msealey Posted August 12, 2006 Posted August 12, 2006 Anyone know the source of literally tens of thousands of emails in the past couple of weeks which I'm managing to block in ProcMail with the (apologies in advance) following recipes. At first they were all coming from forged qwest.net - but in reality (then and now) from servers everywhere. It's proving hard to keep up with blocking them this way since they're now changing the string every few hours. Anyone recognise them and have a more permanent solution, please? Help! :0HB * excluusive and shocked aduult vldeo /dev/null :0HB * new and very y0+ung glRLs /dev/null :0HB * fIashing panttIes /dev/null :0HB * suKlng and fUklng video on our site /dev/null :0HB * fukcing and sukcing /dev/null :0HB * very little girls in bathroom /dev/null :0HB * snowman still fukc snowgirl /dev/null I am filtering on my client - but it's trying my patience. YIA!
Wazoo Posted August 12, 2006 Posted August 12, 2006 I'm not sure I can equate this query asking about filtering via ProcMail recipies to an issue with a SpamCop.net e-mail account .. so moving to the Geek/Tech Things > Software Issues Forum section ....
Paranoid2000 Posted August 14, 2006 Posted August 14, 2006 Since this sort of spam always involves a website, filtering by URL may be more effective. If the URLs contain affiliate links (suggesting spam by a third party), then providing details to the website concerned may get that affiliate suspended. If not, complain to the hosting ISP (getting a SpamCop account and using it will automate this process). These methods involve more work, but unlike filtering, do impose a cost on the spammer and those that do business with them. If all the above fail, then consider using a tool like SpamVampire to leech the site's bandwidth, increasing its hosting costs. Enough people doing this will make any site unprofitable which is when spam will stop for good.
msealey Posted August 15, 2006 Author Posted August 15, 2006 Paranoid2000, Thanks for that - the really annoying thing about this particular attack is that every spamvertised URL is different! They may be coming essentially from the same ultimate source. They must be. The format, the 'rem0ve' instructions, the type of header, the style of the subject - and invariably the text in each one - are the same. But the sites they're 'marketing' are all different. The IP blocks too seem to have nothing in common. My reporting tool's RIR lookups show a huge variety of different real sources. By the hundred. Damn them!
Paranoid2000 Posted August 15, 2006 Posted August 15, 2006 My reporting tool's RIR lookups show a huge variety of different real sources. By the hundred.In that case, employing blocklists like the SpamHaus SBL, SPEWS or SpamCops' own SCBL should be worth considering, if you haven't already done so. Adding country-based blocklists (do you ever receive legitimate email from China or Korea?) may help also. Bayesian filtering is also reported to give excellent results once trained. Unfortunately, filtering alone does nothing to deter spammers so without more active steps (as noted above) you will likely just receive more spam until your bandwidth is saturated.
msealey Posted August 16, 2006 Author Posted August 16, 2006 Thanks again; shall try those of your suggestions which aren't already in place. Your help much appreciated. Good luck!
Recommended Posts
Archived
This topic is now archived and is closed to further replies.