The bastards are back
Chris Newport
3000+ bounce messages this weekend from a spammer forging
From: my demon account.
Grrrrrr.
Chris Manvell
wrote...
>In message <3E0F484F...@NOSPAM.netunix.com>, Chris Newport wrote:
>
>>
>> 3000+ bounce messages this weekend from a spammer forging
>> From: my demon account.
>>
>dictionary attack on my hostname. They all bounce, even the one or two that
>might otherwise be valid, due to the filters.
Me too. I've had somewhere around 1000 messages, subject Tight Teen
Virgins, or summat like that. Envelope Rejection was not use to had to
go for the subject line. Quite a few downloads were that spam and
nothing else. I've complained to Demon about not applying spam filters
(there was a thread on this earlier) and told them that I will have to
consider moving elsewhere if they don't sort this prevalent and
increasingly irritating problem out.
All the best,
Chris
--
Chris Manvell Email: <ch...@manvell.org.uk>, Fax:0870-056 8081
URLs: www.manvell.org.uk/, www.breacais.demon.co.uk/, manvell/20m.com/
ABS(ESE):/abs/>, DAYSPRING:/dayspring/>, UK BAHA'I DIRECTORY: /lynx/>
ISLANDS OF THE NORTH SEA: /islands/>, SAPLING PUBLICATIONS: /sapling/>
SGRIOBTIUREAN CREIDIMH NAM BAHA-I (Scots and Irish Gaelic with English
Translations) <http://www.breacais.demon.co.uk/gaelic/>
Baha'i community of Skye: <http://bahai.community.skye.co.uk>
Julia Jones
Address in.sig} <noone$@llondel.org> writes
>> From: my demon account.
>>
>dictionary attack on my hostname. They all bounce, even the one or two that
>might otherwise be valid, due to the filters.
Porn spammer? It appears that teen sluts are convinced that lots of
people at jajones.demon.co.uk want to see them in action.
I've also just had something that looks suspiciously like the first
bounce from a joe job. It's actually to one of my real, harvested
addresses, rather than one of the made-up ones that have been used in
the major attacks I've had. I'm not sure yet whether this is a good or
bad sign...
--
Julia Jones
The suespammers.org mail server is located in California; do not send
unsolicited bulk e-mail or unsolicited commercial e-mail to my suespammers.org
address.
Stephen Henson
jaj...@suespammers.org says...
> In article <1443734.T...@robinton.llondel.org>, Dave {Reply
> Address in.sig} <noone$@llondel.org> writes
> >In message <3E0F484F...@NOSPAM.netunix.com>, Chris Newport wrote:
> >
> >>
> >> 3000+ bounce messages this weekend from a spammer forging
> >> From: my demon account.
> >>
> >I've currently got the opposite, someone's doing a (fortunately limited)
> >dictionary attack on my hostname. They all bounce, even the one or two that
> >might otherwise be valid, due to the filters.
>
> Porn spammer? It appears that teen sluts are convinced that lots of
> people at jajones.demon.co.uk want to see them in action.
>
I've received loads of those too and lots of US only mortgage stuff.
As well as the idiotic dictionary attack I'm getting a whole load of
attempts to spam message ids from some of my old emails.
I checked in some of my old email archives and it seems like the bulk of
this message id spam was harvested from a public mailing list and
various postings I made in 1998!
Steve.
Chris Newport
>
> I've also just had something that looks suspiciously like the first
> bounce from a joe job. It's actually to one of my real, harvested
> addresses, rather than one of the made-up ones that have been used in
> the major attacks I've had. I'm not sure yet whether this is a good or
> bad sign...
Mine are a definite joe job.
From: Madeup Name <my.harvested.address>
The harvested address is my demon.co.uk hostname which I have not used
for about 4 years because I have netunix.com on the same account.
Most are spams for a loan origination training scheme website.
Andrea J Chee
<ch...@manvell.org.uk> writes
>Me too. I've had somewhere around 1000 messages, subject Tight Teen
>Virgins, or summat like that.
"Tight virgin teens on cam" by any chance? You and me both. In their
hundreds. Seemed to start around Christmas Day and hasn't stopped yet.
Many LARTs sent.
- ANDREA
--
^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^
<and...@bloodaxe.com> http://www.bloodaxe.com/
Bloodaxe's History Links: http://www.geocities.com/Athens/5055/
The Loony Bin Archive: http://loonies.net800.co.uk/
Julia Jones
<and...@bloodaxe.com> writes
>In article <0BwSsBCm...@breacais.demon.co.uk>, Chris Manvell
><ch...@manvell.org.uk> writes
>
>>Me too. I've had somewhere around 1000 messages, subject Tight Teen
>>Virgins, or summat like that.
>
>"Tight virgin teens on cam" by any chance? You and me both. In their
>hundreds. Seemed to start around Christmas Day and hasn't stopped yet.
>Many LARTs sent.
>
non-existent usernames.
j
David James
jaj...@suespammers.org "Julia Jones" wrote:
[snip]
>Dat's der bunny. It's been sent to a truly weird selection of
>non-existent usernames.
<aol>
me too!
</aol>
I'd really like to understand the, as you say, truly weird selection
of non-existent usernames.
--
David James
mailto:da...@tcs01.demon.co.uk
Special Stage Rally results archive <URL:http://www.tcs01.demon.co.uk/>
Tim Guy
> >>Virgins, or summat like that.
> >
> >"Tight virgin teens on cam" by any chance? You and me both. In their
> >hundreds. Seemed to start around Christmas Day and hasn't stopped yet.
> >Many LARTs sent.
> >
> Dat's der bunny. It's been sent to a truly weird selection of
> non-existent usernames.
>
> j
> --
> Julia Jones
> The suespammers.org mail server is located in California; do not send
> unsolicited bulk e-mail or unsolicited commercial e-mail to my
suespammers.org
> address.
Ditto here. Every run of it comes from a different spoofed source!
Tim
Tim Guy
> this message id spam was harvested from a public mailing list and
> various postings I made in 1998!
I'm now getting mail to one alas that I set up 3 months ago to mail 2 pieces
to a alt.local.x group.
A month later, this account gets nearly as much spam as my normal alas.
Also, it annoys me that the bottom of the mail it says my address came from
a list of addresses that agree to receive stuff. B@llocks it is!
Tim
David G. Bell
<MPG.1879ab165...@news.demon.co.uk>
she...@drh-consultancy.demon.co.uk "Stephen Henson" wrote:
Checking my logs, I had a load of invalid-UserID spams from pussy.com
(which is unlikely to have any feline content, I think), as well as
mail.com, yahoo.com, and netzero.net
Since invalid-UserID gets bounced at the SMTP level, I've no header
info, the apparent source may have been faked, and some poor buggers
could be getting full mailboxes.
--
David G. Bell -- SF Fan, Filker, and Punslinger.
"Let me get this straight. You're the KGB's core AI, but you're afraid
of a copyright infringement lawsuit over your translator semiotics?"
From "Lobsters" by Charles Stross.
Alan Hourihane
news:P$R9CxU$87D+...@bloodaxe.demon.co.uk...
> In article <0BwSsBCm...@breacais.demon.co.uk>, Chris Manvell
> <ch...@manvell.org.uk> writes
>
> >Me too. I've had somewhere around 1000 messages, subject Tight Teen
> >Virgins, or summat like that.
>
> "Tight virgin teens on cam" by any chance? You and me both. In their
> hundreds. Seemed to start around Christmas Day and hasn't stopped yet.
> Many LARTs sent.
Same problem here. Really getting to me.
Can Demon add a bounce option to webmail ?
Alan.
JD
I have had loads of SPAM this holiday periiod too. The one about tight
virgins (in the subject header). I have also seen some copy cat mails from
this as well, different mail address but same subject.
It's a real shame that Demon REFUSE to do something about this. It's bloody
obvious to me that this is spam and it should be to them as well. If they
just blocked it at their perimeter then maybe there would be less traffic on
the network and then we would all be happy.
Pretty miffed
JD
"Stephen Henson" <she...@drh-consultancy.demon.co.uk> wrote in message
news:MPG.1879ab165...@news.demon.co.uk...
Matt Johnson
<jonathon@Stoneditch_AUNTY_SPAM_.com> writes
>It's a real shame that Demon REFUSE to do something about this. It's bloody
>obvious to me that this is spam and it should be to them as well. If they
>just blocked it at their perimeter then maybe there would be less traffic on
>the network and then we would all be happy.
You think one single algorithm can decide what *every single Demon
subscriber* considers as spam? What happens if the Demon spam filter
happens to nuke a vitally important piece of mail for your business,
costing you $bignum? It would be lunacy for Demon to do any such thing.
Anyway, I think for Demon to do that might do bad things to their status
(if they have it) as a common carrier.
--
Matt Johnson <mailto:ma...@guysfield.demon.co.uk>
David D Stretch
--
David D Stretch: Stoke-on-Trent, UK.
leo vegoda
wrote:
[...]
> You think one single algorithm can decide what *every single Demon
> subscriber* considers as spam? What happens if the Demon spam filter
> happens to nuke a vitally important piece of mail for your business,
> costing you $bignum? It would be lunacy for Demon to do any such thing.
They could provide user configurable spam filters, though. They
could even provide documentation explaining the risks and benefits
of filtering. As long as people have the choice (not) to use them
everyone should be happy, no?
> Anyway, I think for Demon to do that might do bad things to their status
> (if they have it) as a common carrier.
Do you mean this:
http://www.davros.org/legal/carriers.html ?
Regards,
-leo
G.
> I'm now getting mail to one alas that I set up 3 months ago to mail 2 pieces
> to a alt.local.x group.
>
> A month later, this account gets nearly as much spam as my normal alas.
>
> Also, it annoys me that the bottom of the mail it says my address came from
> a list of addresses that agree to receive stuff. B@llocks it is!
I've been hit in the same way by some bastards spamming for some
anti-aging snake-oil http://www.pureghr.com/ who say at the bottom of
the UCE :
'PureGHR.com is a respectable firm and is not involved in unsolicited
email sending of any kind. Our strict policies forbid any spam
activities and you are receiving this email because you, or someone on
your behalf have opted-in to one of our online services, or to one of
our partners and expressed a direct interest in services of this
category. If you would like to unsubscribe your e-mail address from our
mailing list, we will do this for you. Please CLICK HERE and type in
your e-mail address on the form given to you.'
They've put a variant of my demon hostname in the from and return-path
and I've had loads of bounce messages from all over the world
- so far 20Mb worth and still coming in. (Had another 30 odd while
typing this!)
I'm receiving the same advert from other addresses, presumably also victims
of same technique.
My concern is that some ISPs will now put a block on anything from
myhostname.demon.co.uk as it will be blacklisted as a major spam source.
Anyone know if this is probable?
Cheers,
Godfrey
(to reply by email remove the nospam and space from gb99@qich
ina.nospamdemon.co.uk)
David Morris
>In a message dated Sun, 29 Dec 2002, Dave {Reply Address in.sig}
>wrote...
>>In message <3E0F484F...@NOSPAM.netunix.com>, Chris Newport wrote:
>>
>>>
>>> 3000+ bounce messages this weekend from a spammer forging
>>> From: my demon account.
>>>
>>I've currently got the opposite, someone's doing a (fortunately limited)
>>dictionary attack on my hostname. They all bounce, even the one or two that
>>might otherwise be valid, due to the filters.
>
>Me too. I've had somewhere around 1000 messages, subject Tight Teen
>Virgins, or summat like that.
<aol>
Me too
</aol>
/tight/s & /virgin/s & /teen/s
...as a custom reject rule appears to be working at the moment.
--
David Morris
Chris Hedley
> <aol>
> me too!
> </aol>
>
> I'd really like to understand the, as you say, truly weird selection
> of non-existent usernames.
<aol>
me 3!
</aol>
My best guess is that some genius spammer has, somewhere along the
line, decided to divorce usernames from domain names and give the
resulting mix a good stir for reasons best known to themselves.
Certainly the choice of esoteric usernames is unlikely to guarantee
many positive hits...
Chris.
--
"If the world was an orange it would be like much too small, y'know?" Neil, '84
Currently playing: Sing-Sing - "The Joy Of Sing-Sing"
http://www.chrishedley.com My stuff, including genealogy, other things, etc
JD
news:9557719.gSjXDJWCG6@thefishthatcamewhereeverididgo...
> leo vegoda wrote:
>
> > On Mon, 30 Dec 2002 13:02:09 +0000, (ma...@guysfield.demon.co.uk)
> > wrote:
> >
> > [...]
> >
> >> You think one single algorithm can decide what *every single Demon
> >> subscriber* considers as spam? What happens if the Demon spam filter
> >> happens to nuke a vitally important piece of mail for your business,
> >> costing you $bignum? It would be lunacy for Demon to do any such thing.
> >
> > They could provide user configurable spam filters, though. They
> > could even provide documentation explaining the risks and benefits
> > of filtering. As long as people have the choice (not) to use them
> > everyone should be happy, no?
>
> Internet just waiting to be downloaded, what you are asking for is no less
> than higher subscription fees for everyone else to accomodate your
laziness
> in not exploring them.
> --
> Alistair
I don't see why it would translate into higher costs for the end users.
Since the internal bandwidth would be less as would the disk space taken up
by these mails waiting to be dounloaded from POP and SMTP servers I think
that it would be quite sensible. Surely a rule that said something like
where the same subject appeared in more than (say 5) emails AND from the
same sender could be treated as spam. I'm sure that there would be instances
where this would not work for some people, maybe those that use formmail
scripts that fire off the same subject line. Then again you could modify the
sub header anyway maybe with a date stamp. That would stop demon users from
having dictionary attacks on them. Especially those who are dial-up users.
It would be nice to have some kind of smart web-based interface to deal with
this on a per nodename basis.
JD
Andy
<ma...@guysfield.demon.co.uk> wrote
[
>You think one single algorithm can decide what *every single Demon
>subscriber* considers as spam? What happens if the Demon spam filter
>happens to nuke a vitally important piece of mail for your business,
>costing you $bignum? It would be lunacy for Demon to do any such thing.
I agree - the current flood of irritant emails can be reduced by
rejecting 'virgin', but that's no use if you are a late-train fanatic!
>
>Anyway, I think for Demon to do that might do bad things to their
>status (if they have it) as a common carrier.
They don't - this is a USA concept. See the Great Godfrey Thread for far
more discussion on this than you will want to read.
--
Andy
For Austria & its philately, Lupus, & much else visit
<URL:http://www.kitzbuhel.demon.co.uk/>
Andy
[
>My concern is that some ISPs will now put a block on anything from
>myhostname.demon.co.uk as it will be blacklisted as a major spam
>source. Anyone know if this is probable?
>
will be blacklisted :(
Andy
<c...@ieya.co.REMOVE_THIS.uk> wrote
[
>My best guess is that some genius spammer has, somewhere along the
>line, decided to divorce usernames from domain names and give the
>resulting mix a good stir for reasons best known to themselves.
>Certainly the choice of esoteric usernames is unlikely to guarantee
>many positive hits...
>
of 1-to-say-20 alphanumeric characters" @ "every ISP on the planet" then
what's valid will get through, what's invalid will be stopped somewhere,
ant they aren't paying for it.
Paul Terry
>My best guess is that some genius spammer has, somewhere along the
>line, decided to divorce usernames from domain names and give the
>resulting mix a good stir for reasons best known to themselves.
Quite possibly in order to be able to sell on 600 million email
addresses instead of the usual 6 million.
>Certainly the choice of esoteric usernames is unlikely to guarantee
>many positive hits...
They get bounced by Turnpike here, but not everyone runs software that
can give adequate protection.
--
Paul Terry
Chris Hedley
> I have had loads of SPAM this holiday periiod too. The one about tight
> virgins (in the subject header). I have also seen some copy cat mails from
> this as well, different mail address but same subject.
> It's a real shame that Demon REFUSE to do something about this. It's bloody
> obvious to me that this is spam and it should be to them as well. If they
> just blocked it at their perimeter then maybe there would be less traffic on
> the network and then we would all be happy.
I seem to be getting two with monotonous regularity; as well as the above,
there's also the bloody "free US grants, you qualify,cbh" probable scam
which pops up several times a day.
Well, that and the sodding currentmail.com spams which I've been bouncing
for months now as they're trying to spam a nonexistant user but they won't
take no for an answer, as well as the assorted casinos etc (emailremoves
and friends)
Maybe I'll just pull the plug and relax to a comparatively spam, scam and
hassle-free world without the internet...
Bob Goddard
[...]
> I don't see why it would translate into higher costs for the end users.
> Since the internal bandwidth would be less as would the disk space taken
> up by these mails waiting to be dounloaded from POP and SMTP servers I
> think that it would be quite sensible. Surely a rule that said something
> like where the same subject appeared in more than (say 5) emails AND from
> the same sender could be treated as spam. I'm sure that there would be
You, like others before you have not thought this through thoroughly.
What you have proposed above will delete many valid emails from mailing
lists.
> instances where this would not work for some people, maybe those that use
> formmail scripts that fire off the same subject line. Then again you could
> modify the sub header anyway maybe with a date stamp. That would stop
If you look at a lot of the spam this is what they are doing.
> demon users from having dictionary attacks on them. Especially those who
> are dial-up users. It would be nice to have some kind of smart web-based
> interface to deal with this on a per nodename basis.
> JD
There is nothing that Demon can do. If they delete one valid email from
a billion spam then they open themselves to legal action.
B
Che Guevara
>wrote...
>>In message <3E0F484F...@NOSPAM.netunix.com>, Chris Newport wrote:
>>
>>>
>>> 3000+ bounce messages this weekend from a spammer forging
>>> From: my demon account.
>>>
>>I've currently got the opposite, someone's doing a (fortunately limited)
>>dictionary attack on my hostname. They all bounce, even the one or two that
>>might otherwise be valid, due to the filters.
>
>Me too. I've had somewhere around 1000 messages, subject Tight Teen
>Virgins, or summat like that.
Yes, I had 100s of those in 3 days but today none. how i'd love to be
able to sue the bastards. I'm going to have a go at running Popfile with
Turnpike. It has been discussed in demion.ip.support.turnpike
che
Simon Waters
>
> My theory is that they are all valid usernames somewhere, what's happened is
> that someone is taking a list of usernames and a list of hostnames and is
> combining the two, presumably to see if they can get any more valid
> addresses.
I get spam to SMTP message id's - I guess they look kind of like
e-mail addresses if you're a machine.
I'm sure most of these are made up to fatten out lists of e-mail
addresses that spammer sell.
Some spammers realised long ago that demon will swallow
<anything>@<chosendomain>.demon.co.uk, so if no one looks to
closely they past the immediate "what percentage of a sample of
addresses are bounced" test I assume a naive purchaser would
try.
Hmm only 46 "TIGHT V.....S" in the last 24 hours here.
I recently moved to whitelisting senders with TMDA, which seems
far more effective than my previous approach to trying to filter
based on mail characteristics, but it can be a pain with
automatic e-mail systems that don't use the address you mail
them at in replies. But this only keeps them out of my view, it
doesn't stop my machine running slow as it filters through
dozens of spam messages looking for the handful of genuine
messages.
Simon
AC
<an...@kitzbuhel.demon.co.uk> writes
[...]
> they aren't paying for it
This is the long term problem, isn't it?
If the free culture with the internet moved to making money from
carrying data rather than advertising only (?) then each spam would cost
as much as 0.0001$ - and it would not be economical to send them would
it?
Unfortunately, I really like the free culture with the internet. Or - at
least - I did.
--
Alan Cocks Berkshire UK
For Prostatitis Support in UK - see www.bps-assoc.org.uk
AC
<jaj...@suespammers.org> writes
>It's been sent to a truly weird selection of non-existent usernames.
With a demon account, *anything* sent to the nodename is technically
valid......
AC
<db...@zhochaka.demon.co.uk> writes
>the apparent source may have been faked
Some of the ones I receive appear to come from a yahoo.com address, and
yahoo say it has been forged, and is not an existing account
AC
>My concern is that some ISPs will now put a block on anything from
>myhostname.demon.co.uk as it will be blacklisted as a major spam source.
>Anyone know if this is probable?
I have sent a couple of apologies to ISPs who have been affected (in a
small way) from fraudulent use of my nodename, to hopefully pre-empt bad
reaction.
It could presumably happen to *any* nodename couldn't it - not just
demon? Headers do seem remarkably easy to forge.
AC
Morrison <ne...@fenrir.org.uk> writes
>will cause it to be returned
>as undeliverable
I did reject back a lot of spam at one time, but then I decided that,
although it gave me a lot of satisfaction (!) this was the only benefit,
and I was actually taking up internet bandwidth. So I stopped.
It was good while it lasted though......
--
Alan Cocks Berkshire UK
Paul Wright
Bob Goddard <bib...@hotmail.com> wrote:
>JD wrote:
>[...]
>> Surely a rule that said something like where the same subject
>> appeared in more than (say 5) emails AND from the same sender could
>> be treated as spam. I'm sure that there would be
>
>You, like others before you have not thought this through thoroughly.
>What you have proposed above will delete many valid emails from mailing
>lists.
What's proposed is a little similar to the Distributed Checksum
Clearinghouse or DCC, but the DCC works on the entire message body and
attempts to smooth out some of the variations that spammers put into
messages. What the DCC detects is bulk email. To use it for spam
filtering, you absolutely must whitelist your legitimate sources of bulk
email, such as mailing lists.
If you're running a Unix-like system with fetchmail and Exim, I've a
page on how to set up the DCC at
http://www.verence.demon.co.uk/paul/fetchmaildcc.html
At some point I might get round to producing a plugin for Spampal which
would do DCC filtering. (Spampal is a free filtering POP3 proxy for
Windows, but it uses blacklists rather than bulkiness to filter:
<http://www.spampal.org.uk/>).
>> demon users from having dictionary attacks on them. Especially those
>> who are dial-up users. It would be nice to have some kind of smart
>> web-based interface to deal with this on a per nodename basis. JD
>
>There is nothing that Demon can do. If they delete one valid email from
>a billion spam then they open themselves to legal action.
BTopenworld provide spam filtering, so presumably they don't consider it
likely to open them up to legal action. It's a policy decision by Demon
that they don't interfere with users' mail.
--
Paul Wright | http://pobox.com/~pw201 |
Julia Jones
<aec$ne...@candt.demon.co.uk> writes
>In article <LF$KnMFph...@jajones.demon.co.uk>, Julia Jones
><jaj...@suespammers.org> writes
>
>>It's been sent to a truly weird selection of non-existent usernames.
>
>With a demon account, *anything* sent to the nodename is technically
>valid......
I know. I keep getting spam in Portuguese (I think) from Argentina and
Brazil, all addressed to two message IDs...
--
Julia Jones
The suespammers.org mail server is located in California; do not send
unsolicited bulk e-mail or unsolicited commercial e-mail to my suespammers.org
address.
Che Guevara
Address in.sig} <noone$@llondel.org> writes
>In message <0BwSsBCm...@breacais.demon.co.uk>, Chris Manvell wrote:
>
>> In a message dated Sun, 29 Dec 2002, Dave {Reply Address in.sig}
>> wrote...
>>>In message <3E0F484F...@NOSPAM.netunix.com>, Chris Newport wrote:
>>>
>>>>
>>>> 3000+ bounce messages this weekend from a spammer forging
>>>> From: my demon account.
>>>>
>>>I've currently got the opposite, someone's doing a (fortunately limited)
>>>dictionary attack on my hostname. They all bounce, even the one or two
>>>that might otherwise be valid, due to the filters.
>>
>> Me too. I've had somewhere around 1000 messages, subject Tight Teen
>> go for the subject line. Quite a few downloads were that spam and
>> nothing else. I've complained to Demon about not applying spam filters
>> (there was a thread on this earlier) and told them that I will have to
>> consider moving elsewhere if they don't sort this prevalent and
>> increasingly irritating problem out.
>>
>Why not sort out your own filters, you'll be able to do your own far better
>than any third party.
trouble is, a lot is now getting past the filters. the TEEN SLUT
bombardment of the last few days is an example; a few have been trapped
by the rules I set, but most (hundreds) came into my main mailbox.
che
Simon Waters
>
> What the DCC detects is bulk email. To use it for spam
> filtering, you absolutely must whitelist your legitimate sources of bulk
> email, such as mailing lists.
Unless you only generate the signatures from know spam sources
like unused trap e-mail addresses. You trap less spam, you get
less (no?) false positives.
> BTopenworld provide spam filtering, so presumably they don't consider it
> likely to open them up to legal action. It's a policy decision by Demon
> that they don't interfere with users' mail.
No one has an issue with opt-in, but if Demon change it now for
everyone, and make a mistake it is more tricky than if the terms
and conditions always said "we filter spam - live with it".
Just because BT Openworld do something doesn't mean any ISP
should do it.
AOL filter spam but some Demon subscribers may still have
ambitions to get to Harvard.
Simon Waters
>
> trouble is, a lot is now getting past the filters. the TEEN SLUT
> bombardment of the last few days is an example; a few have been trapped
> by the rules I set, but most (hundreds) came into my main mailbox.
I noticed Mozilla 1.2.1 has finally added an option to apply a
new filter to an existing mailbox - oh I have so wanted that
feature I may even braving the upgrade from Netscape 4 (luddite
that I am).
leo vegoda
wrote:
[...]
> If the free culture with the internet moved to making money from
> carrying data rather than advertising only (?) then each spam would cost
> as much as 0.0001$ - and it would not be economical to send them would
> it?
If you come up with a viable micropayments business you could be
very rich.
Regards,
-leo
Andrea J Chee
<aec$ne...@candt.demon.co.uk> writes
>It could presumably happen to *any* nodename couldn't it - not just
>demon? Headers do seem remarkably easy to forge.
I recall one spamkiller who uses Spamcop to identify the source by IP
saying that he'd been keeping an eye on the difference between the
apparent sources ('from', 'reply to' addresses, etc) and the actual
source IPs, and in less than 1% of cases did the spam actually come from
where it claimed. All the rest were forged. For example, Yahoo or
Hotmail or other similar addresses are seen all the time but are
virtually never the true source. So yeah, it happens all the time to all
sorts of people's addresses.
Some spammers like to use the addresses of spamkillers on purpose - I've
been joejobbed more than once for this reason. Very satisfying. <g>
- ANDREA
--
^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^
<and...@bloodaxe.com> http://www.bloodaxe.com/
Bloodaxe's History Links: http://www.geocities.com/Athens/5055/
The Loony Bin Archive: http://loonies.net800.co.uk/
Paul Terry
<jaj...@suespammers.org> writes
>I keep getting spam in Portuguese (I think) from Argentina and Brazil,
>all addressed to two message IDs...
As a Turnpike user, it would surely be possible for you to reject mail
to those two "users" - after all, no genuine respondent is likely to
address you as a message ID, are they?
--
Paul Terry
leo vegoda
[...]
> > They could provide user configurable spam filters, though. They
> > could even provide documentation explaining the risks and benefits
> > of filtering. As long as people have the choice (not) to use them
> > everyone should be happy, no?
>
> No. When there are well-documented, freely available alternatives on the
> Internet just waiting to be downloaded, what you are asking for is no less
> than higher subscription fees for everyone else to accomodate your laziness
> in not exploring them.
No.
1. If BT can do it for free then I suspect Demon can, too (only
better): http://www.vnunet.com/News/1136137
2. I have perfectly good spam filtering working for me ta very much.
However, I know that some people find spam filtering hard to do.
On the other hand, the old hands at ISPs have a lot of experience
at filtering spam. They should be able to do better than average
for their customers.
I don't see Demon offering spam filtering for free to paying
customers as any different from Demon offering home pages for free
to paying customers.
Regards,
-leo
Andrea J Chee
<c...@ieya.co.REMOVE_THIS.uk> writes
>Certainly the choice of esoteric usernames is unlikely to guarantee
>many positive hits...
Looks to me that they 'borrowed' some real usernames from Usenet or some
such source. Many of them don't look like the usual dictionary attack.
Two of them did actually manage to find their way into real mailboxes of
mine!
Chris Manvell
In a message dated Mon, 30 Dec 2002, Dave {Reply Address in.sig}
wrote...
>Why not sort out your own filters, you'll be able to do your own far
>better than any third party.
I currently have 46 envelope rejection filters and 24 mail rejection
filters - I could easily double this number as recently about 80% of
what gets past them gets to old Ctrl-Alt-J. The other problem is that I
actually found that I was bouncing stuff that was valid due to a badly
defined mail rejection. I would go for white filtering (assuming that
means defining what can be accepted rather than rejected) if is were not
for the fact that, because of the nature of our interests, we get some
mail with misspelt addresses which we would not want to bounce.
>I certainly wouldn't want Demon to do anything to my mail apart from
>pass on anything that arrives. If I need to take any specific action
>against a huge spam run then I can phone them and get a manual delete.
>However, the chances are that my system would just bounce the stuff and
>the first I'd know of it was when I checked the mail logs (which I do
>fairly regularly, along with various other logs).
I guess that really I agree with you about letting everything through
the server, but when 80% of one's "validated" mail is spam it gets
really frustrating having to deal with it. (Most of these 80% are by
the way, unique - i.e. they do not appear to have any common element
that would work with teh Turnpike rejection filters.
Sorry to appear ignorant (OK, I am ignorant) but how do you access these
files?
>None of the spam I mentioned is getting through my filters and I get to
>be aware that something is going on in case I need to take action. I've
>winning 8-0 against today's Nigerian spammer, none have got further
>than the log files. This morning's dictionary spammer also only got
>that far.
The Nigerian stuff is really small beer (I get good stuff from that part
of the world as well :) so does not bother me too much. Not come across
this dictionary spammer so far (or he/she is being filtered out already.
All the best,
Chris
--
Chris Manvell Email: <ch...@manvell.org.uk>, Fax:0870-056 8081
URLs: www.manvell.org.uk/, www.breacais.demon.co.uk/, manvell/20m.com/
ABS(ESE):/abs/>, DAYSPRING:/dayspring/>, UK BAHA'I DIRECTORY: /lynx/>
ISLANDS OF THE NORTH SEA: /islands/>, SAPLING PUBLICATIONS: /sapling/>
SGRIOBTIUREAN CREIDIMH NAM BAHA-I (Scots and Irish Gaelic with English
Translations) <http://www.breacais.demon.co.uk/gaelic/>
Baha'i community of Skye: <http://bahai.community.skye.co.uk>
leo vegoda
[...]
> > They could provide user configurable spam filters, though. They
> > could even provide documentation explaining the risks and benefits
> > of filtering. As long as people have the choice (not) to use them
> > everyone should be happy, no?
> >
> Work out the processing power needed for this. My current killfile has 600
> or so lines in it. My filter program attempts to reduce some of the header
> matching so that it is not necessary to match all headers against all
> header killfile entries but that's still a lot of lines to scan per email.
> Then there's the body scan stuff, every line in that part of the killfile
> has to be checked against every line in the body of the incoming message.
> Now take that and multiply it by every message arriving at Demon, then
> consider how much they'd have to spend on suitable processing.
I'm not suggesting it's easy. If it was easy then customers would do
it themselves! The fact that it is difficult is why you go to an
expert. If an ISP expects every 12 y.o child, accountant and personal
trainer who happens to be a customer to filter their own spam then
they've excluded themsleves from the mass market.
Earthlink provide free spam filtering software (no doubt supported).
BT provide spam filtering.
Do you assume that Demon do not want to steal customers from their
competitors?
Regards,
-leo
leo vegoda
[...]
> > They could provide user configurable spam filters, though. They could even
> > provide documentation explaining the risks and benefits of filtering. As
> > long as people have the choice (not) to use them everyone should be happy,
> > no?
>
> No, with something as complex as spam filtering can you imagine the
> support load on Demon if they provide it as a supported service?
>
> Or even as an unsupported one?
I've managed to avoid doing support so far. I guess there would be a
steep learning curve, though.
Regards,
-leo
>
Ben Newsam
header saying 'Krill Protection League'
>> carrying data rather than advertising only (?) then each spam would cost
>> as much as 0.0001$ - and it would not be economical to send them would
>> it?
>
>If you come up with a viable micropayments business you could be
>very rich.
Indeed. Very true. Legalised salami slicing.
--
Ben
Chris Manvell
>On Sun, 29 Dec 2002 23:52:06 +0000, in article
><0BwSsBCm...@breacais.demon.co.uk> Chris Manvell
><ch...@manvell.org.uk> wrote:
>
>> Envelope Rejection was not use to had to go for the subject line.
>
>extant user names?
That is an option. Unfortunately we get a fair amount of (to us)
important mail from overseas and often find that the e-mail addresses
have been mistyped. Obviously if teh domain is incorrect there is
nothing we can do about it but a message for Dayspring addressed to
"dysping@breacais..." would be rejected and I don't want to do that if I
can possibly avoid it.
>> Quite a few downloads were that spam and nothing
>> else. I've complained to Demon about not applying spam filters (there
>> was a thread on this earlier) and told them that I will have to consider
>> moving elsewhere if they don't sort this prevalent and increasingly
>> irritating problem out.
>But how will Demon know you don't want the mail? They simply take
>everything addressed to <anything>@breacais.demon.co.uk and send it to
>you. It's up to you to decide what you don't want, and if you have mail to
>non-existent users then a simple 5xx response will cause it to be returned
>as undeliverable.
I am not fussed about single spam items, it would be very difficult for
Demon to filter those. However, there must be cases where Demon could
be aware of mass mailings that are obviously not solicited, and an
OPTION to opt of mass mailings detected would suit me, while others my
prefer to do it themselves. However, I also appreciate that this means
money in developing the software etc. so doubt it would actually happen
anyway.
>I certainly don't want Demon doing my spam filtering for me, I find that a
>combination of defences in Exim to weed out invalid From: addresses and
>spamassassin to deal with correctly addressed spam is quite effective.
>Demon could do this, but it would have to be selective so that only those
>customers that wanted it would be affected. This filtering would then have
>to be done on the mail spool contents and require your express permission
>to avoid falling foul of recent laws on interception and modification of
>data.
>
>Have you considered running spamassassin or similar? The only real problem
>is that the mail spool tends to be slow with masses of mail to be
>delivered or rejected. Of course Demon could allow multiple connections
>from each put again, I'm sure the old TCPIP stacks that couldn't cope with
>this are a thing of the past now aren't they?
Thanks for the tips Brian - I have marked your message kept and will
investigate them further. I haven't really done anything other than set
up spam filters (see my post in another branch of this thread) as I have
other (non-computer) problems at the moment. However in the past few
months things have started getting worse. Granted TP has good filtering
and I may have to investigate it further.
Anyway, thanks for you response, it is very welcome.
All the best,
Chris
--
Chris Manvell, Isle of Skye, Scotland. Fax.:+44+(0)870 056 8081
Baha'i Faith Pages from Skye: http://www.breacais.demon.co.uk/
"We testify that when He (Christ) came into the world, He shed the
splendour of His glory upon all created things. Through His power, born
of Almighty God, the eyes of the blind were opened, and the soul of the
sinner sanctified." [Gleanings from the Writings of Baha'u'llah, XXXVI]
Paul Terry
<ch...@manvell.org.uk> writes
>In a message dated Mon, 30 Dec 2002, Brian Morrison wrote...
>>I see you use Turnpike, can you not set it to reject mail for other than
>>extant user names?
>That is an option. Unfortunately we get a fair amount of (to us)
>important mail from overseas and often find that the e-mail addresses
>have been mistyped.
I have a lot of sympathy with that view, but usually any one of these
particular spam episodes is very short-lived.
Here (and as fellow Turnpike users) we have taken the decision to bounce
everything with a reverse path of kara* over the next few days. I
wouldn't want to make this a permanent rule, but as we are in any case
ostensibly closed until the new year (and the start of the reverse path
is at least a little unusual) I have no objection to this strategy -
hundreds of "her" messages have accordingly been avoided.
>Obviously if teh domain is incorrect there is nothing we can do about
>it but a message for Dayspring addressed to "dysping@breacais..." would
>be rejected and I don't want to do that if I can possibly avoid it.
Well, you could always use a Turnpike routeing rule instead of a
Turnpike rejection rule - these messages seemed to be so similar that
I'm sure any genuine one would stand out if all routed into the same
folder, given TP's column-sorting. And once there, it is very easy to
check then delete en masse.
--
Paul Terry
Julia Jones
<{$news_02$}@musonix.demon.co.uk> writes
happy to feed the Spamcop statistics...
michael lefevre
> JD wrote:
> [...]
>> I don't see why it would translate into higher costs for the end users.
>> Since the internal bandwidth would be less as would the disk space taken
>> up by these mails waiting to be dounloaded from POP and SMTP servers I
>> think that it would be quite sensible. Surely a rule that said something
>> like where the same subject appeared in more than (say 5) emails AND from
>> the same sender could be treated as spam. I'm sure that there would be
>
> You, like others before you have not thought this through thoroughly.
> What you have proposed above will delete many valid emails from mailing
> lists.
so you combine it with a whitelist...
>> instances where this would not work for some people, maybe those that use
>> formmail scripts that fire off the same subject line. Then again you could
>> modify the sub header anyway maybe with a date stamp. That would stop
>
> If you look at a lot of the spam this is what they are doing.
>
>> demon users from having dictionary attacks on them. Especially those who
>> are dial-up users. It would be nice to have some kind of smart web-based
>> interface to deal with this on a per nodename basis.
>> JD
>
> There is nothing that Demon can do. If they delete one valid email from
> a billion spam then they open themselves to legal action.
rubbish. legal action on what grounds? following similar logic, you could
say they would be opening themselves to legal action if they don't
achieve 100% reliability on all services. as long as they don't claim to
be providing a perfect service, then it's not a problem... they could
refuse service to anyone called Bob and still be quite within the law.
they could provide user-configurable filters without any legal problems,
although it would involve expense. they could also do less aggressive
blanket filtering, which would probably reduce rather than increase cost
of the email service. lots of other ISPs do one or the other... what
Demon decide is a business decision based on providing what they think
customers want...
--
michael
Andy
<jonathon@Stoneditch_AUNTY_SPAM_.com> wrote
[
> Surely a rule that said something like
>where the same subject appeared in more than (say 5) emails AND from the
>where this would not work for some people, maybe those that use formmail
>scripts that fire off the same subject line.
Doesn't look promising. I take today's crop of Kara, trimming log
entries like "Mon, 30 Dec 2002 12:03:09 Message for
<bad...@kitzbuhel.demon.co.uk> from <Kara_...@yahoo.com> rejected on
content" to save space.
Sorting by sender gives the following list, in which no sender occurs
more than three times:
<evil...@kitzbuhel.demon.co.uk> from <Kara_...@pussy.com>
<evill...@kitzbuhel.demon.co.uk> from <Kara_...@pussy.com>
<fa...@kitzbuhel.demon.co.uk> from <Kara_...@pussy.com>
<don-s...@kitzbuhel.demon.co.uk> from <Kara_...@mail.com>
<do...@kitzbuhel.demon.co.uk> from <Kara_...@mail.com>
<a1...@kitzbuhel.demon.co.uk> from <Kara_...@yahoo.com>
<aabel...@kitzbuhel.demon.co.uk> from <Kara_...@yahoo.com>
<a...@kitzbuhel.demon.co.uk> from <Kara_...@yahoo.com>
<da...@kitzbuhel.demon.co.uk> from <Kara_...@mail.com>
<dar...@kitzbuhel.demon.co.uk> from <Kara_...@mail.com>
<de4...@kitzbuhel.demon.co.uk> from <Kara_...@mail.com>
<carl...@kitzbuhel.demon.co.uk> from <Kara_...@yahoo.com>
<cckb...@kitzbuhel.demon.co.uk> from <Kara_...@yahoo.com>
<denni...@kitzbuhel.demon.co.uk> from <Kara_...@pussy.com>
<densa...@kitzbuhel.demon.co.uk> from <Kara_...@pussy.com>
<bobseitz...@kitzbuhel.demon.co.uk> from <Kara_...@yahoo.com>
<fra...@kitzbuhel.demon.co.uk> from <Kara_...@juno.net>
<cor...@kitzbuhel.demon.co.uk> from <Kara_...@mail.com>
<gmo...@kitzbuhel.demon.co.uk> from <Kara_...@pussy.com>
<in...@kitzbuhel.demon.co.uk> from <Kara_...@eudoramail.com>
<bad...@kitzbuhel.demon.co.uk> from <Kara_...@eudoramail.com>
<bas...@kitzbuhel.demon.co.uk> from <Kara_...@eudoramail.com>
<cry...@kitzbuhel.demon.co.uk> from <Kara_...@juno.net>
<da...@kitzbuhel.demon.co.uk> from <Kara_...@juno.net>
<dar...@kitzbuhel.demon.co.uk> from <Kara_...@juno.net>
<cry...@kitzbuhel.demon.co.uk> from <Kara_...@yahoo.com>
<bad...@kitzbuhel.demon.co.uk> from <Kara_...@yahoo.com>
<bas...@kitzbuhel.demon.co.uk> from <Kara_...@yahoo.com>
<helo...@kitzbuhel.demon.co.uk> from <Kara_...@mail.com>
<hen...@kitzbuhel.demon.co.uk> from <Kara_...@mail.com>
<hflor...@kitzbuhel.demon.co.uk> from <Kara_...@mail.com>
I also note that Kara has recruited Megan to assist with the typing...
--
Andy
For Austria & its philately, Lupus, & much else visit
<URL:http://www.kitzbuhel.demon.co.uk/>
Bob Brewer
<db...@zhochaka.demon.co.uk> wrote:
>
>Checking my logs, I had a load of invalid-UserID spams from pussy.com
>(which is unlikely to have any feline content, I think), as well as
>mail.com, yahoo.com, and netzero.net
>
So far I have bounced about 110 of these which started on 15 December. As
well as the From-addresses above my logs show earthlink.net, eudoramail.com,
juno.net and pussy.com.
>Since invalid-UserID gets bounced at the SMTP level, I've no header
>info, the apparent source may have been faked, and some poor buggers
>could be getting full mailboxes.
>
From the one I have trapped the spam contains multiple To-addresses most of
which are invalid and are causing the bounces.
The body is base 64 encoded and refers you to a russian site at
This particular spam originates from a bellsouth adsl source, presumably an
open proxy. I suspect the others are from other open proxies.
LARTS sent to:
ab...@bellsouth.net
sn...@paranoia.ru
al...@paranoia.ru
ts...@forest.pu.ru
*** Headers*****
Received: from punt-1.mail.demon.net by mailstore for ?@grantura.demon.co.uk
id 1041225638:10:16273:19; Mon, 30 Dec 2002 05:20:38 GMT
Received: from adsl-065-082-177-061.sip.mia.bellsouth.net ([65.82.177.61])
by punt-1.mail.demon.net id aa1016066; 30 Dec 2002 5:20 GMT
Received: from [122.181.182.185] by
mailout2-eri1.midmouth.com with NNFMP; Sun, 29 Dec 2002 20:20:15 +0200
Received: from unknown (HELO rly-yk05.pesdets.com) (134.225.74.160)
by symail.kustanai.co.kr with SMTP; Sun, 29 Dec 2002 22:16:15 +0400
Received: from unknown (HELO sydint1.microthink.com.au) (131.126.181.151)
by rly-xw01.otpalo.com with SMTP; Mon, 30 Dec 2002 02:12:15 +0300
Reply-To: <Kara_...@pussy.com>
Message-ID: <015b84b68b6b$2488c6a3$2ec53db2@pbrhcw>
From: <Kara_...@pussy.com>
To: <ren...@grantura.demon.co.uk>,
<reno...@grantura.demon.co.uk>,
<rich...@grantura.demon.co.uk>,
<*munged*@grantura.demon.co.uk>,
<sei...@grantura.demon.co.uk>,
<sene...@grantura.demon.co.uk>,
<ser...@grantura.demon.co.uk>,
<slin...@grantura.demon.co.uk>,
<surf...@grantura.demon.co.uk>,
<tab...@grantura.demon.co.uk>,
<tempt...@grantura.demon.co.uk>,
<thomj...@grantura.demon.co.uk>,
<tho...@grantura.demon.co.uk>,
<tund...@grantura.demon.co.uk>,
<tyr...@grantura.demon.co.uk>,
<zsg...@grantura.demon.co.uk>,
<zya...@grantura.demon.co.uk>
Subject: TIGHT VIRGIN TEENS ON CAM <===8 Igyq U
Date: Mon, 30 Dec 2002 03:56:26 +0100
MiME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_00A5_22B62B4B.D1165A84"
X-Priority: 1 (High)
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
------=_NextPart_000_00A5_22B62B4B.D1165A84
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: base64
Rgds
Bob
--
David G. Bell
<QUc8E1BR...@guysfield.demon.co.uk>
ma...@guysfield.demon.co.uk "Matt Johnson" wrote:
> In message <aupcgl$rum$1$8300...@news.demon.co.uk>, JD
> <jonathon@Stoneditch_AUNTY_SPAM_.com> writes
> >It's a real shame that Demon REFUSE to do something about this. It's bloody
> >obvious to me that this is spam and it should be to them as well. If they
> >just blocked it at their perimeter then maybe there would be less traffic on
> >the network and then we would all be happy.
>
> You think one single algorithm can decide what *every single Demon
> subscriber* considers as spam? What happens if the Demon spam filter
> happens to nuke a vitally important piece of mail for your business,
> costing you $bignum? It would be lunacy for Demon to do any such thing.
Is it really impossible for Demon, as with every other sane ISP which
offers such a service, to make it a customer selectable option?
> Anyway, I think for Demon to do that might do bad things to their status
> (if they have it) as a common carrier.
What status? (Be careful, "common carrier" in the context of ISPs is
usually taken to be the American meaning, which isn't the same as in UK
law.)
--
David G. Bell -- SF Fan, Filker, and Punslinger.
"Let me get this straight. You're the KGB's core AI, but you're afraid
of a copyright infringement lawsuit over your translator semiotics?"
From "Lobsters" by Charles Stross.
David G. Bell
<9557719.gSjXDJWCG6@thefishthatcamewhereeverididgo>
alis...@lgeezer.net "Alistair Mann" wrote:
> leo vegoda wrote:
>
> > On Mon, 30 Dec 2002 13:02:09 +0000, (ma...@guysfield.demon.co.uk)
> > wrote:
> >
> > [...]
> >
> >> You think one single algorithm can decide what *every single Demon
> >> subscriber* considers as spam? What happens if the Demon spam filter
> >> happens to nuke a vitally important piece of mail for your business,
> >> costing you $bignum? It would be lunacy for Demon to do any such thing.
> >
> > They could provide user configurable spam filters, though. They
> > could even provide documentation explaining the risks and benefits
> > of filtering. As long as people have the choice (not) to use them
> > everyone should be happy, no?
>
> No. When there are well-documented, freely available alternatives on the
> Internet just waiting to be downloaded, what you are asking for is no less
> than higher subscription fees for everyone else to accomodate your laziness
> in not exploring them.
Are you on broadband?
Something like a hundred spams hitting the piece of wet string that BT
call a phone line is going to mess up my use of the Internet for a
while.
I've only had 691 hit an unknown-UserID since the 5th December, but
that's out of 1722 incoming emails. Another 509 were stopped by my
mailkill filtering.
Of the remainder, 117 were from mailing lists and known-to-me
correspondents.
489 were other material, less than 10% of which was non-spam.
Over 93% of my incoming email is spam. A little more than 2/3 is
rejected by me, in ways which may affect innocent third parties.
Can Demon really do nothing?
Should they do nothing?
news
<l...@news.lurve.org> writes
>Earthlink provide free spam filtering software
Pity it doesn't stop the spam generated via Earthlink
--
David Lawson
Richard Clayton
<ch...@manvell.org.uk> writes
>I am not fussed about single spam items, it would be very difficult for
>Demon to filter those. However, there must be cases where Demon could
>be aware of mass mailings that are obviously not solicited
reading your email (and possibly someone else's to see if it's much the
same as yours) is likely to be (a) expensive and error-prone, (b) an
intrusion into your privacy and (c) [some argue] an offence under the
Regulation of Investigatory Powers Act 2000
>, and an
>OPTION to opt of mass mailings detected would suit me, while others my
>prefer to do it themselves.
it is hard to distinguish between bulk unsolicited email and large
(opted into) mailing lists. Some mailing lists have many thousands of
Demon subscribers :(
--
richard writing to inform and not as company policy
"Assembly of Japanese bicycle require great peace of mind" quoted in ZAMM
Richard Clayton
itch_AUNTY_SPAM_.com> writes
[of spam filtering]
>I don't see why it would translate into higher costs for the end users.
because the companies selling these services charge (and non-trivial
amounts per "seat") ....
I can't immediately locate a quote price for a service such as Star's
"CleanMail Anti-Spam". Gradwell charges five pounds/pa per username.
You may wish to investigate the costs for yourself -- at which point
you'll understand the attraction of freeware solutions :)
Andy
Morrison <ne...@fenrir.org.uk> wrote
[
>I see you use Turnpike, can you not set it to reject mail for other than
>extant user names?
>
as a typo for 'brian' will be bounced. Each user must make that decision
for her/himself.
Leon
>I have had loads of SPAM this holiday periiod too. The one about tight
>virgins (in the subject header). I have also seen some copy cat mails from
>this as well, different mail address but same subject.
>It's a real shame that Demon REFUSE to do something about this. It's bloody
>obvious to me that this is spam and it should be to them as well. If they
>just blocked it at their perimeter then maybe there would be less traffic on
>the network and then we would all be happy.
>JD
>
<Quoted content Under post sniped>
Personally I'm more than happy that Demon doesn't screw with my email in
anyway whatsoever and I suspect that plenty of users feel this way. Why
not just setup a decent filtering system yourself if it bothers you that
much?
--
Leon Coles
Bother said Pooh as his mail server melted
Please note Bitbucket@jlcoles... is rarely checked
Please use Leon @ the same domain to reach me
David G. Bell
<slrnb114m...@toybox.amsterdamned.org>
l...@news.lurve.org "leo vegoda" wrote:
It's sort of interesting to figure out the groups of people who could
lose out in a big way to a working micropayments system. It would, for
instance, put the RIAA and the spammers on one side, and independent
music producers with Microsoft (think software rental) on the other.
Graham Walter
> LARTS sent to:
>
>ab...@bellsouth.net
>sn...@paranoia.ru
>al...@paranoia.ru
>ts...@forest.pu.ru
You might like to also LART:
abuse at ipnet.ru
postmaster at ipnet.ru
(for the IP addr, although I doubt these will do any good)
abuse at sovam.com
(for the connectivity, not sure about this doing any good)
abuse at trueserver.nl for http://pluginaccess.com/Browser-Plugin.exe
(the dialler that is the payload)
secretariat at icstis.org.uk
as the payload is a porn dialler, they should be interested,
especially if lots of people complain to them.
Cheers
Graham
--
Isn't it wonderful to think that one day this tiny acorn will grow into a mighty ash.
Paul Wright
Simon Waters <Si...@wretched.demon.co.uk> wrote:
>Paul Wright wrote:
>>
>> What the DCC detects is bulk email. To use it for spam
>> filtering, you absolutely must whitelist your legitimate sources of bulk
>> email, such as mailing lists.
>
>Unless you only generate the signatures from know spam sources
>like unused trap e-mail addresses. You trap less spam, you get
>less (no?) false positives.
You could do that, as long as your domain has enough spamtraps to make
this work (you can't trust a public system of shared spamtraps).
The advantage of a public system is that it traps more spam by just
counting each message rather than relying on spam getting an infinite
count by hitting a spamtrap. It's not clear that you get no false
positives: some badly run lists will probably end up containing both
your spamtrap and also the addresses of people who really did subscribe.
That's one reason why I don't like Razor/Cloudmark as much as the DCC
(the other being that you can't trust a public system of shared
spamtraps).
>> BTopenworld provide spam filtering, so presumably they don't consider it
>> likely to open them up to legal action. It's a policy decision by Demon
>> that they don't interfere with users' mail.
>
>No one has an issue with opt-in, but if Demon change it now for
>everyone, and make a mistake it is more tricky than if the terms
>and conditions always said "we filter spam - live with it".
>
>Just because BT Openworld do something doesn't mean any ISP
>should do it.
No, but it probably means they've looked at the legal position. I
wouldn't support Demon making their filtering compulsory for all users,
as I do my own filtering.
>AOL filter spam but some Demon subscribers may still have
>ambitions to get to Harvard.
Indeed. The right thing to do there would be to create an alias for your
university application and ensure that it's never filtered.
--
Paul Wright | http://pobox.com/~pw201 |
John Appleyard
Richard Clayton wrote:
> In article <8g0AkcCr...@breacais.demon.co.uk>, Chris Manvell
> <ch...@manvell.org.uk> writes
>
>
>>I am not fussed about single spam items, it would be very difficult for
>>Demon to filter those. However, there must be cases where Demon could
>>be aware of mass mailings that are obviously not solicited
>
>
> reading your email (and possibly someone else's to see if it's much the
> same as yours) is likely to be (a) expensive and error-prone, (b) an
> intrusion into your privacy and
Nobody is suggesting that a human reads the emails, and if we're talking
about computer programs that read emails, I suggest that any mail server
does that.
(c) [some argue] an offence under the
> Regulation of Investigatory Powers Act 2000
>
>
>>, and an
>>OPTION to opt of mass mailings detected would suit me, while others my
>>prefer to do it themselves.
>
>
> it is hard to distinguish between bulk unsolicited email and large
> (opted into) mailing lists. Some mailing lists have many thousands of
> Demon subscribers :(
>
Surely the particular example that is the subject of this thread would
be easy enough to spot? It would be something if we could eliminate the
unambiguous cases.
In the longer term, ISPs need to do something about this - perhaps by
first identifying, and later refusing mail without a verifiable pedigree
- something like enforced, but simplified, PGP (I'm no expert, but if
that requires extensions to email protocols, then it's time to work out
what they should be).
If the Post Office distributed unsolicited hard-core pornography - much
of it addressed to minors - on the scale currently afflicting the
Internet, public outcry would force them to do something about it.
Email won't come of age until the market weeds out Internet anarchists
who claim that the problem is "insoluble".
--
JA
Jim Crowther
>If BT can do it
They can't with better than ~95% accuracy. Use client-side tools which
can possibly do better than that, and don't lose you that important
Korean (or Demon) contract...
--
Jim Crowther "It's MY computer" (tm)
Spam no longer a problem: <http://popfile.sourceforge.net/>
Richard Clayton
<ne...@3feet.co.uk> writes
>Richard Clayton wrote:
>> In article <8g0AkcCr...@breacais.demon.co.uk>, Chris Manvell
>> <ch...@manvell.org.uk> writes
>>
>>
>>>I am not fussed about single spam items, it would be very difficult for
>>>Demon to filter those. However, there must be cases where Demon could
>>>be aware of mass mailings that are obviously not solicited
>>
>> reading your email (and possibly someone else's to see if it's much the
>> same as yours) is likely to be (a) expensive and error-prone, (b) an
>> intrusion into your privacy and
>
>Nobody is suggesting that a human reads the emails
so when you write "Demon" you mean a magical program that can tell the
difference between solicited and unsolicited email ?
the rest of the thread should indicate how plausible this appears to the
people who've thought about this before :(
>> it is hard to distinguish between bulk unsolicited email and large
>> (opted into) mailing lists. Some mailing lists have many thousands of
>> Demon subscribers :(
>>
>
>Surely the particular example that is the subject of this thread would
>be easy enough to spot?
why ? what makes it clearly unsolicited ?
it's got a lot of tell-tale signs I agree [does someone have the Spam
Assassin score for it?] but that's far from being conclusive
the only survey I know of in this area (which was done by someone
selling a service to fix the problem - so use some NaCl!)
http://www.assurancesys.com/hm/index
found that one email in eight was being incorrectly filtered
> It would be something if we could eliminate the
>unambiguous cases.
>
>In the longer term, ISPs need to do something about this - perhaps by
>first identifying, and later refusing mail without a verifiable pedigree
>- something like enforced, but simplified, PGP (I'm no expert, but if
>that requires extensions to email protocols, then it's time to work out
>what they should be).
there are no technical solutions, merely technical methods which will
temporarily improve matters until the senders work around them...
http://www.wilsonweb.com/wmt8/spamfilter_avoidance.htm
Darwin would have understand why you no longer receive messages from
"Dave Rhodes" ... and why this means defeat for filters in the long term
>If the Post Office distributed unsolicited hard-core pornography - much
>of it addressed to minors - on the scale currently afflicting the
>Internet, public outcry would force them to do something about it.
>
>Email won't come of age until the market weeds out Internet anarchists
>who claim that the problem is "insoluble".
There's systems out there for you already ... I suspect that you won't
like the price that the market currently bears :(
David CL Francis
<jaj...@suespammers.org> writes
>In article <P$R9CxU$87D+...@bloodaxe.demon.co.uk>, Andrea J Chee
><and...@bloodaxe.com> writes
>>In article <0BwSsBCm...@breacais.demon.co.uk>, Chris Manvell
>><ch...@manvell.org.uk> writes
>>
>>>Me too. I've had somewhere around 1000 messages, subject Tight Teen
>>>Virgins, or summat like that.
>>
>>"Tight virgin teens on cam" by any chance? You and me both. In their
>>hundreds. Seemed to start around Christmas Day and hasn't stopped yet.
>>Many LARTs sent.
>>
>Dat's der bunny. It's been sent to a truly weird selection of
>non-existent usernames.
>
I have been getting them as well. They all end up in my abuse folder but
I have no idea what I did to make that happen!
--
David CL Francis E-Mail reply to <PCsu...@dclf.demon.co.uk>
michael lefevre
oh but it does...
it even blocked earthlink's own marketing emails to their customers, on
more than one occasion...
--
michael
leo vegoda
[...]
> > Do you assume that Demon do not want to steal customers from their
> > competitors?
> >
> Demon have always tended to be at the more techie end of the market, whether
> that was their intention or not. By offering smtp mail delivery, static IP
> addresses and not restricting or filtering ports they've catered for a
> niche market of people who prefer to run their own stuff. It would be a sad
> day indeed if they ended up like Freeserve (who filter port 25 outbound)
> and NTL (mostly transparent proxies on port 80).
Who said anything about filtering ports and forced proxying of web
content? I was suggesting optional, configurable spam filtering.
Regards,
-leo
leo vegoda
>
> >If BT can do it
>
> They can't with better than ~95% accuracy. Use client-side tools which
> can possibly do better than that, and don't lose you that important
> Korean (or Demon) contract...
And you have a system approaching 100% accuracy? All the time?
Many customers might well appreciate their ISP filtering out 95% of
the spam directed at them. It's 95% less to deal with.
Just because you don't want it doesn't mean it should be denied to
others.
Regards,
-leo
Graham Murray
> Me too. I've had somewhere around 1000 messages, subject Tight Teen
> Virgins, or summat like that. Envelope Rejection was not use to had
> to go for the subject line. Quite a few downloads were that spam and
> nothing else.
One way in which, IMHO, Demon could help with this would be to not
"expand" emails sent to multiple recipients at the same Demon customer
host. Currently if the RCPT TO contains multiple users at the same
host, Demon will 'expand' these and generate multiple (otherwise
identical) emails, one to each recipient. It would save Demon spool
space, dial-up bandwidth and connect time if Demon were (for hosts
collecting via SMTP) to send just one email with multiple recipients
and let the customer either deliver the mail to the appropriate
mailboxes or reject the whole lot in one operation.
Mike Meredith
John Appleyard <ne...@3feet.co.uk> writes:
> Surely the particular example that is the subject of this thread would
> be easy enough to spot? It would be something if we could eliminate the
> unambiguous cases.
I used to block spams in that way. Turns out to be a very inefficient method
of blocking spam. Yes it works, but the workload explodes in scale, and
you frequently block stuff that will only be seen once anyway. And
frequently too late to be useful.
> In the longer term, ISPs need to do something about this - perhaps by
Quite a few ISP's (and other organisations) do in fact do quite a bit to
stop spam. I don't know how involved Demon is in some of the methods,
but if you tried spamming from your Demon account you would almost certainly
find yourself without an account (or I wouldn't be able to send mail from my
Demon account to my work email servers).
Take a look at http://www.mail-abuse.org. That is hardly the only
mechanism that is used to fight spammers, but is probably the highest
profile organisation involved.
If the anti-spam activists hadn't been fighting the spammers for nearly
a decade now, the current spam problem would probably be 10-100 times
worse.
> first identifying, and later refusing mail without a verifiable pedigree
> - something like enforced, but simplified, PGP (I'm no expert, but if
> that requires extensions to email protocols, then it's time to work out
> what they should be).
The standards are already in place to do something along those lines,
but the cost in terms of blocking legitimate email is far too high.
> Email won't come of age until the market weeds out Internet anarchists
> who claim that the problem is "insoluble".
As the spammers frequently label anti-spam activists "Internet
anarchists", your choice of label for the defeatists is wildly
inappropriate :)
David G. Bell
<20021223.0...@rijhwani.org> r...@rijhwani.org
"Raj Rijhwani" wrote:
> On Mon, 30 Dec 2002 12:00:20 -0000, in article
> <aupcgl$rum$1$8300...@news.demon.co.uk>
> jonathon@Stoneditch_AUNTY_SPAM_.com "JD" wrote:
>
> > It's a real shame that Demon REFUSE to do something about this.
>
> No, it's one of the few principles they stand on that they still get
> RIGHT. Demon was set up on the principle that they provide the end-users
> with direct unfiltered internet traffic, and it's down to the end-user
> how they mange that, and which tools they choose to use. And the
> principle of letting the end-user mange their mail flow and decide
> what is and isn't spam for themselves and how to deal with it is
> one of the few remaining manifestations of founding principles.
I think the big problem is that Demon was set up a long time ago,
several aeons of Internet Time, and things have changed.
Demon give the impression, true or not, that they don't care and are
doing sweet FA about the problem.
They found out, the hard way, when they got sued for libel over a news
article. Yet they still do nothing about this. Why do they think
nothing has changed since 1992?
Richard Clayton
<db...@zhochaka.demon.co.uk> writes
>They found out, the hard way, when they got sued for libel over a news
>article. Yet they still do nothing about this.
This is nonsense -- a considerable amount of work is done in dealing
with the complaints that regularly arrive about defamatory material.
Furthermore, a considerable amount of work has also been done in the
regulatory sphere, educating Whitehall, Brussels &c on the problems
faced by the ISP industry. Thus plc employees are regular speakers at
the various events on this topic (and closely related topics such as the
ECommerce Directive implementation)
This education work is beginning to pay off. You may perhaps have missed
the recent Law Commission report that suggested that the law of
defamation needed reforming in this area ?
http://www.lawcom.gov.uk/files/defamation2.pdf
Richard Clayton
<news...@gmurray.org.uk> writes
>Chris Manvell <ch...@manvell.org.uk> writes:
>
>> Me too. I've had somewhere around 1000 messages, subject Tight Teen
>> Virgins, or summat like that. Envelope Rejection was not use to had
>> to go for the subject line. Quite a few downloads were that spam and
>> nothing else.
>
>One way in which, IMHO, Demon could help with this would be to not
>"expand" emails sent to multiple recipients at the same Demon customer
>host.
this would require various systems using POP3 to use the *ENV extension
to access the original envelope. It's not something to do lightly...
>Currently if the RCPT TO contains multiple users at the same
>host, Demon will 'expand' these and generate multiple (otherwise
>identical) emails, one to each recipient. It would save Demon spool
>space, dial-up bandwidth and connect time if Demon were (for hosts
>collecting via SMTP) to send just one email with multiple recipients
>and let the customer either deliver the mail to the appropriate
>mailboxes or reject the whole lot in one operation.
... but doing it only for SMTP would tackle that objection. Means it's
merely a SMOP :) [[and an incompatible change of mailstore format
leading to some problems if the new code needed to be withdrawn]]
Andrew Brydon
>Hi,
>I have had loads of SPAM this holiday periiod too. The one about tight
>virgins (in the subject header). I have also seen some copy cat mails from
>this as well, different mail address but same subject.
>It's a real shame that Demon REFUSE to do something about this. It's bloody
>obvious to me that this is spam and it should be to them as well. If they
>just blocked it at their perimeter then maybe there would be less traffic on
>the network and then we would all be happy.
Ditto here - perhaps 150 so far (which is low compared to others...)
But, I also read on a weekly basis of the numbers of VALID messages
which are caught and deleted by these proposed spam-traps, when in
use by MSN and AOL, for example. What is worse, said traps often
don't tell you the message was deleted - so you don't know you didn't
get it. I for one would rather have the inconvenience of knowing I am
receiving all my own email!!
--
Andrew Brydon
Life is just the beta-version of death
Chris Lawrence
> On Mon, 30 Dec 2002 12:00:20 -0000, in article
> <aupcgl$rum$1$8300...@news.demon.co.uk>
> jonathon@Stoneditch_AUNTY_SPAM_.com "JD" wrote:
>
> > It's a real shame that Demon REFUSE to do something about this.
>
> No, it's one of the few principles they stand on that they still get
> RIGHT. Demon was set up on the principle that they provide the end-users
> with direct unfiltered internet traffic, and it's down to the end-user
> how they mange that, and which tools they choose to use. And the
> principle of letting the end-user mange their mail flow and decide
> what is and isn't spam for themselves and how to deal with it is
> one of the few remaining manifestations of founding principles.
I fail to see why this topic causes so much controversy. Someone
mentions Demon filtering mail, loads of people respond saying they do
not want Demon to interfere with their mail, and so on.
The answer is for Demon to provide a filtering service which users may
then activate if they wish and configure through a Web interface.
They're not interfering with anyone's mail then, they're simply
empowering the end-user to manage their mail more efficiently than they
might do now. Any mail deleted/tagged/diverted would be as a result of
the end-user's own rules, exactly as it is anyway. It just saves having
to download hundreds of junk mails over their link just so they can be
deleted by their rules.
If you don't want your mail filtered, you don't use the facility.
What's the big problem here?
--
Regards,
Chris Lawrence
news
<new...@michaellefevre.com> writes
>> Pity it doesn't stop the spam generated via Earthlink
>
>oh but it does...
The stuff I get must be an illusion then.
--
David Lawson
leo vegoda
[...]
> I fail to see why this topic causes so much controversy. Someone
> mentions Demon filtering mail, loads of people respond saying they do
> not want Demon to interfere with their mail, and so on.
>
> The answer is for Demon to provide a filtering service which users may
> then activate if they wish and configure through a Web interface.
> They're not interfering with anyone's mail then, they're simply
> empowering the end-user to manage their mail more efficiently than they
> might do now. Any mail deleted/tagged/diverted would be as a result of
> the end-user's own rules, exactly as it is anyway. It just saves having
> to download hundreds of junk mails over their link just so they can be
> deleted by their rules.
>
> If you don't want your mail filtered, you don't use the facility.
> What's the big problem here?
Precisely!
Chris Hedley
> which clearly have become mis-associated with the domain name. For
> instance there never has been a pim...@courtfld.dcu but he still gets as
> much spam as any of the genuine accounts.
(If he's never existed, how do you know he's a he? Sexist! :P )
The best ones are the never-existant IDs that the spammers claim
have "opted in" to their spamlists, so "this message can't be
considered spam." (I thought it more curious than anything else
that a spammer considers that they can dictate what I may or may
not consider...)
Chris.
--
"If the world was an orange it would be like much too small, y'know?" Neil, '84
Currently playing: Sing-Sing - "The Joy Of Sing-Sing"
http://www.chrishedley.com My stuff, including genealogy, other things, etc
Michael J Davis
<ch...@manvell.org.uk> writes
Brian:-
>>Have you considered running spamassassin or similar? The only real problem
>>is that the mail spool tends to be slow with masses of mail to be
>>delivered or rejected. Of course Demon could allow multiple connections
>>from each put again, I'm sure the old TCPIP stacks that couldn't cope with
>>this are a thing of the past now aren't they?
>
I haven't used spamassassin, but do use POP3scan when I find a large
amount of mail in my mailbox. During the first Tight teens attack the
other day, I went to POP3 but it took 3 minutes (dialup connection) just
to see the names of the first 185 mails, I then tagged them all for
deletion and by the time I'd browsed them to untag the five that were
legitimate mail, it would have been quicker to download the lot and
filter to my spambox. (After 2 days I filter on <===8 for this attack,
though Kara would do.)
>Thanks for the tips Brian - I have marked your message kept and will
>investigate them further. I haven't really done anything other than
>set up spam filters (see my post in another branch of this thread) as I
>have other (non-computer) problems at the moment. However in the past
>few months things have started getting worse. Granted TP has good
>filtering and I may have to investigate it further.
Chris
I now have about 40 rules for acceptance (into my Spambox) mostly on who
it is addressed to. If you'd like to know them - just ask!
I may have to change my domain and start again. :-(
Mike
--
Michael J Davis
Personal email replies may be made to mi...@trustsof.demon.co.uk
<><
To earn the right to complain
ensure you are lavish with your praise.
<><
John Hall
leo vegoda <l...@news.lurve.org> writes:
>On Mon, 30 Dec 2002 23:55:50 +0000, Jim Crowther wrote:
>>
>> >If BT can do it
>>
>> They can't with better than ~95% accuracy. Use client-side tools which
>> can possibly do better than that, and don't lose you that important
>> Korean (or Demon) contract...
>
>And you have a system approaching 100% accuracy? All the time?
>
>Many customers might well appreciate their ISP filtering out 95% of
>the spam directed at them. It's 95% less to deal with.
That's not the real problem. The real problem is those messages
incorrectly identified as being spam and therefore filtered..
--
John Hall
"One half of the world cannot understand
the pleasures of the other."
From "Emma" by Jane Austen (1775-1817)
John Hall
Richard Clayton <ric...@highwayman.com> writes:
>In article <20021231.08...@zhochaka.demon.co.uk>, David G. Bell
><db...@zhochaka.demon.co.uk> writes
>
>>They found out, the hard way, when they got sued for libel over a news
>>article. Yet they still do nothing about this.
>
>This is nonsense -- a considerable amount of work is done in dealing
>with the complaints that regularly arrive about defamatory material.
I think that the "this" that David was referring to was the spam
problem, but he wasn't very clear.
John Appleyard
Richard Clayton wrote:
>>>it is hard to distinguish between bulk unsolicited email and large
>>>(opted into) mailing lists. Some mailing lists have many thousands of
>>>Demon subscribers :(
>>>
>>
>>Surely the particular example that is the subject of this thread would
>>be easy enough to spot?
>
>
> why ? what makes it clearly unsolicited ?
>
> it's got a lot of tell-tale signs I agree [does someone have the Spam
> Assassin score for it?] but that's far from being conclusive
>
> the only survey I know of in this area (which was done by someone
> selling a service to fix the problem - so use some NaCl!)
>
> http://www.assurancesys.com/hm/index
>
> found that one email in eight was being incorrectly filtered
>
The SA score is around 14. There are plenty of other surveys - take a
look at SAs own literatture. They quote the following
# SUMMARY for threshold 12.0:
# Correctly non-spam: 169667 83.66% (100.00% of non-spam corpus)
# Correctly spam: 15960 7.87% (48.17% of spam corpus)
# False positives: 1 0.00% (0.00% of nonspam, 32 weighted)
# False negatives: 17176 8.47% (51.83% of spam, 133534 weighted)
# SUMMARY for threshold 15.0:
# Correctly non-spam: 169667 83.66% (100.00% of non-spam corpus)
# Correctly spam: 9690 4.78% (29.24% of spam corpus)
# False positives: 1 0.00% (0.00% of nonspam, 32 weighted)
# False negatives: 23446 11.56% (70.76% of spam, 217853 weighted)
The SA breakdown of this particular SPAM has several clear indications
of forged headers..
SPAM: Content analysis details: (14.50 hits, 8 required)
SPAM: MIME_ODD_CASE (2.4 points) MiME-Version header (oddly
capitalized)
SPAM: FORGED_AOL_RCVD (2.9 points) Received forged, contains fake
AOL relays
SPAM: MISSING_OUTLOOK_NAME (1.1 points) Message looks like Outlook, but
isn't
That - combined with the fact that very similar emails are being sent
hundreds of times each to many subscribers would be enough to convince
most people.
>
> there are no technical solutions,
Are you absolutely sure of that?! It sounds like ostrich speak to me.
merely technical methods which will
> temporarily improve matters until the senders work around them...
>
> http://www.wilsonweb.com/wmt8/spamfilter_avoidance.htm
>
> Darwin would have understand why you no longer receive messages from
> "Dave Rhodes" ... and why this means defeat for filters in the long term
>
Darwin knew that both hunters and hunted evolve. Defeat is not
inevitable, except for defeatists.
>
>>If the Post Office distributed unsolicited hard-core pornography - much
>>of it addressed to minors - on the scale currently afflicting the
>>Internet, public outcry would force them to do something about it.
>>
>>Email won't come of age until the market weeds out Internet anarchists
>>who claim that the problem is "insoluble".
>
>
> There's systems out there for you already ... I suspect that you won't
> like the price that the market currently bears :(
>
If you mean Spam Assassin, I already use it, and find it pretty effective -
for the time being. However, it wasn't easy to set up, and I wouldn't
expect casual users to do it.
As I said in my previous post - I think that, in the longer term, an
answer could be something like simplified but enforced PGP. Any email
not postively linked with a certificate holder would be rejected. Any
mass mailer who broke the rules (e.g. by sending UCE or not promptly
honouring unsubscribe requests) would have their certificate revoked.
Obtaining a certificate would have a modest cost in time and/or money.
Email needs a proper audit trail, and ISPs need to think about it NOW.
--
John Appleyard (for email, please use john@.. rather than news@..)
Polyhedron Software Ltd.
Programs for Programmers - QA, Compilers, Graphics, Cosultancy
********* Visit our Web site on http://www.polyhedron.co.uk/ *********
Theo
>Over 93% of my incoming email is spam. A little more than 2/3 is
>rejected by me, in ways which may affect innocent third parties.
>
>Can Demon really do nothing?
>
>Should they do nothing?
So far this thread has IMHO missed the underlying issues.
Filtering and/or bouncing spam at the end user adressee or the receiving
ISP is just firefighting; it doesn't prevent the volume of unsolicited and
unwelcome garbage flying around increasing, without limit; (and in the case
of bouncing spam from forged addresses, actually increases the volume). And
you and I are directly and indirectly paying for the resources needed to
store, forward, transmit and filter this junk.
In the long term, this increasing volume will destroy public email as a
useful and economic means of communication - there is already some evidence
for this in the increasing proportion of websites which no longer offer an
email contact address.
Genuine ISPs should be concerned enough about this to instigate concerted,
effective action to deny spammers access to the free use of third party
resources.
Bulk spammers such as the recent outpourings by "Kara" and friends depend
on access to mail relays - and "Kara" seems to be using both spammer
friendly relays (mail servers run by organisations which never respond to
UCE reports) and open mail relays (servers inadequately protected against
abuse by third parties).
Both of these menaces need to be addressed; and the means required are
primarily organisational. I do not think individual end-users have the
means to undertake this (but please feel free to correct me).
Edit the address in the sig to reply by email if you so wish.
--
Theo Brueton
tb021222 (at) anoeth (dot) demon (dot) co (dot) uk
Dyddiadur Llundain: http://www.anoeth.demon.co.uk/digwyddiadur.html
Chris Manvell
In a message dated Mon, 30 Dec 2002, Richard Clayton wrote...
>In article <aupln6$f7n$1$8300...@news.demon.co.uk>, JD <jonathon@Stoned
>itch_AUNTY_SPAM_.com> writes
>
>[of spam filtering]
>
>>I don't see why it would translate into higher costs for the end users.
>
>because the companies selling these services charge (and non-trivial
>amounts per "seat") ....
>
>I can't immediately locate a quote price for a service such as Star's
>"CleanMail Anti-Spam". Gradwell charges five pounds/pa per username.
>
>You may wish to investigate the costs for yourself -- at which point
>you'll understand the attraction of freeware solutions :)
As the person who initiated much of this debate on this thread, I would
like to put the record clear on what I was thinking of. It was not in
my mind that Demon should have the ability to filter out every bit of
spam that came its way, that clearly is impossible. What I was
specifically thinking of were those items of mail like the one that
started this thread, "Tight Virgin Teens", or whatever it was, that have
obviously come through the Demon servers in their thousands (like I am
probably at around the 1000 mark by now - and have sent as many
rejection notices). Probably 50% of the junk I get would come under that
category.
Anyway, the more I think about it the more I see that I am going to have
to sort out the problem myself by using "accept" filtering and just lose
valid messages that, for whatever reason, are slightly incorrectly
addressed. As I receive a lot on (socially, not monetarily) valuable
one-off mail from people I do not know, from all over the world, it will
probably lose me "business" but maybe that is preferable to the current
position where many of my downloads are 80% or more rejected by the
rejection rules I am using.
All the best,
Chris
--
Chris Manvell Email: <ch...@manvell.org.uk>, Fax:0870-056 8081
URLs: www.manvell.org.uk/, www.breacais.demon.co.uk/, manvell/20m.com/
ABS(ESE):/abs/>, DAYSPRING:/dayspring/>, UK BAHA'I DIRECTORY: /lynx/>
ISLANDS OF THE NORTH SEA: /islands/>, SAPLING PUBLICATIONS: /sapling/>
SGRIOBTIUREAN CREIDIMH NAM BAHA-I (Scots and Irish Gaelic with English
Translations) <http://www.breacais.demon.co.uk/gaelic/>
Baha'i community of Skye: <http://bahai.community.skye.co.uk>
Chris Manvell
wrote...
>I'd guess about ten were incorrectly bounced (in that they were wanted
>but probably arrived in HTML format)
Hey, how did you organise that?
Alternatively, is there a way to accept the messages but always display
them in Turnpike's plain text format (i.e. not showing the HTML portion
of the message? (However, recently I have noticed messages coming in
that are HTML only, with no plain text option - those would still have
to be able to be displayed in HTML, though.)
cerebros
my domain... Time to seriously think about switching to an ISP that does
filtering methinks
"Andrea J Chee" <and...@bloodaxe.com> wrote in message
news:P$R9CxU$87D+...@bloodaxe.demon.co.uk...
> In article <0BwSsBCm...@breacais.demon.co.uk>, Chris Manvell
> <ch...@manvell.org.uk> writes
>
> >Me too. I've had somewhere around 1000 messages, subject Tight Teen
> >Virgins, or summat like that.
>
> "Tight virgin teens on cam" by any chance? You and me both. In their
> hundreds. Seemed to start around Christmas Day and hasn't stopped yet.
> Many LARTs sent.
>
> - ANDREA
>
> --
> ^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^
> <and...@bloodaxe.com> http://www.bloodaxe.com/
> Bloodaxe's History Links: http://www.geocities.com/Athens/5055/
> The Loony Bin Archive: http://loonies.net800.co.uk/
David G. Bell
ric...@highwayman.com "Richard Clayton" wrote:
> In article <20021231.08...@zhochaka.demon.co.uk>, David G. Bell
> <db...@zhochaka.demon.co.uk> writes
>
> >They found out, the hard way, when they got sued for libel over a news
> >article. Yet they still do nothing about this.
>
> This is nonsense -- a considerable amount of work is done in dealing
> with the complaints that regularly arrive about defamatory material.
>
> Furthermore, a considerable amount of work has also been done in the
> regulatory sphere, educating Whitehall, Brussels &c on the problems
> faced by the ISP industry. Thus plc employees are regular speakers at
> the various events on this topic (and closely related topics such as the
> ECommerce Directive implementation)
>
> This education work is beginning to pay off. You may perhaps have missed
> the recent Law Commission report that suggested that the law of
> defamation needed reforming in this area ?
>
> http://www.lawcom.gov.uk/files/defamation2.pdf
While it's nice to know that Defamation is getting some attention, I had
the impression that this thread was about email Spam problems.
John Appleyard
Mike Meredith wrote:
> In article <3E10DC5A...@3feet.co.uk>,
> John Appleyard <ne...@3feet.co.uk> writes:
>
>>Surely the particular example that is the subject of this thread would
>>be easy enough to spot? It would be something if we could eliminate the
>>unambiguous cases.
>
>
> I used to block spams in that way. Turns out to be a very inefficient method
> of blocking spam. Yes it works, but the workload explodes in scale, and
> you frequently block stuff that will only be seen once anyway. And
> frequently too late to be useful.
>
On our system, spam has outnumbered genuine emails by 50 to 1 over the
past few days. I'm quite certain that, had we not been using Spam
Assassin, genuine emails would have been deleted as we cleared out our
mailboxes. It's possible that SA may have wrongly categorised genuine
email (generally low-priority opt-in commercial circulars) as spam, but
I'm convinced that the risk (and the work-load) is lower with SA.
>
>
>>first identifying, and later refusing mail without a verifiable pedigree
>>- something like enforced, but simplified, PGP (I'm no expert, but if
>>that requires extensions to email protocols, then it's time to work out
>>what they should be).
>
>
> The standards are already in place to do something along those lines,
> but the cost in terms of blocking legitimate email is far too high.
>
How? If you have a valid certificate, you can send email, and it will
be delivered. If your certificate is revoked, you won't be able to send
email, but you'll know about it.
In practice, there is NOW a very real risk of losing genuine email in
oceans of spam.
>
>>Email won't come of age until the market weeds out Internet anarchists
>>who claim that the problem is "insoluble".
>
>
> As the spammers frequently label anti-spam activists "Internet
> anarchists", your choice of label for the defeatists is wildly
> inappropriate :)
Eh? Anarchists oppose regulation.
Jim Crowther
>On Mon, 30 Dec 2002 23:55:50 +0000, Jim Crowther wrote:
>>
>> >If BT can do it
>>
>> They can't with better than ~95% accuracy. Use client-side tools which
>> can possibly do better than that, and don't lose you that important
>> Korean (or Demon) contract...
>
>And you have a system approaching 100% accuracy? All the time?
>
>Many customers might well appreciate their ISP filtering out 95% of
>the spam directed at them. It's 95% less to deal with.
What about the other 5% that was wrongly labelled 'spam' and binned?
>Just because you don't want it doesn't mean it should be denied to
>others.
I want *all* my 'wanted' e-mail. If that means accepting the spam as
well, then so be it. I can deal with it very efficiently here, thank
you, with no false positives in the last 9 days worth:
Emails classified: 905
Classification errors: 22
Accuracy:
97.56%
ok 308 (34.49%)
spam 585 (65.5%)
Word Counts
ok 56,040 (8.53%)
spam 600,580 (91.46%)
--
Jim Crowther "It's MY computer" (tm)
Spam no longer a problem: <http://popfile.sourceforge.net/>
Stephen Henson
> On Mon, 30 Dec 2002 01:01:36 -0000, in article
> <MPG.1879ab165...@news.demon.co.uk>
> she...@drh-consultancy.demon.co.uk "Stephen Henson" wrote:
>
> > As well as the idiotic dictionary attack I'm getting a whole load of
> > attempts to spam message ids from some of my old emails.
>
> I think you mean article ids from news postings. I get that too.
> Usually comes in bursts of 20 or 30 bum messages.
>
No, as I mentioned the ones I get are from message ids in a mailing
list. One batch is from some stuff I sent to the ietf-smime (S/MIME
working group) mailing list in 1998.
I suppose I should be glad they stopped harvesting in 1998. If they'd
carried on until the present day I could have got hundreds of the
things.
Steve.
David G. Bell
<slrnb130q...@toybox.amsterdamned.org>
l...@news.lurve.org "leo vegoda" wrote:
The big problem is what it might cost.
But that's a different problem to the ones usually used as an excuse for
not doing it.
Simon Waters
>
> On Mon, 30 Dec 2002 01:01:36 -0000, in article
> <MPG.1879ab165...@news.demon.co.uk>
> she...@drh-consultancy.demon.co.uk "Stephen Henson" wrote:
>
> > As well as the idiotic dictionary attack I'm getting a whole load of
> > attempts to spam message ids from some of my old emails.
>
> I think you mean article ids from news postings. I get that too.
> Usually comes in bursts of 20 or 30 bum messages.
Mine are definitely to SMTP message id's, harvested from the
Devon and Cornwall LUG mailing list archive.
Although strangely I use to always get 100's of copies of each
spam to these, I now sometime get less copies so someone has
split the list where these were included - which I guess is a
bonus(?) as I get less spam.
Advice to spammers; grep -v "^[\.[:xdigit:]]\+\@.*" - will only
kill 0.5% of genuine e-mail addresses.
JD
<news...@gmurray.org.uk> :
That wouldn't work. Some accounts are used from different locations
but access the same mailbox, only downloading the mail that is for a
aprticular user. The above would shaft any emails sent to one user and
cc'ed to another.
--
John
arjf @ sghzfu qbg qrzba qbg pb.hx
Chris Hedley
> I'm one of those people who block anything that's come via a Chinese or
> Korean (or various other parts of apnic) relay, they seem impervious to
> complaints over there so the only solution is for as many people as
> possible to block them until the people with the power get their act
> together and clamp down.
That's what I do as well; it might seem a little draconian, but there's
little in the way of legit stuff that I expect to receive and they're
hideously unregulated (or should that be unmaintained?)
Chris Lawrence
> >Many customers might well appreciate their ISP filtering out 95% of
> >the spam directed at them. It's 95% less to deal with.
>
> What about the other 5% that was wrongly labelled 'spam' and binned?
That doesn't follow at all. More like "what about the 5% they didn't
filter?" The answer is it arrives as normal because it wasn't filtered.
But this is all a moot point because...
> >Just because you don't want it doesn't mean it should be denied to
> >others.
>
> I want *all* my 'wanted' e-mail. If that means accepting the spam as
> well, then so be it. I can deal with it very efficiently here, thank
> you, with no false positives in the last 9 days worth:
... you're another person who can't grasp the notion that Demon-side
email filtering could be a feature which customers could choose to use
to apply THEIR OWN rules to delete unwanted mail from 'Kara' or unwanted
mail about 'virgin teens' BEFORE the mail tied up their - possibly
relatively slow - link to the Internet. Or they could decide to tag
them to assist with less able filtering on their own computer, etc. Or
redirect them, or whatever.
It's absolutely NO DIFFERENT to having customers apply their own rules
on their own computers in terms of who controls what happens to their
own mail. It's just another tool - hypothetical of course because Demon
don't offer it, and it appears they never will.
I can highly recommend Gradwell's mail filtering service, which supports
header filtering and SpamAssassin for those who would like such a
service. One rule would take care of all these 'Kara' mails without
having to waste time and bandwidth downloading them.
And I agree with others that an ISP which declares "we decide what spam
is and filter it for you" is a Bad Thing.
--
Chris
Andy
Lawrence <ne...@holosys.co.uk> wrote
[
>
>If you don't want your mail filtered, you don't use the facility.
>What's the big problem here?
>
--
Andy
For Austria & its philately, Lupus, & much else visit
<URL:http://www.kitzbuhel.demon.co.uk/>
Chris Manvell
wrote...
>
>> In a message dated Tue, 31 Dec 2002, Dave {Reply Address in.sig}
>> wrote...
>>>I'd guess about ten were incorrectly bounced (in that they were wanted
>>>but probably arrived in HTML format)
>>
>> Hey, how did you organise that?
>>
>> Alternatively, is there a way to accept the messages but always display
>> them in Turnpike's plain text format (i.e. not showing the HTML portion
>> of the message? (However, recently I have noticed messages coming in
>> that are HTML only, with no plain text option - those would still have
>> to be able to be displayed in HTML, though.)
>>
>part of the body. HTML email can be a security hazard to the unwary and
>it's a Good Thing to encourage people not to use it. The side effect is
>that probably 90% of spam is in HTML format so immediately gets filtered
>without any further effort required on my part. The few terminally clueless
>people who send HTML format email that I do want to see just get specific
>entries in the killfile to allow their stuff to get through.
Thanks Dave, I will implement that and, for the time being anyway,
forego the few whose software does not send plain text with the HTML.
Best wishes,
Chris
--
Chris Manvell, Isle of Skye, Scotland. Fax.:+44+(0)870 056 8081
Baha'i Faith Pages from Skye: http://www.breacais.demon.co.uk/
"We testify that when He (Christ) came into the world, He shed the
splendour of His glory upon all created things. Through His power, born
of Almighty God, the eyes of the blind were opened, and the soul of the
sinner sanctified." [Gleanings from the Writings of Baha'u'llah, XXXVI]