Jump to content

Spamhaus on "The Problem of Snowshoe spam"


rooster

Recommended Posts

FROM: "Announcing the Spamhaus CSS

2009-10-02 05:22 GMT"

by Tom Mortimer

http://www.spamhaus.org/news.lasso?article=646

While filtering methods for botnet spam are now quite effective, a new breed of static-IP address spammers has evolved, and their spam evades many filters. It is time to target the next great spam problem, "snowshoe" spam.

Like many of you, we at The Spamhaus Project have seen a burgeoning flood of spam emails, not from compromised IP addresses or botnet ranges, but from static IP address ranges. The IP addresses that send this spam properly identify their host names when connecting to a mailserver. At first glance, the emails that they send look like legitimate bulk emails, except that they were sent to spamtraps or to our own email addresses, which we know did not ask for that email. Most of them send modest volumes of email that do not trigger automated spam blocking filters or reputation metrics. It is this technique, spreading the load out over a larger area, that gives snowshoe spam its name. <snip>

I've been keeping a close watch on my 3 remaining spamtrap addies since my ISP subscribed to the Ironport filter(s) last January. I'm confident that the 'cited' Snowshoe shadenfreud have had no (as in zero) impact that I can detect.

Link to comment
Share on other sites

Thanks Rod.

I've been keeping a close watch on my 3 remaining spamtrap addies since my ISP subscribed to the Ironport filter(s) last January. I'm confident that the 'cited' Snowshoe shadenfreud have had no (as in zero) impact that I can detect.
You mean you've evaded the otherwise ineluctable epicaricacy of the 'new breed' of spam through the efficacy of IronPort filters? My ISP uses the same but even with filtering bypassed (that's an account option with mine) I'm not seeing any either. I guess my address just isn't on the lists. Unlike your spamtraps - or maybe they're not on the right lists either. But other users are talking about a few snowshoe operations. The last turned out to be an apparently legitimate e-marketing thing, not the same sort of deal as that described by Spamhaus (they had an effective 'unsubscribe' process anyway). But there are others.

So, are others reading this seeing snowshoe operations, those returning a result of 127.0.0.3 (rather than 127.0.0.2) on sbl.spamhaus.org / sbl-xbl.spamhaus.org / zen.spamhaus.org lookups? I'm intrigued there haven't been more sightings discussed 'here'.

Anyway, a heads up to any using the spamhaus.org lists to prepare for 127.0.0.3 result codes.

Link to comment
Share on other sites

As they say "mileage may vary." http://forum.spamcop.net/forums/index.php?showtopic=10613# These folks have at least one full block of mail addresses to send from and enough volume that the ones I reported didn't cause a dent.

Direct reporting did get me off their list. Have not heard back as to how I got on their double-in list.

Link to comment
Share on other sites

As they say "mileage may vary." http://forum.spamcop.net/forums/index.php?showtopic=10613# These folks have at least one full block of mail addresses to send from and enough volume that the ones I reported didn't cause a dent.

Direct reporting did get me off their list. Have not heard back as to how I got on their double-in list.

Gmail are the best I have seen in webmail for keeping your inbox clean with no false positives for me

here's how they do it

http://www.google.com/mail/help/fightspam/spamexplained.html

or the movie

Link to comment
Share on other sites

Thanks Rod.

You mean you've evaded the otherwise ineluctable epicaricacy of the 'new breed' of spam through the efficacy of IronPort filters?

Did you learn to write like that from a book? And if you did, can I buy it somewhere?

My ISP uses the same but even with filtering bypassed (that's an account option with mine) I'm not seeing any either. I guess my address just isn't on the lists. Unlike your spamtraps - or maybe they're not on the right lists either. But other users are talking about a few snowshoe operations. The last turned out to be an apparently legitimate e-marketing thing, not the same sort of deal as that described by Spamhaus (they had an effective 'unsubscribe' process anyway). But there are others.

So, are others reading this seeing snowshoe operations, those returning a result of 127.0.0.3 (rather than 127.0.0.2) on sbl.spamhaus.org / sbl-xbl.spamhaus.org / zen.spamhaus.org lookups? I'm intrigued there haven't been more sightings discussed 'here'. <snip>

The CSS Project seems to rely on the Shared Whois Project (SWIP). Based on limited readings on that venture, I had more or less concluded some time ago DNS records maintained under the aegis of SWIP were unlikely to be reliable for all but superficial scouting of sources. If Spamhaus assays them gold, then I'll have to revisit the subject. Like you, not seeing a blip in my spam made me wonder just what was slipping through other folks' filters.

I must confess, when I read Mortimer's abstract, I was wont to squint. You know, what your face does when you don't think you're getting it? Assimilating the RFCs pertaining to 'righteous' allocations, assignments or reassignments is for folks with longer brains than mine. Add to that the abuses, variables and vicissitudes of IN-ADDR.ARPA conventions as they now exist takes the matter into a realm nigh unto theoretical physics; ... or women.

Point being, I reckon most end users would have a hard time differentiating between bot-spam and snowshoe spam based exclusively on the SWIP d/bs unless there is something peculiar about these iterations SH isn't making clear to 'day-trippers' like me. My observation on the alleged burgeoning Snowshoe subset is limited to simple raw data; the range of spam/week hitting my traps hasn't changed since Jan. this year.

I'd be obliged to hear more from some SC 'longheads' on whether the CSS Project has real promise. My perceptions are almost certainly flawed, behind the times and of dubious relevance. I haven't spent much time on spam this year because I don't get enough anymore for it to be a problem. As I mentioned 'entre nous', 'if de dog don't bite, why be kickin' it'? I haven't even taken the time to update my HSQL dbs this year .. putting it off to Y/E when I can do a year's worth of analysis in the time it used to take to detail a couple of days'. Sweet! If only this were the case across the board.

The “Issue†that sustains my interest in the CSS/SWIP Project(s) is the way our (Canadian) registries have come to be maintained. TMALSS, CIRA Domain Registration WHOIS records now default to anonymous. CIRA board members, and their 'alleged' advisors, maintain this protects registrants' privacy. Having spent many hours polling and canvassing input on this claim, I came to the firm conclusion the claim has not been substantiated. Something else is going on and whatever it is, it's not coming across to me as legit insofar as serving the public interest.

Canada is not the only country to adopt this policy. In the context of the SH CSS list, there is also the issue of misconfigured DNS servers that, on the face of it, would significantly impair SWIP >> SH 127.0.0.3 list reliability apropos Spamhaus' probity issues; which issues drive much of the criticism about SH's legitimacy. Running code against LACNIC servers for example turns up useless DNS MX, A & etc., records at a discouraging rate. How an MX or A record for example might end up associated with SH's 127.0.0.3 list, and what it might signify, gives me pause to ponder. But SH has tools & strategies the likes of me can only dream about; so I'm biding chukkers on the sidelines astride my Shetland watching the upper-crust on Arabians join in elegant fray upon the pitch; so to speak.

My issue, as it were, is that maintaining/enforcing current and reliable DNS records at all levels and facilitating public access to them suggests net benefits ('double entendre' intended) well in excess of the considerable costs and sacrifices involved. SH's CSS Project would seem to me to support that premise; ...or at least be consistent with it. I sincerely hope they run with it.

Comparing and Contrasting:

Governments and agencies around the world are cagey and conniving and adamant when it comes to their right of access to private e-traffic; contending that this rubric is to protect the public by identifying sources of ongoing crime, latent terrorism, and to gather probative evidence. Who and how far can they go is a proper subject for debate. In Canada, this is referred to as “the lawful access initiative.†http://www.michaelgeist.ca/content/view/4424/135/

The same governments and agents (including the above cited Michael Geist) have lobbied successfully for policies (Domain Registration Anonymity) whereby the public is denied the right to protect itself (think caveat emptor) by expunging (what should be) public records viz public conveyances (sources) on the internet, ... on the premise this is to protect privacy!

How would the public react to a new gov policy saying, in the interest of privacy, airlines can register their fleets anonymously, denying the public access to info on who owns and who is flying their plane? But, and by the way, in another bill we authorize whomsoever we choose to depute to routinely interrogate passengers, scan their LT HDs, X-ray them right down to their skeletons, perform proctological exams, and pull up all manner of personal (private) info on them amassed in ginormous dbs from all over the planet whenever their mood is fit.

Link to comment
Share on other sites

Did you learn to write like that from a book? And if you did, can I buy it somewhere? ...
Hey, turnabout is fair play, you made me look up schadenfreude. But why do the Germans have names for all the unfunny kinds of humor/humour? Is it like the Eskimos with names (in each of their several languages) for all the types of snow? Or the Sami with 40 kinds of reindeer poo? Are the Germans actually so gleeful?
... The CSS Project seems to rely on the Shared Whois Project (SWIP). Based on limited readings on that venture, I had more or less concluded some time ago DNS records maintained under the aegis of SWIP were unlikely to be reliable for all but superficial scouting of sources. If Spamhaus assays them gold, then I'll have to revisit the subject. ...
Yes, that's the nub of it.
...a burgeoning flood of spam emails, not from compromised IP addresses or botnet ranges, but from static IP address ranges. The IP addresses that send this spam properly identify their host names when connecting to a mailserver. At first glance, the emails that they send look like legitimate bulk emails, except that they were sent to spamtraps or to our own email addresses, which we know did not ask for that email. ...

However, the resemblance to legitimate bulk emailers ends with surface details. Unlike IP addresses ("IPs") used by legitimate bulk emailers, the IPs used by snowshoe spammers are usually either unallocated/un-SWIP'd, or allocated/SWIP'd to small companies that neither we nor anybody else has ever heard of before. Unlike the mail servers and URI domains used in legitimate bulk email, the mail servers and URI domains are either registered with a Whois cloaking service, or, again, to small companies that neither we nor anybody else has ever heard of before. ...

Which, sheared/shorn of the pseudo-science, says to me it is more behavior/behaviour than anything else which will bring an IP address into the CSS list. So Lou King's example (emailonsteroids.com, is this a scourge with a "good" business plan?) is probably one in which all of the various IPs used should have made it to the CSS. Except the senders had the luck or a clean enough mailing list not to spam any SH spamtraps or reporters. As SH says, "Most of them send modest volumes of email that do not trigger automated spam blocking filters or reputation metrics." Accordingly it is hard to see how the CSS initiative is going to be spreading a net which is both wide enough and fine enough to get on top of this. CSS delisting is automatic after 3 days unless "spamming continues, or continues from IPs in the vicinity of a listed IP". Sounds like they're certainly going to try, with their "Redetections are also flagged to the SBL team for more extensive SBL listings of the IP range(s) involved." (Spamhaus CSS Component of the SBL) There's certainly a lot of effort tied up in those few simple statements - and a high degree of judgment.
...I must confess, when I read Mortimer's abstract, I was wont to squint. You know, what your face does when you don't think you're getting it? Assimilating the RFCs pertaining to 'righteous' allocations, assignments or reassignments is for folks with longer brains than mine. Add to that the abuses, variables and vicissitudes of IN-ADDR.ARPA conventions as they now exist takes the matter into a realm nigh unto theoretical physics; ... or women.

Point being, I reckon most end users would have a hard time differentiating between bot-spam and snowshoe spam based exclusively on the SWIP d/bs unless there is something peculiar about these iterations SH isn't making clear to 'day-trippers' like me. My observation on the alleged burgeoning Snowshoe subset is limited to simple raw data; the range of spam/week hitting my traps hasn't changed since Jan. this year. ...

I agree, the CSS initiative comes across as almost arbitrary, doesn't it? But with the manual/judgmental review of 'redetections' and possible/consequent extensions of sinbin time, I'm supposing a certain momentum is anticipated to rapidly expand the CSS database to a point of usefulness. SpamHaus is no stranger to such manual/judgmental review a la ROKSO.
... I'd be obliged to hear more from some SC 'longheads' on whether the CSS Project has real promise. ...As I mentioned 'entre nous', 'if de dog don't bite, why be kickin' it'? ...
It would be good to have some comment from others on the topic (and if you you tag them 'longheads' accordingly, they will no doubt grok that this is merely relative to your own modest, if unwarranted, self-deprecation and not some actual stipulation as to cephalic index).
...The “Issue” that sustains my interest in the CSS/SWIP Project(s) is the way our (Canadian) registries have come to be maintained. TMALSS, CIRA Domain Registration WHOIS records now default to anonymous. CIRA board members, and their 'alleged' advisors, maintain this protects registrants' privacy. Having spent many hours polling and canvassing input on this claim, I came to the firm conclusion the claim has not been substantiated. Something else is going on and whatever it is, it's not coming across to me as legit insofar as serving the public interest.

Canada is not the only country to adopt this policy. In the context of the SH CSS list, there is also the issue of misconfigured DNS servers that, on the face of it, would significantly impair SWIP >> SH 127.0.0.3 list reliability apropos Spamhaus' probity issues; which issues drive much of the criticism about SH's legitimacy. Running code against LACNIC servers for example turns up useless DNS MX, A & etc., records at a discouraging rate. How an MX or A record for example might end up associated with SH's 127.0.0.3 list, and what it might signify, gives me pause to ponder. But SH has tools & strategies the likes of me can only dream about; so I'm biding chukkers on the sidelines astride my Shetland watching the upper-crust on Arabians join in elegant fray upon the pitch; so to speak. ...

Yes, we can only guess how SpamHaus might take account of the difference between national policies, legitimate privacy protection and spammer tactics to avert righteous wrath, all WRT 'anonymizing' domain registrant records - but I'm not sure at what stage of the CSS listing process that actually comes into it. At first blush they would be mostly concerned with IP delegations, allocations and assignments which is a different kettle of fish but yes, SH also mentions domain registrations. I suspect that is where their manual oversight comes into play, and the possibility of unknown resources and tools. In (faint) defense/defence of the Canadian and others' policies we must remember that at least one anti-spam 'zealot' has been in trouble with 'the law' on account of looking up and using whois data (anguished comments on same in these pages, somewhere, and widely on the internet). In common law and in statute there are protections of privacy, not to mention recourse for breach of copyright.
...My issue, as it were, is that maintaining/enforcing current and reliable DNS records at all levels and facilitating public access to them suggests net benefits ('double entendre' intended) well in excess of the considerable costs and sacrifices involved. SH's CSS Project would seem to me to support that premise; ...or at least be consistent with it. I sincerely hope they run with it. ...
The way they are using it is the key - their "DNS-based blocklist". "The CSS contains only single IPs," based on direct observation plus their further somewhat mysterious sleuthing and a degree of judgment withal. That is not the same as public access and unlimited purpose. Even so, we can be sure it will be hotly contested by the legions of the ungodly and others besides.
... Comparing and Contrasting:

Governments and agencies around the world are cagey and conniving and adamant when it comes to their right of access to private e-traffic; contending that this rubric is to protect the public by identifying sources of ongoing crime, latent terrorism, and to gather probative evidence. Who and how far can they go is a proper subject for debate. In Canada, this is referred to as “the lawful access initiative.” http://www.michaelgeist.ca/content/view/4424/135/

The same governments and agents (including the above cited Michael Geist) have lobbied successfully for policies (Domain Registration Anonymity) whereby the public is denied the right to protect itself (think caveat emptor) by expunging (what should be) public records viz public conveyances (sources) on the internet, ... on the premise this is to protect privacy!

How would the public react to a new gov policy saying, in the interest of privacy, airlines can register their fleets anonymously, denying the public access to info on who owns and who is flying their plane? But, and by the way, in another bill we authorize whomsoever we choose to depute to routinely interrogate passengers, scan their LT HDs, X-ray them right down to their skeletons, perform proctological exams, and pull up all manner of personal (private) info on them amassed in ginormous dbs from all over the planet whenever their mood is fit.

Now you have near-to exposed the limits of my slender resources of stamina and knowledge. Suffice to say I feel much the same way about it. Some recommend prune-juice but I prefer to believe it is simply an experienced observer at work, able to effortlessly correlate consequences and interpolate implications. I have similar reservations about the European Convention on Cybercrime yet Wazoo has instanced (in that topic) the very successes in addressing that problem for which the convention exists while the potential evils are yet to be demonstrated. History teaches us to be wary (at the very least) of sacrificing our rights for the transitory and lesser benefits of 'security' but unfortunately 'future history' remains an oxymoron.
Link to comment
Share on other sites

I am still hoping that those who would want to force others to behave they want them to will learn that on the internet, there is no need to do so. Since they can't force you either, you can ignore them. Of course, that's a chore, but it is better than having to be forceful and possibly hurt in the process. It would be much better to block any email that is not properly constructed and sent than the present system of dropping them. People who use the internet should be able to make choices on how to filter their email. Like many here, I do not have to filter some of my email accounts at all.

There will never be a solution to the criminal activity of phishing, etc. as long as there are gullible people. On the other hand, I can't get rid of the idea that some spam activity is not so much about making money as it is a game to evade filters. Someone not quite malicious enough to write viruses, but someone who wants to pit hir skills against the pros.

Miss Betsy

Link to comment
Share on other sites

... Are the Germans actually so gleeful?

Depends; the deontological aphorisms of Kant make you want to 'laufen' in front of 'der Autobus'.

Whereas the 'zeitgeist' of Ebeling and Strübing is 'der Spritz'.

Which, sheared/shorn of the pseudo-science, says to me it is more behavior/behaviour than anything else which will bring an IP address into the CSS list.

... “behaviourâ€: Skinner lives!

'Der Spalzen und der Witzen' aside, behavioural analysis of spam traffic at very low levels using the SWIP db (and/or unSWIP default) as the 'driver' is going to create false positives; methinks. Mortimer can only cover so much ground in a 'brief', and he predicates that the “sol'n is going to require many organizations and many people using a variety of approachesâ€. Strategy-wise, WAVT integrating the CSS initiative with the CBL, I'm sensing 'das Chaos und die Schweinerel', 'kaputenstrass'; ...already.

whois records “...one anti-spam 'zealot' has been in trouble with 'the law...†Yes but; Zealotry however righteous. doesn't warrant gratuitous (unauthorized) privileges. Abuse by the goose is abuse by the gander. “whois†hosts all spell out acceptable terms of use/access. AFAICT, the ones I've actually taken time to read do balance registrants' need for protection against abuse with public need to make informed decisions.

IIRC, exceptional access authorization (e.g. automated) for military, gov agencies & “institutions†is negotiable; eh? Oversubscribing to whoises has proven to be pretty easy to regulate and abuse of whois info gets traced back to the abuser on a fairly regular and timely basis. Or am I wrong? It's not that I depreciate the abuses that have occurred, it's just that I feel that they are being overstressed. If a domain holder wants/needs anonymity; fine. They can apply for and be given it with minimum folderol, but not NQA. On an exception basis affords whois admins a chance to run interference on illegitimate activities. My position is that domain registrations should not default to anonymity; is all.

The obverse of e-traffic abuse might be stealing electricity from the grid or cable signal from your neighbour. Power and cable companies have the tools to detect abuses and the means to do something about it. Every legitimate user of these resources is registered. Usurpers can be identified PDQ. From a strategic overview, can you imagine what our bills would look like if these service providers let everyone's subscription/account default to fast-flux and anonymous accounts? Staggering! Yet that is what registering authorities and advisors to gov claim is the SOTA optimal business plan; one that adds value to finite resources. Ability to identify abuse(rs) should be a strategic 'sine qua non' WRT ISPs, Domain Registrars, Registering Authorities and Backbone Providers. I wouldn't be surprised if the failure to assimilate this simple strategy eventuates in undermining/depreciating the whole idea of the SPF Framework. But I've been wrong before.

End-users are on the front lines when it comes to getting machine-gunned to death by spam. So why prevent the privates from scouting and reporting back to HQ as to who is shooting at them and where the pill boxes are?

...stipulation as to cephalic index...â€

Speaking of "privates", leave it to an Aussi to bring penis size into it...

Link to comment
Share on other sites

...End-users are on the front lines when it comes to getting machine-gunned to death by spam. So why prevent the privates from scouting and reporting back to HQ as to who is shooting at them and where the pill boxes are?...
Unfortunately the internet was not designed with spam and spammers in mind. Yes, it is past time 'it' took the realities into account but all that seems to be happening is that spam is being progressively transformed into the 'dark matter' of cyberspace - as increasing volumes of it are restrained from delivery and visibility (ISP inward and outward filtering and blocking/'dropping' which is evidently an economically optimal 'solution', thus the one we 'deserve'). Which doesn't eliminate it as such (so we're still paying for it), but still ... Oh, and increased blocking encourages 'snowshoe' operations. Such is the evolution of the cybercosmos. Yes, restrictions on access to meaningful, valid whois data (continues to) principally benefit the spammers from 'our' viewpoint.

The true solution is of course to eliminate all need and human greed. And perhaps playfulness and 'ego', as Miss Betsy suggests. Okay, I will work on that. Progress reports may be infrequent.

...Speaking of "privates", leave it to an Aussi to bring penis size into it...
{chortle} hence "microcephalic".
Link to comment
Share on other sites

Using throwaway email addresses is a hole different topic.

My point is that one can now get a competent email addy that's pretty spamproof

this makes spamhaus and other anti-spam procedures redundant

And because it is spamproof it is not needed to be thrown away

On the whole I never advocate one use the email address your ISP sticks you with.

Most as in major majority don't care, are incompetent and just plain crooked exeling only in milking your bank account

Link to comment
Share on other sites

My point is that one can now get a competent email addy that's pretty spamproof

this makes spamhaus and other anti-spam procedures redundant

And because it is spamproof it is not needed to be thrown away

On the whole I never advocate one use the email address your ISP sticks you with.

Most as in major majority don't care, are incompetent and just plain crooked exeling only in milking your bank account

As I said that is a whole different topic. But "of course" Yahoo and Gmail etc. collect all that anti-spam information on their own making spamhaus etc. redundant - not.

As for where you get you email address, opinions vary as does service. IMHO softwarepro [at] gmail or expert[at]q.com just doesn't strike me the same as support[at]mydomain.com

But you are correct they have spamproofed their email system. The faults positives are also high. Just the other day I could not sent an email to my daughter because q.com didn't like the reputation of the ISP I was able to use on the road. so there are pros and cons

Link to comment
Share on other sites

As I said that is a whole different topic. But "of course" Yahoo and Gmail etc. collect all that anti-spam information on their own making spamhaus etc. redundant - not.

As for where you get you email address, opinions vary as does service. IMHO softwarepro [at] gmail or expert[at]q.com just doesn't strike me the same as support[at]mydomain.com

But you are correct they have spamproofed their email system. The faults positives are also high. Just the other day I could not sent an email to my daughter because q.com didn't like the reputation of the ISP I was able to use on the road. so there are pros and cons

Spamhaus has been effective, if Gmail can keep a spamfree with no false positives theirs and other email systems can become redundant (I have had zero false positives)

Your problem arose from using a email system that is being reported as a spammer and doesn't seem to care

As for getting your own mydomain.com Gmail can accomodate this too, I have one mysecreteaddy[at]ThxBat.cxm run and filtered by Gmail

While greylisting works it is annoying when one is waiting for a reply and it's not instant. With it one also has to rely on the (sometimes in)competancy for resending email after initail greylist rejection

Link to comment
Share on other sites

...With it one also has to rely on the (sometimes in)competancy for resending email after initail greylist rejection
I would generally support that contention, while withholding judgement about relative competency.

On the sending side there seems to be little standardisation of practice on the number of retries and the interval between them while on the receiving side there may be differences in the "cooling off" period and limits on the number of retries allowed within that period (before issuing a "permanent failure"). These can and do get out of synchronisation, as mail exchanges either end tweak their settings. Fortunately the only case (that I know of) generated an NDR back to me, the originator, and we were able to get it sorted out between the parties. Those using greylisting find it too valuable/cost effective to abandon and both sending and (particularly) receiving ends tend to be reticent about discussing their specific settings.

SpamCop e-mail wasn't involved in the problematical delivery, by the way, nor is it prone in the case of my sending system with the current settings at either end - as confirmed in private with a test message, through the good offices of Steven Underwood (thanks Steven). But, I suggest, there is a vulnerability along the lines asserted by petzl.

Link to comment
Share on other sites

I would generally support that contention, while withholding judgement about relative competency.

SpamCop e-mail wasn't involved in the problematical delivery, by the way, nor is it prone in the case of my sending system with the current settings at either end - as confirmed in private with a test message, through the good offices of Steven Underwood (thanks Steven). But, I suggest, there is a vulnerability along the lines asserted by petzl.

No troubles with SpamCop email this is the best email system out (IMO) and it reports spammers to the spamming ISP. Only had one idiot emailer (website would not allow paid for downloads either) that could not get past greylisting (untill I whitelisted)

However I use a gmail addy in my newsreader and do not get spam to my inbox (well extremly little) so its telling me Gmail have caught up and surpassed best efforts of other spam prevention and has a 25 meg file size limit (more than most)

Link to comment
Share on other sites

The faults positives are also high. Just the other day I could not sent an email to my daughter because q.com didn't like the reputation of the ISP I was able to use on the road. so there are pros and cons
I don't like the idea of someone else filtering my email - unless I can give them the criteria to do so. I would never use an email address that did not allow me to receive all my email. Since one can have an email address that is not on any spam lists, you can have it unfiltered and not receive spam. Of course, the botnet spam can be detected and blocked so that even on spammy addresses, most of it is eliminated. Usually, the 419s are the only ones that come through and they are hardly more annoying that those of my correspondents who send all those stupid FWs FWs. They are worse because it takes longer (and may destroy the relationship) to stop them from doing so.

Miss Betsy

Link to comment
Share on other sites

Spamhaus has been effective, if Gmail can keep a spamfree with no false positives theirs and other email systems can become redundant (I have had zero false positives)

For the record Gmail does have false postives. I have all the emails from a cluster of mailing lists (Baen's Bar) sent to my gmail account - that's about 15,000 emails a month (what Gmail calls 1400 conversations).

2 spam 10 False Positives

Since they are all from the same server I take it that this ii based on content though they don't look any different to me.

The spam is due to the eaddress being exposed when I use Google to post on Usenet.

Link to comment
Share on other sites

I don't like the idea of someone else filtering my email - unless I can give them the criteria to do so. I would never use an email address that did not allow me to receive all my email. Since one can have an email address that is not on any spam lists, you can have it unfiltered and not receive spam. Of course, the botnet spam can be detected and blocked so that even on spammy addresses, most of it is eliminated. Usually, the 419s are the only ones that come through and they are hardly more annoying that those of my correspondents who send all those stupid FWs FWs. They are worse because it takes longer (and may destroy the relationship) to stop them from doing so.

Miss Betsy also wrote:

It would be much better to block any email that is not properly constructed and sent than the present system of dropping them. People who use the internet should be able to make choices on how to filter their email. Like many here, I do not have to filter some of my email accounts at all.

I'm hardly worthy to opine on what you've concluded from all your hard work and recherches. My background is Organizational Development & Design; not Information Technology. But as a dilettante desk topper and seeker of 'Einsicht', I labour under one superordinate fact that seems to be uncontested and that I don't think “... you can ignore...â€.

The usurping of bandwidth, hardware and human resources by spammers approaches the GDP of some medium sized countries. The direct costs of spam to the subset of humanity you allude to (one of which is born every minute) is categorically different; although substantial. To my way of thinking, spam, by definition, is a function of/dependant on these usurpations. I don't want to read too much into what you wrote, but it almost appears you're seeing it the other way round; blaming the victims for the abuse of internet resources.

Could you elaborate on these 'forcings'? I'm not clear as to who you want me to understand is under threat of being forced to submit to what, and to whom?

I've read the posts up yours (Miss Betsy's) of Oct 10 2009, 04:41 AM. The focus here seems to be micromanaging spam at the end-user level or upstream (proxy) server level. 'Cognoscenti' such as y'all comprise an even smaller subset of end-users than the 'ignoranti' Miss Betsy points at. I'm hoping to move the narrative toward a more strategic overview. “Bottom up†management has never been a very successful management style, as you all well know. Smart asses (i.e., bottoms) don't make good decision makers or framers of policy. Superordinate goals & objectives tend to get sabotaged PDQ.

WRT Google, Yahoo & etc., ...(Domain Keys and sophisticated filtering algorithms)... indeed these tools interrupt estimable amounts of e-traffic on their way to inboxes. Blessings be upon those who serve us well in contriving and implementing them. But they leave the door open still to evils such as bot infections, server compromises, and they haven't demonstrated any efficacy apropos overall usurpation of internet resources. I interpret the tendency to rely on these tools as reflecting a 'laisse faire' strategic approach to e-traffic. From an ODD perspective, this might equate an organization that devotes more of it's resources to it's legal department than on vending it's goods & services. What would our attitudes be about flying commercially if the airline industry spent more on lawyers than on air traffic control, pilot training and airplane maintenance? Self-regulating, like self-medicating, has limits.

If there are toxic waste processing plants in your municipality spewing fumes to the 4 winds and spilling goo upside your garden gate, you have a legitimate interest in knowing who is running the dump. Retro-fitting our homes with Bucky Domes and shooing the kiddies off to 'kindergarten' in OshKosh B'Gosh or Buster Brown haz-mat gear... well; you get my drift...

Link to comment
Share on other sites

"ICANN studies secretive domain owners"
Here is a link directly to ICANN, it points to a PDF paper: http://www.icann.org/en/public-comment/#proxy

This ought to get people fired up.

I'm of two minds here, since I have registered my name through proxy provided by my registrar -- precisely because I don't feel like getting spammed at the registrant addresses (I'm guessing my registrar gets spammed in my place).

The PDF indicates that 15 to 25 per cent of 2400 random domains sampled used proxy registrants. I'm not sure for what purpose ICANN is interested in this info, the paper does not seem to say. If it is for enforcement, then I could sign up to that, but why not first crack down on the registrars who don't even bother to post enough WHOIS data to let you figure out if the registration is proxy in the first place?

-- rick

P.S., I posted a comment on the paper; if it is accepted it will probably show up here.

Link to comment
Share on other sites

For the record Gmail does have false postives. I have all the emails from a cluster of mailing lists (Baen's Bar) sent to my gmail account - that's about 15,000 emails a month (what Gmail calls 1400 conversations).

2 spam 10 False Positives

Since they are all from the same server I take it that this ii based on content though they don't look any different to me.

The spam is due to the eaddress being exposed when I use Google to post on Usenet.

i have no doubt false positives are possible on Gmail I so far have none after years of exposing my newsgroup email addy in newsgroups. I get all email to my inbox

As there are many (pro-spammers) who are out to destroy reputations of any and all effective spam countermeasures. NANAE had a active well spoken group who even invaded SpamCop newsgroups as SpamCop became THE best method of killing spammers (still is). So as I'm not experiencing your claims about Gmail forgive me for being sus (Margie and Huey a couple)

A heavy test is to expose an email address on newsgroups (Google obscure email addressess though? which you seem to say don't?)

Face it the reason of false positives are that they eminate from an ISP that helps spammers (even ones who claim to be legitimate)

Gmail does have whitelisting (settings/filters) available and "Not spam" button for the rare case false positive

The answer to spamming is to minnimise those allowed to send email (only the competant) Gmail to me are showing the way this can be accomplised

Link to comment
Share on other sites

..."ICANN studies secretive domain owners"
Oh dear, and didn't that (not) go over well with the handfull of registrant respondents so far at networkworld? (http://www.networkworld.com/news/2009/1002...ive-domain.html)

Well, good for ICANN, they are the ones trying their little hearts out just now but historically the huge burden of spam shows no more than a momentary downwards blip (at best) in response to the several prosecutions and various rearrangement of the deck chairs on our Titanic that they and others have essayed so far. Except spam is now mostly invisible to most of us because, I suggest, more and more of it doesn't even make it to our inboxes - though that's necessarily just inference based on what I see and hear about in terms of service provider port and spammail blocking. Individuals (including me) report less and less spam yet the various spamcounts around the internet show no downward trend or (sometimes) a slight sawtooth in the overall progression, as said.

I'm guessing that blocking only spurs the spammers to greater efforts and more bandwidth waste on initial transmission (at least). And dodgy registrants (with uncaring registrars behind them) are only part of the infrastructure for spam. Even so, the Whois Data Problem Reporting System at http://wdprs.internic.net/ has been in continuous use for many years with little apparent impact on the problem of patently false registrant data and maybe that is part of what ICANN is trying to come to grips with now.

A real problem WRT spam (and cybercrime generally) appears to me to be the registrars who support 'bulk' automated registration of 'alphabet soup' domains at ridiculously low fees (not to point fingers ;) but I think I have mentioned the RMB/CNY equivalent of US 0.13 per domain before). If ICANN can't stop that then there's little point in them worrying the many legitimate users of anonomyzing/proxy services for registrant detail, not as a primary concern anyway - though of course spammers will use anything they can/have to in a bid to stay in 'business' including, we know, using 'anonomyzing'/proxy registration services so those may turn out not be supportable as a long-term solution to the assorted privacy concerns of genuine registrants.

Of course there are spamfighting/cybercrime successes and there has been progress (otherwise the email system would have been totally unusable long before this). But it takes more and more effort and we all pay for that. Petzl is happy with Gmail and apparently has no significant false positives. I received just 3 spam in July, 2 in August and one in September with my ISP's filtering-dropping turned off. Oh dear, just found 2 in my HotMail account, too old to report now, but hardly ever any there either, can't remember the last time. None in my Yahoo account. None of mine are heavily-exposed addresses but still ...

Link to comment
Share on other sites

Petzl is happy with Gmail and apparently has no significant false positives. I received just 3 spam in July, 2 in August and one in September with my ISP's filtering-dropping turned off. Oh dear, just found 2 in my HotMail account, too old to report now, but hardly ever any there either, can't remember the last time. None in my Yahoo account. None of mine are heavily-exposed addresses but still ...

I'm impressed with Gmail (presently)

You do not say the false positives are for a Gmail account?

Peobably regret this but I trust you :blush:

Link to comment
Share on other sites

I'm impressed with Gmail (presently)

You do not say the false positives are for a Gmail account?

Peobably regret this but I trust you :blush:

:lol: Now you are MINE! Heh, no, I was talking about iiNet as 'my ISP', I don't use Gmail and completely accept what you are saying about it.
Link to comment
Share on other sites

:lol: Now you are MINE! Heh, no, I was talking about iiNet as 'my ISP', I don't use Gmail and completely accept what you are saying about it.

I'll learn (no doubt) ;)

IInet seem to actually want to be an internet provider (the others pushing copper wire done badly)

The National Broadband Network (NBN Australia) is their devil to deal with (if it happens)

What I would like is Gmail filtering available to all (it seems that good)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...