoying
> # failed mail messages.
> #
> #John
> #
> #Name: John B. Macallister E-mail:
> J.Macal...@physics.oxford.ac.uk
Michael Moroney
In article <MPG.e9a383a4...@news.kjsl.com>,
dw...@cisco.com (Dan Wing) wrote:
> In article <cZdL0kOJ...@world.std.spaamtrap.com>,
> mor...@world.std.spaamtrap.com says...
> > to use forged addresses when posting news, not a nonexistant address at your
> > site.
> >
> > Wrong: bo...@kcl.ac.uk
> > Correct: us...@kcl.ac.DontSpamMe.uk
>
> What do you mean "Wrong" and "Correct"? Many sites, such as AOL.COM, and
> TGV.COM, validate the host portion of MAIL FROM and reject it if the
> domain doesn't exist in DNS.
Which is why in my original post I mentioned do NOT forge email addresses.
> > Also tell them not to use forged addresses when sending email (there's no
> > reason to, unless emailing spammers)
> So, knowing that, the above recommendation is backwards -- a domain name
> that doesn't exist won't be received by some sites. Thus, the spam-
> blocking posting you send to vmsnet.networks.tcp-ip.multinet,
> comp.os.vms, or any other USENET newsgroup which is gatewayed to email,
> and has a subscriber at AOL.COM (or TGV.COM) will not be seen by the AOL
> person because of AOL's spamming protection.
>
> Note that AOL's spamming protection is a common patch to sendmail - it
> isn't unique to AOL.
That this list is gatewayed between a newsgroup and a mail list is a monkey
wrench in my suggestion. Mail lists are already "forged" in a way, it's
sent from a list server but the From: line is that of the original sender
to the listserver robot. The mail envelope from header (not the From: line)
is legitimate and points to the list server. If they filter on the MAIL FROM
envelope (which you mention above) it should go through. Which address do the
AOL/sendmail patches filter on?
But there is a solution to this, too. Use an address like "yummy.death.net"
which is real - but evaluates to "localhost" [127.0.0.1]. It will pass
"is it real" lookups, but spammers which attempt to spam it will only be
bothering their own system.
> I haven't used my wi...@tgv.com account for any purpose for two years. I
> still receive spam to that account (all of it is blocked, but I see an
> OPCOM message anytime someone tries to send mail to wi...@tgv.com).
I've seen attempts to spam an address I haven't used since 1988!
(I wonder how they even got it!)
-Mike
Dick Munroe
John Macallister <J.Macal...@physics.ox.ac.uk> typed:
There's a new version of MX in beta that has some spam blocking
capabilities. One of the members on that list ALSO wrote a cute little
piece of code called WhiteICE that provides filtering capabilities in front
of the SMTP server at your site. I don't have a pointer handy, but you
might install WhiteICE and try it out.
Dick Munroe
--
Dick Munroe mun...@acornsw.com
Acorn Software (508) 568 1618 x1
267 Cox St. FAX: 562 1133
Hudson, Ma. 01749 http://www.acornsw.com/
Need a web site? a web server? other web service? Contact us...
"They told me to get Windows 3.1 or better so I bought a Macintosh!"
"Then they told me to get Windows 95 or better...so I bought another Mac!"
"Now they tell me to get Windows NT 4.0 Server or better...I've ordered
another Mac!"
Nigel White
On Tuesday, September 30, 1997 7:52, Michael Moroney
> But there is a solution to this, too. Use an address like
"yummy.death.net"
> which is real - but evaluates to "localhost" [127.0.0.1]. It will
pass
> "is it real" lookups, but spammers which attempt to spam it will
only be
> bothering their own system.
Huh? I can't nslookup "yummy.death.net" ????... "Nonexistent domain"!
=======================================================
Nigel White mailto:ni...@synergex.com
Systems Programmer, Synergex (Formerly DISC)
2330 Gold Meadow Way; Gold River, CA 95670
Phone: 916/853 0366; Fax: 916/635-6549; http://www.synergex.com
Home: 916/446 3024
Michael Moroney
In article <01BCCE4A.3F...@synergex.com>,
Nigel White <ni...@synergex.com> wrote:
> On Tuesday, September 30, 1997 7:52, Michael Moroney
> [SMTP:mor...@world.std.spaamtrap.com.synergex.com] wrote:
> > But there is a solution to this, too. Use an address like
> "yummy.death.net"
> > which is real - but evaluates to "localhost" [127.0.0.1]. It will
> pass
> > "is it real" lookups, but spammers which attempt to spam it will
> only be
> > bothering their own system.
>
> Huh? I can't nslookup "yummy.death.net" ????... "Nonexistent domain"!
Figures that it got shut off or something since I learned of it.
Found another one: warez.deadend.com.
-Mike
Ed Shannonhouse
In article <29SEP199...@erich.triumf.ca>, mu...@erich.triumf.ca (Fred W.
> John Macallister <J.Macal...@physics.ox.ac.uk> writes...
>
>#I, too, am tired of people using "anti-spam" reply addresses.
>#The result is that one cannot use the "REPLY" option to mail.
>#"Anti-social" would be a better description for people who do this.
>#People should deal with the source of the spam or shut off spam
># mail in some way rather than creating new, and equally, annoying
># failed mail messages.
>#
> It's not anti-social, it's self-preservation. ...
Many claim it's ok to mung the Reply-to: (or From:) field, but I think it is
an example of "two wrongs make a right". I've always been taught (and I
believe) that two "wrongs" _don't_ make a "right". By diddling with the return
address, the problem you're trying to avoid creates another problem that is at
least annoying to the user and can be quite wasteful of mail gateway
resources.
As a regular user, I experience this unwanted email. Since automatic filters
can often filter out the "good" stuff, I usually use the DELETE feature of the
mail package that I'm using at the time and let it go at that.
As a system manager/administrator of a mail gateway, I also witness the
resources that are tied up by incorrect return addresses. For example, let's
say user John Q. Public posts to a newsgroup with the return address munged.
Someone sees the post and replies to it, but alas, they forget to de-spammize
(is that a word?) the return address. So that they don't get spam, _their_
return address is also munged. The reply cannot be delivered and notification
of an error is sent to a bad address. The undeliverable error notification
sits in a mail queue somewhere until it's deleted. For a gateway that has a
low volume of email activity this isn't a problem but if a large/huge volume
of email is processed, this can be a big problem.
><snip>
> I'd sure like to know a few effective ways to block spam or shut
> off spam. It is IMPOSSIBLE to deal with at the source due to all
> the address spoofing.
True 'nuff, it _is_ IMPOSSIBLE to block this crud at the source, but the
offending messages can be simply deleted. As time goes by, more and more
software mailers are implementing filters to help deal with junk mail. In
fact, most already have some sort of filtering capability.
---
Ed Shannonhouse