Jump to content

HillsCap

Members
  • Content Count

    90
  • Joined

  • Last visited

Everything posted by HillsCap

  1. HillsCap

    Spam Free

    The longest I've gone is 10 days (IIRC) without receiving a spam, but I hope to break that over the next week. (I hope I don't jinx it by posting this).
  2. HillsCap

    MASSIVE LAWSUIT AGAINST SCOTT RICHTER...

    I don't want to be disrespectful, Miss Betsy, because I know that you contribute a great deal of information to these discussion threads, but I don't know of ANY ISPs that operate that way. Besides, even if an ISP did block the unwanted emails, they would have to do so AT THEIR SERVERS (because they'd have to classify the spam AS spam, meaning the servers would have to parse through the entire body of the email first), meaning that the bandwidth required to transmit the spam has already been consumed by that ISP (as well as the CPU time), and therefore that ISP has to pay for that bandwidth (and additional computing resources) (and they WILL pass that cost on to you, the end user). If they're doing IP blocking, it mitigates that somewhat, but I can tell you from experience with running the JackPot fake SMTP server that the spammers will: a) send through open relays (of which there are thousands) send through RATs (of which there are hundreds of thousands) c) otherwise obfuscate their IP address I've had one single spammer (sending the same message from each location) send to me over the course of a day from over 300 IP addresses and 12 different ISPs. Obviously, he was tapped into the RAT pool, using them as open proxies. Blocking all those IP addresses would be prohibitively expensive in terms of time and manpower, and when those RAT-infected computers get fixed, how do you know to remove it from the list of blocked IPs? Especially if it's on a dynamic IP address? Do you block list an entire ISP (like Road Runner, one of the most anti-spam ISPs out there, yet a large contributor to IP addresses I'm picking up from this particular spammer)? Where does it stop? When you've Block Listed the entire internet? That's been tried before. No, I've already got the most effective method to stopping spam... it doesn't entail reconfiguring the email transport protocol and infrastructure, it doesn't require finding a new ISP that magically blocks spam without incurring extra costs associated with CPU time and bandwidth and spam blocking software, it doesn't require new anti-spam legislation, it requires people to stop complaining about the problem, and become an active part of the solution. It requires taking action... if you saw a theft in progress on the street, would you not report it to the police? Of course, everyone would. Yet, with spam (a theft of our resources) most people are content (or conditioned) to simply hit the 'Delete' key, mutter "OK, spammer, here's a tiny bit more of my time and money and bandwidth... gosh I hate you.", but never do anything more about it! They should be reporting it... to SpamCop, to the other Block Lists, to their ISPs, to the ISPs of the spam sender, to the BBB and State Attorneys General for U.S. spammers, to the Federal Trade Commission, and in the case of spam hawking medicine, to the FDA. Granted, I've got it all automated, so it only takes three clicks per spam to accomplish all this, but there's no reason others couldn't do the same. And for those who believe in pro-active crime prevention, they can do like I do... I walk right up to the spammer thief and kick him in the crotch. If you send me spam, your spamming days are definitely numbered. It's not vigilantism to protect your time and resources from abuse, even by pro-active means.
  3. HillsCap

    MASSIVE LAWSUIT AGAINST SCOTT RICHTER...

    You can also call OptiGate at (303) 464-8164, and Scott Richter's number has been reported to be (303) 550-9828. Also, if you want a complete set of tools for tracking down spammers, you can't go wrong with Sam Spade. [edit] Oh, before I forget, Jebuz Jones noted the Unsolicited Commando program, which fills out offending websites feedback forms with bogus data. I've used it for a long time. Unfortunately, the UC program grabs a port, connects to the offending website, then when it's finished, never releases that port, grabbing yet another for the next website... if left running long enough, all your ports are consumed and your internet connection becomes unusable until you shut down the UC program. I've already contacted Adam Keeney, the UC program author... let's hope he's hard at work fixing it. If any of you are Java programming wizards, perhaps you could lend a helping hand by inspecting the source code at his website: http://www.astrobastards.net/uc/source/
  4. HillsCap

    MASSIVE LAWSUIT AGAINST SCOTT RICHTER...

    Merlyn wrote: [There are other ways.] Well, then you should tell us those ways... I've tried everything else, and the only effective means of spam abatement I've found is to hit them where it hurts. I've gotten 13 spams in the past 30 days, without using Block Lists, without blocking delivery of any emails. I've got a straight, unhindered shot from the internet to my Inbox. How many spams did you get over the last month? But it wasn't an easy road to get to 13 per month... I fought the spammers 24/7 (literally) for months on end (a 'luxury' I'm afforded because I work out of the house)... I developed specialized software to allow semi-automated reporting of high volumes of spam, and more software to do high-volume LART'ing, and even more software is in the works (just wait 'til you see what I've got in store for you next spammers, it'll knock your socks off. Picture FriedSpam.net on steroids, and completely untraceable back to the users). Jebuz Jones is correct, the spammers drew the line in the sand... I'm just stepping up to that line, and going toe-to-toe with the spammers. And you know what? They hit like girls, and they've got glass jaws. I mean, come on, spammers! Is a DDoS all you can come up with? I've got measures in place that slow your DDoS to a crawl and prevent it from affecting my machines, and it doesn't affect my ability to access the internet. Trying to hack into my machines? Please... it'll only get you reported to your ISP and law enforcement (and I don't even have to lift a finger for that to happen). Mail-bombing? You've tried this before, you know it doesn't work when I can handle more mail than you can throw at me. And you know if you try any of these, I'll track you down... I'll get server logs and do electronic forensics until I've got you... then you're going down. If someone kept breaking into your house, despite the fact that you've installed security measures, put a high fence and signs, then crapped on your carpet each time they wormed their way into your home, I GUARANTEE you wouldn't ask them nicely to leave... you'd beat the living hell out of them, especially when they kept coming back, and most especially if you found that there were no police for you to call. Why? Because they're not only violating your personal domain, they're leaving behind something that you find offensive, and costing you money because you now have to clean your carpet, not to mention the expense of those security measures, that high fence and those 'Keep Out' signs. It's the same thing with spammers... they worm their way into your Inbox (your personal domain, much as your home is your personal domain) by hook or by crook, then dump their load of crap there (crapping on your carpet), and keep coming back despite the fact that you've set up security measures, high fences and 'Keep Out' signs (anti-spam software, disposable email addresses, email address obfuscation on websites, Block Lists, etc., etc., etc. ad nauseum). And there's no police to call... (weak legislation, no strict penalties, very little enforcement of existing legislation). Well, I've had enough... I'm beating the living hell out of every one of them that worms their way into my Inbox and leaves their crap pile there. Meanwhile, we still have to work on convincing our policitians to give us effective legislation that protects us from the spammers, with strict punishments doled out for those who violate that legislation. I think of my email Inbox much as I think of my fax machine... if I were receiving hundreds of unsolicited faxes daily, I'd do something about it because IT IS COSTING ME. Same thing with email... it costs all of us in additional bandwidth, time, resources, and frustration having to deal with spam. The amount of cost is much smaller per spam than per fax, but the concept is exactly the same. And the laws that apply to fax machines should apply to email, as well.
  5. HillsCap

    MASSIVE LAWSUIT AGAINST SCOTT RICHTER...

    You're right, YourBuddy, the ability to remove the cloak of anonymity that spammers now enjoy IS the ultimate solution to the spamming problem... except in cases like Richter, who believes he can still fill our Inboxes because of weak laws. First, we have to strengthen the laws, and give them provisions for strict penalties for violating them. Laws are supposed to be created to benefit the majority of people, without trampling on the rights of the minority of people. The current law benefits a minority of people, while trampling on the rights of the majority of people, and thus it MUST be changed. Broad participation is required for our voice to be loud enough to be heard in the halls of government. But once our voice is heard, it must be heeded... or the politicians risk getting voted out of office by an angry populace. The longer they allow the spam problem to fester by not enacting effective legislation with strict penalties, the angrier the populace becomes. Second, we have to motivate the people to seek their own solutions to the spam problem. By this I mean we must convince people to take action against spammers in whatever form they find morally and ethically agreeable. I have no moral or ethical qualms with doing whatever is necessary to take down a spammer and prevent him from wasting my precious time and resources, so I'm probably a bit more vicious about it than most people would be, but because of the lengths I am willing to go to prevent my resources from being abused, I find that the spammers avoid me like the plague. I receive virtually no spam at all. What spam I do receive is usually from newbie spammers, who are easily convinced to find another means of income production when they learn of the consequences awaiting their decision to send spam. I've already written extensively in other posts on this forum about some of the techniques I use... but I have been forced upon occasion to take drastic measures against spammers who thought they could force me into submission by mail-bombing me or attacking my computers. Those spammers quickly found out that I can become quite vicious indeed. They also found that I specialize in configuring computers for high-security computing environments, meaning that no matter what they tried, my computers were unassailable and impregnable. Surprisingly, I found their computers easily assailable and pregnable. Thirdly, we must remove the cloak of anonymity that many spammers now enjoy utilizing such techniques as packet spoofing, open relays, RATs (Remote Access Trojans), and open proxies. I've already submitted a proposal to several government officials who requested my input on the solution to the spam problem. Let's hope they have the intestinal fortitude to implement the changes necessary to fix this, rather than going for the feel-good sound bite and political quick fix that assuages the marketing lobbyist groups. You know, for a troll, you're not half bad... you're not very annoying and don't try to disrupt entire threads with hundreds of consecutive posts like other trolls I've experienced on other boards, you play Devil's Advocate and encourage further discussion and you force us to challenge our assumptions.
  6. HillsCap

    MASSIVE LAWSUIT AGAINST SCOTT RICHTER...

    Double-opt-in is just that, irregardless of whether the spammers have tried to to redefine it to mean 'typing your email address twice on the signup page'. Double-opt-in's traditional meaning is a process by which you sign up to receive email, you then receive a confirmation email with a link you must click to complete the opt-in process. This can be the only true meaning of double-opt-in, as this process was created to prevent people other than the holder of the email account from signing others up to receive email. Double-opt-in, as defined by the spammers, does not offer this protection, and thus their definition is a misnomer, an invalid name. Double-opt-in is also more descriptive than confirmed-opt-in, as it connotes that two separate (double) opt-ins are required to be added to an emailing list, whereas confirmed-opt-in can be construed to mean what the spammers are trying to redefine double-opt-in as. Namely that you type your email address, then confirm it by typing it again on the same page. As for what to look for in your spam to tell if it came from Richter, there is a list of IP addresses and domains that Richter uses here: http://www.hillscapital.com/richter.txt YourBuddy is correct in one aspect... namely that Richter complies with certain aspects of the CAN-spam bill. He sends his spam from his own IP addresses, doesn't obfuscate his headers, and provides a (presumably) working unsubscribe link. But he is incorrect in saying there is no definition of spam... spam is any email marketing message that you did not elect to receive, and do not want to receive, that is sent by a marketer en masse. It is not about CONTENT, it is about CONSENT. Unfortunately, our legislators have stupidly made a bill that is unworkable... it allows anyone and everyone to fill our Inboxes with whatever they wish, without our consent, and all they must do is claim that we signed up for it... even if we didn't. There is no process to ascertain whether someone truly signed up for the email, and the legislators bowed to campaign contributions and political pressure from marketing lobbist groups to form a toothless bill that provides no penalties for those unscrupulous email marketers that obtain their email lists by means such as signing people up without their consent (somewhat akin to telephone slamming), spambotting websites, or dictionary attacks. The legislators seem to think that if we're on the spammers' lists, we MUST have signed up. They still haven't caught on to the fact that spammers lie. Richter is well known for using spambots to harvest email addresses (do you truly believe that over 80 million people signed up to receive his cruft?!), and I suspect he uses dictionary attacks, as well, judging by the spam I've gotten from him. But, what YourBuddy doesn't seem to realize is that this is one process by which we can get the laws changed to afford our email accounts the same protections afforded to our fax machines and telephones. Namely, for our telephones, we can sign up to not receive any marketing messages, and any companies that violate that can have penalties levied against them. For our fax machines (a more apropos analogy to our email accounts, since ultimately, we end up paying the bill for receiving the spam in higher ISP bills), there are laws that prevent ALL unsolicited marketing via facsimile machine, with heavy penalties to those who break those laws. With enough outrage, enough political activism, and enough people, we can get the laws changed to provide us (the voters... the people who elect those who make the laws) with the relief from spam that we seek. Other nations will see the outrage over spam and the amount of time and resources that it wastes just to benefit a few at the cost of many, and enact similar laws, if they have not done so already. A massive action against one of the world's largest spammers will send a message to other spammers to back off and respect our time, productivity and resources. And even if this doesn't work, we've helped a lot of people to learn about the issues, about SpamCop and its protection from spam, and hopefully some of them will read my other posts and learn how to take down the spammers in other ways. Imagine 1,000,000 people using FriedSpam.net against Richter or any other spammer... they'd be out of business for good in a month. Imagine 1,000,000 people running the JackPot MailSwerver fake SMTP server/honeypot to dump relay spam... relay spam would cease to exist. Imagine 1,000,000 people filling out bogus data on the spammers' feedback forms or shopping carts... the spammers would get a taste of what spam is like, as they'd have to wade through all the unwanted data (wasting their time on each to verify whether it is valid or not) before getting to the data they want. Even if each person only did this a few times a day... the aggregate total of this would hurt the spammers tremendously. People need to stop complaining about spam and start DOING something about it... we all need to take up the sport of spammer hunting, which is great fun and exceedingly challenging. It wasn't until I actively began going after the spammers that I stopped receiving spam in large quantities. I now only have 13 spams in my spam folder (which deletes anything older than 30 days). I don't use Block Lists, I don't prevent the delivery of any email, it's just that the spammers have learned to avoid me because I will do everything within my capabilities to take them down. If everyone took my stance, and actively went after the spammers, we'd have the spammers running scared. And people would soon find that they no longer receive much spam at all.
  7. HillsCap

    MASSIVE LAWSUIT AGAINST SCOTT RICHTER...

    Jericodw: LMAO... maybe we could hire Snotty Scotty to get the word out... You can tell if your spam is from Richter by looking at the list (link below) of IP addresses and domains he uses, then searching your spam corpus for these... I think I'm going to create an Excel spreadsheet that will interact with my Outlook, and do the search automatically... it'll be a lot easier than searching through the thousands of spams manually. http://www.hillscapital.com/richter.txt
  8. HillsCap

    MASSIVE LAWSUIT AGAINST SCOTT RICHTER...

    Everyone sign the petition... meanwhile we'll work on compiling a list of government officials from around the world, and send them the results of the petition. This accomplishes two things... we built criticality for the number of people we need to go after Richter, and we let the governments of the world know that we've had enough of the spam. Once we've gotten enough public attention and enough people interested, we'll have all those people send their Richter spam to the FTC. Mr. Richter, an avalanche is fast approaching you... and there's nowhere for you to run, nowhere for you to hide.
  9. HillsCap

    MASSIVE LAWSUIT AGAINST SCOTT RICHTER...

    OK, EVERYONE... THE PETITION IS LIVE! Go here: http://www.petitiononline.com/gt78mt5e/petition.html Slashdot it, tell your friends, tell your family, tell your government officials.
  10. HillsCap

    MASSIVE LAWSUIT AGAINST SCOTT RICHTER...

    Ok, everyone, how's this for the petition declaration: Part 1: We feel that our email accounts, being a communication medium that is considered to be within our personal domains, should be subject to the same privacy conventions and laws as any other means of communication which is considered to be within our personal domains. These other communication mediums include our land-line telephones, facsimile machines, and cellular telephones, amongst others. These other means of communication have certain limits placed upon them with regards to whether, when and how commercial marketing messages can be disseminated through them. Part 2: We feel that, much like the facsimile machine, the ability to shift the cost of delivery of emails from the sender to the receiver of those emails, lends this communication medium to much abuse at the hands of unscrupulous individuals or entities. Indeed, much abuse already takes place. Because of this, we feel that the only effective means of stopping this abuse is to require all email marketers to utilize double-opt-in marketing, under strict penalty of law. Part 3: We feel that the classification of email as UCE (Unsolicited Commercial Email) or UBE (Unsolicited Bulk Email), commonly known as 'spam', hinges not upon content, but upon consent. Without our consent, no spam email should arrive at our email accounts. It matters not whether the email in question carries legitimate header information, is sent from the sender's true IP address, carries tag lines such as 'ADV:' or 'ADLT:'. If we did not consent to receiving that email, it is a violation of the sanctity and privacy of an extension of our personal domain, namely our email accounts. Because of the cost-shifting characteristics of email, it is somewhat akin to someone accosting us against our wills in our own homes, yelling marketing messages at us, then forcing us to pay them for their time and trouble of delivering those marketing messages! Part 4: We believe the governmental organizations dedicated to stemming the abuse associated with spam should focus on a 'top down' approach, meaning that they should focus their efforts on the most prolific of the professional spammers first, in an attempt to bring these professional spammers' email marketing operations either in compliance with the public's wishes (double-opt-in marketing) or have these professional spamming operations disbanded. The top professional spamming operations (according to Spamhaus.org) are: 1 Alan Ralsky 2 Scott Richter - Wholesalebandwidth 3 Alexey Panov - ckync.com 4 John Grandinetti - 321send.com 5 Anthony 'Tony' M. Banks 6 Eric Reinertsen 7 lmihosting.com 8 Webfinity / Dynamic Pipe 9 Scott Richter - OptInRealBig 10 Eddy Marin - Oneroute Part 5: We believe that, as Mr. Scott Richter appears twice in the list of the top 10 most prolific spammers in the world (at positions 2 and 9), and as Mr. Scott Richter has the unmitigated gall to actually bring a lawsuit against a well known Block List using misleading information, in an attempt to force that Block List to allow delivery of his email marketing messages, the governmental organizations dedicated to stemming the abuse associated with spam should focus extra attention upon Mr. Scott Richter, ensuring that his email marketing companies abide by the wishes of the public, and use double-opt-in marketing, while requiring his email marketing companies to remove all existing email addresses from their databases, as these databases have obviously become tainted, allowing delivery of email marketing messages to those who never consented to receiving them. Part 6: We believe that spam email has become such a burden to our everyday personal and business lives that something must be done immediately. We believe this to be a large enough issue that it could possibly sway our choice in elections to those candidates who take a stance on spam more in tune with the public's wishes.
  11. HillsCap

    MASSIVE LAWSUIT AGAINST SCOTT RICHTER...

    Hi, all. I did a bit of digging at ROKSO, and came up with the following list of IP addresses used by Richter. http://www.hillscapital.com/richter.txt BadJeffy, that sounds like a good idea... Linux would probably be a better choice for this, as our server is a Win2K box (probably wouldn't be able to handle all the signups once this thing takes off). Plus, I'm not real heavy on programming to input to a database, which is what I envision for this. Or, we could use a suggestion from TPP (someone who's already signed up at StopSnottyScotty[at]yahoo.com), and go with http://www.PetitionOnline.com/ . That would probably be easier to do... now all we need is the wording for the petition. We'll need to compile the list of Senators, Legislators, and FTC contacts to send the petition to. I guarantee if we get enough people signing up for this petition, and we tell each and every one of our Senators and Legislators, Governors, etc. about it, there'll be pressure brought to bear on Richter. Spread the word, everybody... forget 1,000... let's try for 1,000,000 or more.
  12. HillsCap

    MASSIVE LAWSUIT AGAINST SCOTT RICHTER...

    Merlyn wrote: [What would happen if IronPort brought in sacks and sacks of postal mail sent to them with a hardcop of every single piece of spam Scotty Snooty sent them with a disclaimer saying it was never opted in for? I am talking millions of letters?] Exactly what I'm aiming for... except it won't be IronPort or SpamCop walking in with wheelbarrows of printed-out spam along with depositions, it'll be the Federal Trade Commission and the Federal Government. Now how can a judge argue with that?
  13. HillsCap

    MASSIVE LAWSUIT AGAINST SCOTT RICHTER...

    OK, I've set up an email account at Yahoo specifically for this... StopSnottyScotty[at]yahoo.com dra007, I've got DreamweaverMX and I'm a whiz at HTML, so if you've got the space for a webpage, I can whip up a page with an explanation of what our goals are. Ralsky's Fatal Tumor, my thinking was that people would naturally be suspicious of leaving their email addresses with me (or with any of us, since they don't know us and don't know if they can trust us with their email addresses), so I figured "Who would they trust? Well, SpamCop itself!" So, I think we'd get a higher percentage of people signing up to register their interest here, rather than leaving their email address with any of us. If we can't gather at least 1000 people, then it's not really worth going to the FTC, as the damages that can be shown wouldn't be large enough to take Richter down for good. Once we get 1000 people, I'll give the contact details for my contact at the FTC, you all can either call or email her, she can send out the depositions and give you the FedEx shipping number. A website is a good idea, but we still need some means of communication between us and the people who are interested. Again, I don't think we'll get a large number of people giving out their email addresses, so that's why I went with this forum.
  14. HillsCap

    Scott the spammer Richter

    Certainly I'll help if I'm able... we keep all spam reports (with the source code of each spam) for a year. Just let me know via this forum what spams to look for. I'm in pretty regular contact with the FTC, so if you like, I can ask them to put additional pressure on Snotty Scotty. They've been pretty receptive to my ideas for going after spammers, so far (allowing them access to JackPot logs, going after a Florida spammer, etc.), so I'm sure they'd love to hook one of the biggest fish in the pond. Perhaps we can bring so much pressure to bear on Snotty Scotty that he'll be out of business before any major court battles commence. Bring it on, Richter, like I've said in other posts, the spam war (and it is a war) is a war of attrition... and there are more of us than there are of you. And I'm meaner than 10 junkyard dogs. Once I get my jaws into you, I'll never let go. You can't win. In fact, if Richter goes forward with this case against SpamCop, I'll dig out all our Richter spam, submit it along with a deposition to the FTC, and take the case to court with the FTC's help. I urge all the rest of you to join me in a class action lawsuit against Scott Richter. What the hell, the FTC pays for it.
  15. HillsCap

    LART'ing spammers...

    'Fighting abuse with abuse', as you call it, works. That's why we have a little thing I call 'war'. These are bad people we're dealing with, they don't understand or respond to 'niceness'. They'll do anything and everything they can to try to make money at other peoples' expense. We HAVE to fight fire with fire. In a similar fashion, we have to fight rogue nations or leaders, with war... they'll do anything to attain and sustain their power, because it makes them rich and powerful. They'll use people and resources that they have no right using. They'll try to expand their borders (and thus their power and wealth) without regard to others. Both rogue leaders/nations and spammers operate outside normal conventions of society and outside the law... making laws to stop them doesn't work, since they ignore laws. Asking them nicely to stop their nefarious activities doesn't work, because they're only concerned with themselves, and don't care about how much damage they do to others. They don't respect others. And it's all about respect or fear. If they don't respect you, they MUST fear you. Otherwise they'll walk all over you. Respect isn't in the vocabulary of a spammer, if it was, they wouldn't rape SMTP servers, infect people's computers with trojans so they can control them and send spam, inundate everyone with an aggregate estimated 2.5 billion spams per day, completely fill server hard drives of smaller ISPs with their cruft while at the same time driving these smaller ISPs out of business due to their bandwidth requirements sometimes doubling or tripling just due to spam, etc. Since respect isn't an option, we have to make the spammers FEAR. They have to be made so afraid to send out spam that they don't do it. They have to fear for their websites, for their internet connections, for their income, even for their freedom (put them in jail), etc. The only way to do that is to start taking them down... hit them where it hurts. Go after their sources of revenue to make spamming such a painful endeavor that they give up. Call in all your resources to bring them down... take down their websites by contacting their webhosts, fill their email accounts with crud so anyone trying to buy from them via email gets their email bounced (takes away their customers), convince their mail providers to redirect incoming email to spammer accounts to the bit-bucket while leaving that account open (confuses the spammers, since they're getting no response to their spam), get the government to go after them by reporting them to the FTC (and in the case of internet pharmacies, the FDA), block their spew by reporting to the Block Lists, fill out their web forms or shopping carts with bogus information to waste their time and money, run up their bandwidth (and thus their hosting costs) to make spamming no longer economically viable, teach people to never respond to spam by purchasing from spammers (to take away their income stream), run a fake SMTP server to absorb and dump their spew (reduce their ability to reach their audience), find out who their credit card processing company is, and report to them to take away their ability to accept credit card purchases, report to the credit card processing company's ISP and mail host, so if they continue to support spammers, they'll be shut off from the 'net, etc. You call it abuse... no, what they are doing is abuse... what I am doing is defending the internet from the abusers by striking back at them, forcing them to back down. Without them, we stand to save an estimated annual $51.2 billion (U.S.) worldwide in costs associated with dealing with spam (additional equipment and software purchases, lost productivity, bandwidth costs, etc.). Trust me, I've tried every other way... I've tried just hitting the 'Delete' key, I've tried unsubscribing, I've tried complaining to their web hosts and ISPs, I've tried reporting them to the Block Lists. It wasn't until I 'stooped to their level', as you call it (I call it fighting them on their own battleground... they waste my time and resources, I waste theirs... it's a war of attrition, and I refuse to be attrited) that they left me alone. I've only gotten one spam this week, only 14 over the last month, and I guarantee I'll never get spam from any of them again. As for Joe-jobs, it's pretty easy to tell what is and isn't a Joe-job, after you've seen 10,000 or so spams. It becomes second nature. As for my ISP, they don't consider it abuse or a violation of their TOS until I've breached the provisions of the Computer Fraud and Abuse Act... which I definitely haven't.
  16. Hoo, boy! If you increase the number of threads, be sure your bandwidth and machine can handle it... I set it so JackPot would use 201 threads. Within 1/2 hour, I had 200 simultaneous incoming SMTP connections. Fortunately, I've tweaked the memory settings and garbage collection for JackPot, so it's not taking much CPU time, and the memory handle leak isn't so bad. But, there must be a huge spam ring originating in Taiwan, since all the connections came from there. And, I drilled a hole through my router for JackPot's HTTP server, so now I'm serving the JackPot log results to the internet. This will allow me to send LART emails (JackPot does an abuse email address lookup for each IP address of the incoming SMTP connections), by clicking on the links in the JackPot logs, then I put the URL to my JackPot HTTP server into that email, and the ISPs can see for themselves what their users are doing, in real time. Of course, I'll also start Sam Spade and do a quick traceroute, so I can report to the ISPs' upstream as well, to apply a little more pressure on the ISPs to fix their spamming problem (it's giga.net and twnic.net.tw, and they've got a huge spammer problem). But first, I want to let the spammers waste more of their time and resources sending to the bit-bucket... I figure another 5 million messages collected, then I'll report them. By then, I'll have collected enough data that there'll be irrefutable proof that those ISPs have a spammer problem they can't afford to ignore.
  17. Hi, all. A quick update / bump. The spammers are becoming much more aggressive in the number of connections they establish, as I said in my last post. They're also trying to spew more, by increasing the number of recipients per message. So far, I'm just over 1,400,000 spam emails blocked. I've been in contact with Jack Cleaver, the program's author, and due to the recent upswing in interest in the program, he's going to go to work on it to fix the few remaining bugs. So, hopefully, in a few weeks or so, we'll have a rock stable version out that doesn't have a memory handle leak. BTW, does anyone know how to force the JRE 1.5.0 b1 to do more aggressive Garbage Collection? I'm trying to get it to clean up those memory handles, since the JRE takes care of memory management, not the program. My thinking is that it might be that the reason the handle count continues upward is that Garbage Collection can't clean up fast enough due to how hard the spammers are hitting my JackPot. By increasing the aggressiveness of the JRE Garbage Collection, I hope to keep the memory handle count under control.
  18. HillsCap

    Spam Free

    Feels good, doesn't it? Knowing that your email isn't polluted with a bunch of cruft that you have to wade through... Before I began hammering the spammers, it felt each morning like I had to wade neck deep through a septic tank to get to any real work. The spam wasted my time, raised my blood pressure, and generally made each day a bad start. Now, I look forward to checking my email, knowing that only legitimate messages are waiting for me. Plus, if I do get a spam now and then, I've got the free time (now that I'm not wasting 30-45 minutes a day dealing with spam) to really hammer that scumbag into the ground. Good job, dra007, and congratulations.
  19. Argh! LaBrea doesn't run under WinXP! Apparently, LaBrea requires WinPcap, which is not supported for WinXP. So, that's a bust.
  20. Actually, the URL for Labrea is: http://labrea.sourceforge.net/labrea-info.html I've downloaded it, and will check it out. Unfortunately, JackPot has a memory handle leak that requires me to restart it about twice a day. But, it sure is working! I've had as many as 95 simultaneous incoming SMTP connections, and I blew past the 1,000,000 spam emails dumped mark. I'm now just over 1,100,000. Oh, on the jackpot.properties file, you might want to change a few settings: #Extra time taken to respond to commands when in a spam run. #This is applied to every line entered in a HELO dialog; the default is 1s. This is enough to make a HTML message from Outlook Express take almost a minute to enter. TarpitDelay=1000 (You might want to increase this when the number of spammers is high, to keep JackPot from taking too much of your CPU. DO NOT use the 'Administer JackPot' link in the JackPot's HTTP server home page to change this... for some reason, when you do, it causes JackPot to take more CPU time than just changing it manually in jackpot.properties, then restarting JackPot.) #Specifies what kinds of message get output to the system logs. This is a bit-set, the values are as follows: # SMTP = 1; # HTTP = 2; # RELAY = 4; # STATUS = 8; # PROXY = 16; # ENVE = 32; # CONFIG = 64; # DEBUG = 128; FileLogging=255 ConsoleLogging=255 (Set FileLogging=128, otherwise the logfile collects everything (which is redundant, since everything is also stored elsewhere) and can grow quite large (mine was a couple hundred MB before I deleted it. Setting it to 128 only collects DEBUG messages (i.e.: errors), making the file size much smaller.) #This entry controls the size of the ThreadPool. Jackpot will politely decline protocol activities on ports 25 and [HTTP-port] once the number of free threads falls below 5. MaxThreads = 150 (You can control how many spammers can connect at once by changing this... if you set it to 150, only 149 spammers can connect at once. If JackPot it taking too much CPU time, crank this down to around 50 or so.) I'd say the minimum to set this is around 20.) I'll let you all know how running LaBrea goes...
  21. Hey, everybody. I'm up to 47 inbound SMTP connections to my JackPot server, and a total of over 500,000 spams blocked. I slowed down a bandwidth-intensive distributed computing project I'm participating in to give JackPot more bandwidth. As soon as I did, my IDS/IRS made noise several times (I set up my IDS/IRS to play a specific .WAV file when port 25 is hit, to alert me to spammers using JackPot), signifying that several more SMTP port TCP 25 connections were being made. They're loading it up so much that the text is flying by so fast I can't read it. My goal is to monopolize as much of their connection bandwidth as possible, so they send as much spam as possible to my bit-bucket, where I know it's getting dumped. If I ran with less bandwidth, they'd just find another place to spew through, and it could potentially be an actual open relay, which means people would receive spam, and the spammers would get visitors (and buyers). Too bad I don't have a larger pipe... I'd love to see them trying to fill a 45Mbps connection. Has anyone else set up JackPot? If so, the first thing you should do is configure it so that when you submit it to the open-relay testing sites, it'll relay pretty much everything. I did this by drastically shortening the time required between email messages (right now, I've got it set up to bit-bucket everything with more than one recipient, and everything sent sooner than 25 seconds after a previous message... you should set it up with a high recipient count and a low time duration between emails before submitting it for testing). Submit your JackPot for testing... once it passes and you're listed as an open relay (especially if you find overseas testing websites... they're most likely set up by spammers to find and exploit open relays submitted by people who don't know any better), the spammers will come flocking. Then you can tighten up the settings to bit-bucket everything with more than one recipient, or if it's sent sooner than a certain time limit. Let me know how it goes... perhaps we could keep stats counts to compare how everyone is doing.
  22. Hi, all. Well, I've got 21 spammers connecting to my JackPot teergrube/honeypot right now, and I've blocked around 400,000 spam emails. Another bit of good news... I just talked with an FTC representative, and we're looking into setting it up so the FTC can check the JackPot logs and use them as evidence against spammers. Since JackPot records everything (times, dates, IP addresses, headers, message body, etc), it'd be a great resource for them to go after spammers. This might be the next phase in spammer hunting...
  23. Here's my jackpot.properties file, to help you in setting it up. I've obfuscated the admin username and password, the Httpport, the ServerName, and the htmlpath, of course. ##################################################### #This file contains general configuration data for Jackpot. The first section contains stuff you should customise before running Jackpot for real. #This entry specifies the value returned in the "Server: " HTTP header returned by Jackpot. #ServerHeader=SMTPD32-6.06 ServerHeader=Smail 3.1.29.1 #IP Address where SMTP will be served, if your host is multi-homed. If the host is multi-homed, and this entry is missing or blank, SMTP will be served on all addresses. SmtpAddress= #Specifies a virtual path for HTML. This defaults to "html", i.e. the root hosts page is http://<jackpot>:<port>/html/hosts.html. #If you set this value to "xyzzy", then HTTP requests must be of the form http://<jackpot>:<port>/xyzzy/something.html, otherwise they will elicit a 404. This is supposed to make it easier for Jackpot to be stealthy. HtmlPath=xyzzy #Specifies an email address to which all mail to postmaster[at][jackpot] or abuse[at][jackpot] is to be forwarded. RoleAccountAlias= #UserID for access to Web-Admin. AdminUser=admin #Password for access to Web-Admin AdminPassword=password ##################################################### #The next section contains stuff you might customise to make this Jackpot look different from other Jackpots. If you want to customise these entries, telnet to a real mailserver and see how *it* behaves. #Port for serving HTTP; it would be a good idea to change this, because the Jackpot server could be fingerprinted by finding it's HTTP server. HttpPort=8080 #This entry specifies the response sent to (all) VRFY requests. VrfyResponse=502 VRFY not available #This entry specifies the response to (all) EXPN requests. ExpnResponse=502 EXPN not available #This entry specifies the response to (all) TURN requests. TurnResponse=502 TURN not available #Specifies the 503 message BadSequenceResponse=503 bad command sequence #This entry specifies the response to a DATA request. DataResponse=enter DATA end with CR.CR #This entry specifies the response to a connection request when no threads are available in the SMTP pool. DiskFullResponse=452 services unavailable, try again later #Controls whether Jackpot adds a Received: header. Defaults to yes. If it doesn't, it's a badly-broken relay. AddReceivedHeader=yes #Controls whether any Received: header should show the sending host and address. #If not, then the received header will show only the return path from the HELO (which a spammer would normally forge). If this is No, Jackpot acts as a blind relay. ShowReceivedHost=no #This entry specifies the name of the mail server, as output in the banner. #There are some (commented out) examples below from real mail-servers. #MTADescription=ESMTP Sendmail V8 #MTADescription=SMTPD32-6.06 MTADescription=Smail 3.1.29.1 #This entry specifies the name of this machine, used in the response to HELO/EHLO, in any Received: header added by Jackpot to relayed messages, #and to construct a postmaster address. Defaults to the name of your localhost (best setting). ServerName=mail.pbi.net ##################################################### #This section contains stuff related to logging and so on - general system control. #If set to Yes, bounce-messages will be sent for unaliased addresses in this (Jackpot's) domain, and whenever a recipient's mailhosts cannot be contacted. #Default is no. SendBounceMessages=no #This entry specifies the maximum number of recipients in a message-envelope before it is rejected as spam. If you find you are getting relay-requests with multiple recipients, consider raising it. MaxRecipients=1 #Extra time taken to respond to commands when in a spam run. #This is applied to every line entered in a HELO dialog; the default is 1s. This is enough to make a HTML message from Outlook Express take almost a minute to enter. TarpitDelay=1000 #The amount of time considered 'too soon' for the purposes of determining if a message should be relayed. Messages submitted via SMTP may also be subject to tarpitting if they arrive 'too soon'. Default is 20s. MinSpamInterval=25000 #This entry specifies the location for log output. logfile=jackpot.log #This entry controls the size of the ThreadPool. Jackpot will politely decline protocol activities on ports 25 and [HTTP-port] once the number of free threads falls below 5. MaxThreads = 150 #Specifies the nameserver to use. If not provided, uses the system default. #NameServer= #Specifies the (comma-delimited)names:ports of the HTTP servers to be updated when SMTP traffic is captured. LogServers=127.0.0.1:8080 #Determines whether an Ident service should be offered to abuse.net (speeds up inquiries). IdentForAbuse=no #Specifies what kinds of message get output to the system logs. This is a bit-set, the values are as follows: # SMTP = 1; # HTTP = 2; # RELAY = 4; # STATUS = 8; # PROXY = 16; # ENVE = 32; # CONFIG = 64; # DEBUG = 128; FileLogging=255 ConsoleLogging=255 #Specifies a limit on the number of spams that should be stored for each spam-source. MaxStoragePerSource=150 ##################################################### #This section specifies timouts for socket-connections used for several different purposes. Times are in milliseconds. #How long to wait for proxy-test results ProxyCheckTimeout=10000 #How long to wait for abuse.net lookups AbuseLookupTimeout=10000 #How long to wait for SBL lookups SBLLookupTimeout=5000 ##################################################### #This section controls what is running, and how, at system startup. #Whether to start the HTTP service. StartupHttp=yes #Whether to start the SMTP service StartupSmtp=yes #Whether to start up with relaying enabled StartupRelay=yes #Whether to start up with tarpitting enabled StartupTarpit=yes #Whether to start up with POSTing to storage enabled StartupStorage=yes #Whether to start up with the SOCKSV4 Proxy Server running StartupProxy=no ##################################################### #The last section contains stuff you are unlikely to need to change, at least for now. #Port for serving SMTP; if you change this, you'll probably be the only person who ever sends mail to your Jackpot server. SmtpPort=25 #This entry restricts the maximum number of messages that can be queued at any one time. #The queue is in memory, and Spammy will have to send relay-requests on multiple connections simultaneously to have a chance of filling it up. MaxQueueSize=1500
  24. Hi, all. Whenever I submit a spam report to SpamCop, I get back a bounce error. Here's what it says: The following message to <bbrahms[at]ironport.com> was undeliverable. The reason for the problem: 5.1.0 - Unknown address error 550-'<bbrahms[at]ironport.com>: User unknown in virtual alias table' I know IronPort recently acquired SpamCop, so I'm asking here. Thanks for your help.
  25. HillsCap

    Bounce messages from IronPort

    Well, I've only had the occasion to test it a couple times, since I don't get much spam anymore, but the last couple of spam submissions didn't result in the bounce message... so I'm assuming IronPort had something misconfigured and was copying spam submission reports accidentally to a non-existent address.
×