Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by Mikey

  1. Yikes is right. You can really see it here: http://alpha.cesmail.net/graphics/spamweek.gif
  2. To perhaps save you from another Google effort ;-) What WB8 is talking about is a process that normally occurs in your mail server NOT in your mail client. Without stepping on too many technical toes here.... DNS is the process (or application) of converting between doman names and the dotted IP address. A DNSbl (black list) is a list of these dotted IP addresses used by known spammers. Your mail server checks against these collected addresses before it even completes a SMTP (mail) connection from a remote server. If the address is on the list, the server rejects the mail before it is put into your mail box. Why doesn't everyone use these lists? If you can't tell from some of the posts in this forum, some times the wrong people get onto these lists. I won't go further on that topic, there are volumes that could be said about that. So your ISP has too choices. (1) Use the blacklists and deal with the rare, occasional hot-head who gets his mail blocked. Or (2) not use the blacklists and let, literally, every piece of spam into the system where it has to be dealt with by server-side content filters or you get to deal with it by using your own client-side filters. (Hey WB8TYW, 73 OM!)
  3. Just had another thought. Sorry, it happens every now and then..... ;-) All the English dictionary words I see in spam bodies now..... What's the chance that's there to fool Bayesian filters? Does it hurt to run these through something like sa-learn, K9 or another learning filter? Are the spammers eventually going to dilute the Bayesian statistics to the point that these filters won't work? -Mikey.
  4. Sorry if this is a bit off topic, but PeterJ mentioned TarProxy. Another similar work is here: http://www.spamcannibal.org/cannibal.cgi I've manually tarpitted MTAs before but I don't have a lot of data. Seems like sendmail will tarpit for about 10 minutes before it gives up. I wonder if others tarpit longer or even indefintely. Can you imagine if all the spammers walked into tarpits and had to sit there for 10 minutes?
  5. Don't pick on engineers Wazoo (Cougar?) hit on the biggest drawback with comparing this to what RBLs currently do: you actually have to receive the entire E-mail to do this check. This puts it out of the realm of MTA effort anyway. Although I'd be interested in your reference to Postfix, I didn't know they could do anything like that. Something like this would probably be done with a call from procmail to a perl scri_pt or SpamAssassin. I understand you are proposing a DNSBL style lookup, but again, that could be done by SpamAssassin. Regarding the Asian spamhauses, they have a very comprehensive list here: http://www.okean.com/asianspamblocks.html Anyway, I guess I would have to think about the overall concept some more. Seems like it would be o.k..... Would there be a vulnerability to joe-jobbing legitimate sites? What would you do if there was a reference to a ligit site and a black site in the same e-mail? How would you guard against people simply talking about black sites? Like when your buddy says, "Hey, Jeff, have you been getting spam from www.chinaspammer.com?" I guess you could make it only look for actual html code, not just the plain text reference.
  6. Thanks guys. Just signed up! Don't spend it all in one place....
  7. There are several references now in places on SC and other places about spammers ability to track those who report them. Alas, it appears that I was NOT paranoid after all! So my question is, how are they doing this? Someone must have some intel on this if they believe it is happening. These are my guesses. Again, perhaps I'm paranoid.... 1. "Random" text at the end of subject lines 2. "Random" text at the end of the body, often after the /html tag 3. Recipient username or entire E-mail referenced in body (obviously) 4. "From" usernames that appear to be random (or joe-jobs) but aren't 5. X-mailer fields 6. "Random" text or English words within the body, often obscured by html tags 7. Message-Id fields I have had people tell me that all the above items are only there to confuse content-checking spam filters, particularly simple client filters. However I don't think that is true. Certainly munged X-mailer fields will disguise the fact that they are using rat-ware to send the spam. Yet I don't think putting x56ffg on the end of a subject line is going to do anything to fool spamassassin or anything else. As far as I know, nearly everything in the header (and obviously the body) is subject to tampering. So I know they COULD do it anywhere, I was just curious if someone knows for a fact, "This is how they are doing it...." So what do you experts say? Thanks.
  8. Sorry if this is answered somewhere but I didn't see it in any of the conventional FAQ/help pages: The link from the front page says "spam reporting registration (free and paid)" yet the link takes you to the anonymous sign-up page. Is there actually an option for paid reporting services or do I need to sign up for a spamcop.net E-mail account? I'd be happy to have an E-mail account if the price is the same or (obviously) if the report-only option doesn't exist any more but I couldn't find any reference to the fact that it DOESN'T exist. What am I missing? Also, are anonymous users automatically made into moles? I guess this leads to a broader question... sorry for the tome here... When I report spam now, after I click "send" it says "Reports sent to x...." Does it actually send those reports? Or does it spool them up and send one report only if N users have reported the same spam? I ask this because I don't see the corresponding recipients when I go to the "statistics" page. Thanks folks. Thanks.
  • Create New...