"The Ultimate Spamtrap"

[Farelf]

This looked great at first glance:

http://www.jkcc.com/e-mail.html

Then I noticed in section "#4 - Plus links to real spammer e-mail addresses for the icing on the cake" a heap of postmaster addresses - some at least recognized as regular, mainstream ISPs, not even particularly spammy in the case of one or two. This is pretty silly, surely (irresponsible)? Thoughts?

[Jeff G.]

Yes, that last section does look irresponsible, especially with all the duplicates.

[Farelf]

Thanks Jeff. Maybe I will contact the owner and challenge his process in identifying the "spam email addresses" in section #4. Some people are tormented enough to be tempted to take some sort of vigilante action, misleading/erroneous lists could end up with unexpected consequences. FWIW, I think vigilantism causes more problems than it solves, precisely because of the risk of misidentification and other weaknesses in evidence.

[Farelf]

Update. Request to webmaster to remove postmaster [at] addresses was unanswered, but on checking from time to time find they're now all gone. Still has one abuse [at] - there's a heap of copies of these pages around, haven't checked any others lately.

[Farelf]

Then to top it all off, there's Harvest me, spammers!. A nice mix of abuse and postmaster addresses of both hosts and anti-spam organizations plus government agencies and US Senators. Nah, SpamCop's not in there (yet) but Julian gets several mentions. Now in most instances these are perfectly public or eminently guessable addresses but being posted en claire can't be a help for them to remain viable.

The theory is that spammers will be dumb enough to harvest from the page (yeah, that's very possible actually) and the resultant spamflow will be blacklisted and/or traced and taken out muy pronto. But - if you've found, for instance, abuse[at]tiscali.fr to unresponsive (haven't we all?) and assumed they're simply "no hat" (ditto) it just could be that this attrition.org page (and any brethren out there) actually has a bit to do with it. Perhaps, if there were some serious heavies in the list, it would act as poison but nah, they don't include the NSA, FBI, White House or even Hillary Clinton. Anyway, how hard would it be for spiders to boycot it, if it was even slightly effective?

This thing is totally misguided IMO. Jeez - they even have their own host in there! Maybe they're not long for this world. Can't be long before "wilful exposure" of another's email address becomes an actionable tort if not a criminal misdemeanor. O brave new world ...

[jongrose]

I recommend SpamPoison which uses tons of different domain names that keep redirecting back to other ones, so it's hard for spambots to blacklist all their domains, and all the email addresses it lists are pulled from real spams.

[silentlarry]

I recommend www.spampoison.com which uses tons of different domain names that keep redirecting back to other ones, so it's hard for spambots to blacklist all their domains,

I'm not sure what to think about spampoison, because it doesn't do exactly this (the above).

The html they show you in a box, to be copied and pasted into your webpage is a unique link to the spampoison domain (i.e. english-uniquenumbers dot spampoison dot com), not a one of their many other innocent looking domains.

Above THAT box is a an example of linked text and graphic, but THOSE do not link to the html shown in the box. They link to innocent looking domains with the fake email addresses.

What is going on here? At first I thought they wanted millions of links pointing to the spampoison main page to pump up the ad revenue, then assume the spambots would crawl to the link on that page which points to the random domains with the fake addys. But I can think of no reason why they wouldn't simply put the ads on THOSE pages (they do not). So I don't get it.

Nothing wrong with them making money at this, paying the bills yada yada. I just don't get why they bother with the "tons of different domain names", while at the same time tell you to paste in html that links first to spampoison. Obviously one could simply ignore that and use the link target that points to a random innocent looking domain.

So, like I say I wonder what the real story is, but even so I've still got a spampoison link on the site I maintain.

Wandering off in another direction, I read on some guy's blog where he started getting tons less spam after putting a spampoison link on his page. He was thinking maybe address harvesters might blacklist any page which sports a spampoison link. So I added some hidden sneakemail addys on Jan 7 to my main page (my first bot-readable addys since adding the SP link), so far not one spam hit. I'm going to let it simmer for a while before I draw any notions about this. Obviously it would be more telling to do this as a controlled experiment, but I'm just not up for it a the moment.

and all the email addresses it lists are pulled from real spams.

Not sure what to make of that, considering that real spams are so very often sporting the forged from addys of innocent parties. I assume they are not doing that exactly. I hope not anyway.

[rconner]

For what this may be worth, the "e-mail.html" page is now 404. Maybe the person read these posts?

-- rick

This looked great at first glance:

http://www.jkcc.com/e-mail.html

Then I noticed in section "#4 - Plus links to real spammer e-mail addresses for the icing on the cake" a heap of postmaster addresses - some at least recognized as regular, mainstream ISPs, not even particularly spammy in the case of one or two. This is pretty silly, surely (irresponsible)? Thoughts?

[elind]

In this vein, I would like to ask why the simplest anti spam actions cannot be taken. I assume there is a good reason, since it doesn't seem to be done, but I don't know why.

On the basis that some of the largest telecoms and ISPs, at least in the USA and Europe, are in principle anti spam, and on the assumption that all email has to pass through servers and routers controlled by them, why can they not filter spam in the same way every recipient can do and return or stop it instead of sending on?

I use spam assassin filter via spamcop, as well as a few personal blacklists, but I don't recall spamassassin being wrong once. It sometimes misses new spam, but never has it flagged a legitimate email.

Why can this not be done?

[Miss Betsy]

On the basis that some of the largest telecoms and ISPs, at least in the USA and Europe, are in principle anti spam, and on the assumption that all email has to pass through servers and routers controlled by them, why can they not filter spam in the same way every recipient can do and return or stop it instead of sending on?

It is a matter of money. Most of them do stop spam leaving their mail servers, but many of them do nothing to stop the zombie computers that have been infected by trojans and viruses. why, because they don't want to alienate customers nor pay money for salaries for those who might be able to convince the customers that they need computer help. Other admins figure that they are filtering successfully, let the other guy look out for himself. For instance, I read somewhere that an admin had no concern that one of his computers was spewing spam (mostly from infected machines) because it never sent legitimate email (I think it was a computer dedicated to anti virus screening.) And, in some cases, the spammer owns the IP addresses he is using.

Another factor is the really high upstreams only administer the flow - spam merely adds to their revenue if the people using their services are stupid enough to pay the bandwidth. They don't contend with spam except as a matter of bandwidth.

Until consumers understand that spam can be controlled by using blocklists and that senders are responsible for choosing responsible ISPs, then nothing will be done. Many customers of Comcast would be horrified to know how much porn comes from Comcast computers, but Comcast is cheap.

Until then, end users will have to endure poor mail service because content filters hide legitimate email in the spam folder (it is almost worse when it almost never does that!) or at some ISPs simply don't deliver it. I know this happens because I sometimes email myself at other email addresses and every once in a while something disappears - for no discernible reason (not even being blocklisted). All the abuse desk will tell you is to make that correspondent one of your favorites. But that doesn't even work according to a collegue.

Sorry to be so cynical.

[elind]

Sorry to be so cynical.

Thanks. I understand the cynical explanation, which seems to be that until it is actually a real problem (now it's just an annoyance?) nobody will act. However I question the issue of excessive cost. Applying a solid filter and returning spam is automatic. If a few people are sometimes wrongly identified, that can hardly be as big an overhead to deal with as the one we have now, affecting everyone.

So, do we need legislation again, to force ISPs and carriers to act responsibly?

[petzl]

Thanks. I understand the cynical explanation, which seems to be that until it is actually a real problem (now it's just an annoyance?) nobody will act. However I question the issue of excessive cost. Applying a solid filter and returning spam is automatic. If a few people are sometimes wrongly identified, that can hardly be as big an overhead to deal with as the one we have now, affecting everyone.

So, do we need legislation again, to force ISPs and carriers to act responsibly?

ISP's only have to block port 25 to stop 99% of today's spam

So the reply is not cynical ISP's make money from bandwidth used

Far too many ISP's don't even have a abuse contact address

If one is serious abut email do not automatically accept the one they force on you

Pay the US$30 a year for the only email address you will ever need Then ask for a $30 a year discount for not using the lousy spam magnet the ISP offers (And yes many a ISP sell their addresses to spammers)

[rconner]

ISP's only have to block port 25 to stop 99% of today's spam

This has often occurred to me as well. The ISP could simply forbid port-25 traffic leaving its domain except for its own mail hosts (plus any customers who have specific need of such traffic). Probably 95% of all internet users wouldn't even be aware of the block.

The argument is even better for blocking port-80 web traffic inbound to pool hosts (which would kill off botnet websites, or at least force them to move to other ports). Again, few customers would know that this traffic was blocked.

There might even be some money in this for the ISPs. Anyone who decides they must send random SMTP or run websites from their homes could be offered a higher-tier service (for more money, natch) and could be subjected to closer scrutiny by the ISP.

This solution is so simple and obvious that I am wondering what is wrong with it and why no one will use it. I won't say there's some dark conspiracy going on , but the reasons must go beyond the merely technical/engineering problems involved.

I can see where the UUnets and Qwests of the world would make money from spam traffic, but what does (say) Comcast have to gain? They don't meter their customers' traffic (so far as I know), so they don't stand to make any more money from botnet spewage.

-- rick

[Miss Betsy]

which seems to be that until it is actually a real problem (now it's just an annoyance?) nobody will act.

IMHO, until it starts costing enough money to control spam that end users are affected by raising rates, there won't be enough people to demand responsibility.

but what does (say) Comcast have to gain? They don't meter their customers' traffic (so far as I know), so they don't stand to make any more money from botnet spewage.

They are making money, they are saving money by not hiring persons to deal with customers who don't protect their computers.

It is obvious that the solution is to make it cost more for those who use bulk email to cover the costs of detecting unauthorized bulk email and to use blocking filters to protect from those who evade the costs (by using zombies, for instance).

Since bulk email is the problem, the solution should be aimed at bulk email. My solution is that responsible ISPs would use the RFC header line that identifies bulk email and that receiving ISPs would block all bulk email except that which is whitelisted by customers. (Whitelisting is more or less already done because many newsletters and sales emails ask you to whitelist them in order to be sure to receive them. It would be just one more step after receiving the confirmation email). Then any bulk email received that does not contain the bulk email header line could be reported and that IP address would be blocked until the sending ISP gets his bulk email customers to use the header line (or stops sending spam). Legitimate bulk emailers would probably welcome a way that their email would always be accepted by willing recipients instead of constantly trying to keep up with content filters and being reported by customers who miss the newsletter in a batch of spam.

Since a lot of spam comes from zombies now and can already be blocked without interfering with mail servers, and all bulk email would be blocked unless whitelisted by the recipient, so even if spammers started using the bulk email header, it wouldn't be delivered. Individual email traffic would be unaffected (after the initial phase of getting ISPs to use bulk email headers and end users to choose responsible ISPs) since content filters would not have to be used at all or could be set more accurately to catch that kind of spam that is worthwhile to send below bulk email limits (like the 419 spams). For those people who want to buy from spam, they can pay more to have the bulk email unblocked.

The problem, of course, is to get the word out and get ISPs to use the system and for some reason, server admins don't like it.

And the problem with legislation - aside from the fact that there are too many nations to get to cooperate on laws is that laws are useless without enforcement. In spite of enforcement of fraud laws, there are still lots of attempts to defraud offline. And those laws are still effective for online fraud. So, in spite of existing laws that cover a great many spam already, it has not deterred anyone.

In fact, there is less and less spam that sells anything even remotely considered legitimate.

Miss Betsy