TerryNZ Posted September 24, 2006 Share Posted September 24, 2006 The focus of SpamCop's parsing is primarily on spam source address, and secondarily on the spamvertized site. It is a given in the ongoing "War on Spammer" that whenever a countermeasure becomes effective, it becomes known by the spammer, and he finds a way to circumvent it. And so it has happened. SOURCE OF spam For source of spam, we are seeing botnets exceeding 1 million sites in size (Recently Dutch authorities discovered and prosecuted a botnet over 1 million in size) and others exist today of hundreds of thousands in size. The "source of spam" method is now defeated by the sheer numbers. And that's all the "quick" reporting contributors are targetting. Forget this method as the first line of attack, you have to know when you have lost. SPAMVERTIZED SITE For the spamvertized site method, we find a similar story. With today's domain kiting, we see "hit, run and move on" as one spammer tactic. Register a domain name with an expected life cycle of 5 days, farm it out to spamming affiliates, they send millions of spams for it, and repeat every 2 hours. That's 12 domains per day. Poor old SpamCop parses the site name, sends off abuse complaints, and maybe a few of the 12 get shut down, but by that time they are past their use-by date anyway. It's a throw-away society. Another spamvertized site measure now in common use is the botnet website method. Since SpamCop does a lookup on the site name's IP Address, the perfect counter is to move the site from one IP address to another every 5 minutes. That is what Alex Polyakov does with his pharmacy sites for example. SpamCop complaints by no stretch of the imagination can match a 5 minute reporting window of opportunity! SpamCop's methodology is now obsolete. A better method designed to counter modern spammer methods is required. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.