Jump to content


  • Posts

  • Joined

  • Last visited

Mikey's Achievements


Member (2/6)



  1. Well in the immortal words of Mr. Garrison: "Well, slap my ass and call me Charlie." I just tried the regular auth log in and it worked now! Haven't tried the Cookie version but I'm sure I tried both of them last night and neither worked. I'm off to try the cookie version. Ooooh this is so exciting! I'm able to report more scumbags now!! Thanks for the pointers folks!
  2. Will there be a similar bold, 40-point, shouting post when the system comes back up? http://forum.spamcop.net/forums/index.php?showtopic=5096 Announcement Or will all the paid users get an E-mail? Do we have any more status on this? I haven't been able to log in for about a week now. And yes, without any kind of obvious information I already DID reset my password. Why would I not?
  3. Mikey

    Word lists?

    Sorry for the tinyurl link, that’s the way it got sent to me. I appreciate everyone’s responses, and I don’t mean that satirically. I was hoping that someone from IronPort actually read these boards but I suppose that’s a bit much to ask. They've done some good work, just don't know how they got roped into this. I haven’t seen the press release but I know several people in the Navy and Marines who have confirmed this for me. It was announced a couple weeks ago. NMCI has partnered with IronPort and Symantec. Don't know what Symantec brings to the party. If you know anyone, either civilian or active duty, Marine Corps or Navy, just ask them about NMCI. They’ll roll their eyes and tell you about an $8+ Billion (with a obscenity. Your tax dollars hard at work. Or ask an EDS investor. It almost bankrupted the company, and it still might do that. NMCI (Navy Marine Corps Intranet) is a huge contract between the Navy and EDS Corp (Ross Perot’s old stomping grounds). There is some stuff at nmcistinks.com and nmcisucks.com and EDS's Site or just google for NMCI. That’s like saying, “How do you write C code without a semi-colon?” I hope I don’t have to explain the difference between simple word searches and a Bayes database. I think its pretty clear what that story is talking about. Might help to think back to your theology/logic class – or your geometry class: Fallacy-warning: Because something is necessary, it is not always necessary and sufficient. Of course you have to have word lists. Yet by themselves they work about as well as a screen full of semi-colons. I guess what I'm asking is, does anyone actually think that a simple word search is going to do anything except tick off users? Can you show me one effective spam tool that does simple word searches? And please don't tell me about SpamAssassin -- that's not a simple word search.
  4. Please tell me that someone at IronPort doesn't actually believe this is a good idea. IronPort and NMCI to Block spam Apparently this has already started taking effect. I had a Navy engineer friend just tell me that he got a spam notice attached to some E-mail from an outside source. They were discussing IP addresses and used notation like 192.168.0.xxx It tagged the "xxx" as "Sexual content" and put all kinds of notices in the subject and body of his E-mail. What fourth-level newbie did they find at IronPort who agreed that this would actually do anything other than throw false positives and false negatives?
  5. For those of us old enough to remember. Acoustic modem anyone? http://textfiles.com/
  6. Buggering. Must we needlessly debate this? Man. These are comments from a SENDER not a RECEIVER. Those of us who run our own servers don't really care about these people. Harsh, but this is really getting old. I guess we need to revive these debates every couple years for the new blood but us crusty old farts are getting a bit worn out. Might as well debate: ski vs. board; Harley vs. Japaneese; .45 ACP vs. 9mm; mountain bike vs. road bike.... Why should I care what he thinks about my filtering schemes? I can chose to receive, or not receive, E-mail from anyone I want. If I choose to use SC and SORBS and Haus and filter out all of China and Korea who cares what he thinks? If I miss his newsletter, that's my loss. I understand some people may have this filtering forced on them by their ISP. Guess what. You can change ISPs! No, really, you can! Anyone who has REALLY looked at this will tell you the cost/benefit ratio is huge in terms of using every blacklist you can get your hands on. This all falls back on the silent majority theory. Or in this case, the ignorant majority. An ISP gets one complaint from someone who got an incoming E-mail blocked and they start wringing their hands over this one vocal customer. Of course they should be weighing that against the thousands of happy customers who don't have to deal with spam because the ISP is using SC. Of course those happy customers don't call up and thank the ISP every day. Most of them don't even KNOW they should thank the ISP because all the spam is blocked without them even knowing what goes on behind the scenes! Duh. Did someone say SC and DNSBLs were the flawless solution to everything? I don't think so. I appreciate all the benevolent comments from the knowledgeable regulars here. Don't mean to be an ass. Sometimes I just think you need to save wear and tear on your keyboard for things that really matter. Sorry, I'm just grumpy this morning.
  7. Careful guys. You might force me to go out in the garage and unbox my Atari 400. It had the peanutbutter-proof keyboard. And if you really tick me off, I might have to unleash my Timex/Sinclair 1000. I had the 16KB memory pack. Seriously, I do still have these. I wonder if there is a personal computer museum somewhere.
  8. I don't mean this to be pejorative but why don't you just set up your own server on your own IP? You seem fairly sharp on this kind of stuff. You could get a business DSL (last time I looked they were like $75 a month) and set up your own linux box. You would have complete control over not only what goes over the wire, but what goes on inside the machine. Don't let anyone tell you that you have to be a super geek. Its not that big of a deal. I bet it would be a lot cheaper in the long run. And I guarantee that it would create way fewer headaches. If you're savy, you could get a bigger pipe and set up websites for other folks (who you know and trust) -- get them to pay for your server and line. Again, not trying to pick a fight. Just speaking from experience.
  9. Seems to be fixed now? I don't get that response when I check it now.
  10. They hit me earlier in the month from which reverses to adsl-68-91-214-130.dsl.stlsmo.swbell.net Seems odd that a search engine would be using an ADSL line. Although they did pull my robots.txt (and honor it from what I can tell). Which is more than I can say for the idiots at Cyveillance. I hope Cyveillance is making use of all those poison pages they get from me.....
  11. Uhhhmmm. What's that old saw about discussing politics and religion? Well, at least we are in the right place.
  12. Again, I stand by my statement that the HUGE majority of spammers will not go to ANY effort to defeat this for at least several years. Which is also true of many of the SOURCES of spam. So we can do the same thing to Sally that we do to the sources. Compromised machines can be treated just like any other source of problems. See http://www.spamhaus.org/xbl/index.lasso Yes, I know Sally is not directly sending mail but people are looking at compromised machines in ways other than just DNSBLs. And I can tell you that losers do conduct harvesting from personal accounts on occasion. I know of one rabid anti-spammer who used to implement a similar dynamic email hand-out scheme on his site, handing out encoded addresses that he could trace back to his logs. (There have been little PHP routines to do this for years). He worked with several ISPs and people did lose accounts. Spiders will not stay away from dynamic pages simply because there is a huge base of things like PHPNuke and PHPWebsite and other CMSs that offer them a wealth of addresses. So although simply staying away from dynamic pages would keep them clear of Project pages, they won't do it. The rewards outweigh the risks. As for touching it twice.....lets just say.....that won't do them much good. I understand what you are saying but....somebody's already thought of that. Again, you could say this to some degree about any spam abatement measure -- blacklists, poisoning, spamtraps, tarpits, address obfuscation.... How many people have Spamcop sued? How many people do spam victims normally sue? Nothing good happens? NOTHING? As I said in the little example a few posts above, the Project is not showing all their cards. Perhaps this is just an academic research project. Perhaps they are going to do nothing more than post the statistics and let the observer draw their own conclusions. Perhaps they expect an earth-shattering revelation about how spammers operate. Perhaps they are going to start a dynamic blacklist for websites. We'll just have to wait and see. I think we all agree that it can't hurt and it offers a unique view that few others have systematically explored before.
  13. I'll try to give a little snapshot here of how project honeypot works, as far as I know it. I am by no means an expert and am not officially associated with the project. They have a really good FAQ which might make for some nice reading some cold winter night. The important thing to remember is that we often overestimate the intelligence of the spammer and, more importantly, his harvesting tools. There is no doubt that a crafty programmer could perform delicate surgery on all the addresses that a spammer collects. But the truth is, they don't care and don't spend that much time on it. Most are little more than scri_pt kiddies running 5-10 year old software. If they get 1 out of 10 addresses that are valid, they are happy. Another important thing to remember: as the spammer sends E-mail to the address supplied by the honeypot page, he has no reason to believe that anything is amiss. His spam is happily accepted by the recipient. Here's the deal. 1. I install a dynamic page on my webserver (either Perl or PHP) that is, like all dynamic pages, generated by my server every time it is called by a GET request from a remote client. The link to this page (say, from my front page) is hidden so that the average user can't see it -- its invisible to everything exept robots and spiders. The name of this hidden page is different for every server in the project. I can name it anything I want. 2. The scri_pt produces the HTML for your browser or the spammer's spambot. Tucked away in this page that is generated is an E-mail address, complete with the mailto: HTML tag. However this is not visible to someone with a browser, you could only see the E-mail address if you did a "view/source" of the page or if you were a spambot -- only looking at the raw HTML. 3. Here's the important part. That E-mail address is actually created by the Project Honey Pot servers a split second before my page is sent to the requesting host. So the project knows: a) when the page was requested. who requested it (IP address). c) via which server (mine) it was handed out. It logs these along with the E-mail address that was generated. 4. Just as important: The E-mail address generated is completely valid with a valid domain that is (secretly) owned by the project. Any mail sent to this address will be delivered and (secretly) disected by the project's servers. 4. In the future, if spam is sent to the address that was handed out, we not only know who the spammer is, but exactly when, where and who collected that address for the spammer. If nobody ever sends E-mail to the address, no harm, no foul. A specific example: 0. I get a personalized scri_pt from the project and install it on my server at http://mysite.com/pizza.php 1. Sally Spammer turns her spambot loose on the world from her home DSL ( 2. The spambot hits my home page and finds the hidden link to http://mysite.com/pizza.php 3. The spambot goes to /pizza.php and issues a GET for that page. 4. My server starts to generate the HTML code for the requested page. (spambot waiting) 5. Part of the internal page generation includes a call to project honey pot and requests an e-mail address. (spambot still waiting) 6. Project Honey Pot logs my server, the requesting IP (, the date/time and makes up an arbitratry but valid E-mail address: john[at]jankyho.com 7. My server receives john[at]jankyho.com back from the project and sticks it into the HTML code for my page. (spambot waiting) 8. I serve the page up to the spambot at I don't keep track of anything, I'm done. 9. Sally's spambot slurps up the page and greedily finds the html code for the email address of john[at]jankyho.com and stuffs it away. 10. Sally sells her list of E-mail addresses to a spammer in New York. 11. Three months from now the New York Spammer wants to sell Viagra. He digs into his list of suckers and comes up with 1000 addresses, including john[at]jankyho.com. 12. New York turns his spam machine on ( and sends out spam. When his server goes to send something to the jankyho.com domain, he does a DNS lookup for the MX record of jankyho.com. He is given the mail server address for one of the Project Honey Pot mail servers (of course this is not obvious to him or his spam-server). 13. The Project's mail servers get a spam sent to john[at]jankyho.com coming from It takes it in, says thanks, and lets the spammer go on his way. 14. The cycle of scum is complete. We now know that Sally Spammer is the root of all evil. We can positively identify her by her address ( and know exactly where and how she got the E-mail address. The johny[at]jankyho.com address was never handed out to anyone but her (and never will be handed out again). Some things to note. Sally and New York never know this is going on. We make no attempt to actually stop the spam as it is being sent. The only thing required to be secret is the list of domains owned by the Project (the ones that actually receive the spam.) An average surfer would never even see these pages let alone get to the hidden E-mail address. Even if a casual user or search engine DID get the E-mail address, nothing would ever happen unless they actually sent E-mail to that address. There are several ways a spammer could defeat this approach. None of them likely in the near future.
  14. So we've reached the conclusion that reporting to SC doesn't stop spam. Congratulations, we can add that to the list of EVERY other method also. I guess you folks are sweating this because unlike inbox filters, reporting actually takes time and effort. Well here is a random thought..... Even if some of you are not fortunate enough to be able to put blocklists in front of your accounts, you may be benefiting indirectly along with those of us that CAN use the blocklists. See if this makes sense: 1. I put blocklists on my server and all my users get mail bounced from spammers because of the lists (and because of your hard work). 2. Considering all my users and all my spam, that's about 500 pieces of junk per day that are never seen (actually never even delivered). 3. Spammers exist because one in 10,000 people is a moron and actually responds to the spam. 4. That moron never sees the spam because I blocked it. 5. That blocking is done on thousands of servers all over the world. 6. The spammer doesn't make money because the blocklists are working. And they do work. Ask osirusoft. 7. Spammers decide it isn't worth their trouble, they quit spamming and die alone and impotent. O.k. so it's a bit optimistic. But any good we do is better than nothing. Thank you folks. I think some of the inbox filters can use blacklists too. Don't they? So although you wouldn't be able to stop them before they got to your server, you can at least keep them out of your inbox.
  15. I finally (re)found the link I mentioned above. Great reading. http://www.cdt.org/speech/spam/030319spamreport.shtml Their data is a couple years old but I bet it is completely relevant today and likely very educational for the next few years. About the only change I see in spammers' habits is the increasing use of worms and viruses to harvest addresses from local hard drives. Project Honeypot is just starting out. I'm proud to say I jumped on in their first few months and I'm looking forward to a fun ride! They are expecting to turn on the statistics pages in the next few months as the results become meaningful. I would expect things to move exponentially in the next couple years. Certainly the scumbags out there will figure it out and find a way to detect the dynamic pages -- and just not harvest them -- but we have some tricks up our sleeves too.
  • Create New...