Jump to content

What is the point?


TriumphTalk
 Share

Recommended Posts

I sometimes wonder what the point is of reporting spam, as nothing seems to actually change. I try as much as possible to take the trouble lookup the domain and send a complaint to the abuse mail provided. However, I have reached the point that I cannot see if it actually does anything.

The only place I seem to have any joy is if it is a Yahoo address and then some action takes place. However, I see the same links coming in every day to the same web sites. Therefore, this leads me to believe I am really just wasting my time and efforts.

Is no action taken against the web site owners who are actually the originators of this rubbish? :angry:

Edited by TriumphTalk
Link to comment
Share on other sites

This has been hashed over a number of times, so I won't go into specific details, but essentially it boils down to a few facts:

Spamcop's primary purpose is NOT to shut down websites, but to prevent as much spam as possible from reaching users inboxes by maintaining and using the SCBL. In order to get the benefit of this goal however, you must have some means of actually utilizing the data in the SCBL. This is easy to do if you run your own mailserver, however, if you are at the mercy of your ISP, you would need to find some 3-rd party application that works with you mail client.

Getting websites shut down in anything resembling a timely fashion requires a lot of effort, and a lot of time to build up a good reputation with the hosting providers.

Remember, the VAST majority of the websites you see spamvertised reside on hacked unix boxes, the owners have no idea that the websites are there, and unfortunately, this kind of lax security generally goes hand in hand with poor network management. If they aren't competent enough to know that their servers have been hacked and are being used to host illegal websites, chances are they aren't competent enough to read their abuse mailboxes, or to act on the information therein if they do decide to read them.

The best point of attack against these websites is to get registrars to kill off nameservers and zone files, however, it takes a long time to build up a good relationship with a registrar to the point they will act on your reports without taking many weeks to research it on their own.

Link to comment
Share on other sites

Well thanks for the incite it does help me understand what is all involved. However, it does not seem that anyone is actually gaining ground on this whole issue with the spammers. I have had to disable new registrations on my forum because I just got tried of every day having to go through all idiots that are just out there to post spam. Therefore, in affect, they have closed me down and there is not a thing that I can actually do about it.

McAfee is handling my mailbox and I am very impressed how well it does the job no spam goes into my in box at all. However, the odd good mail is caught in the spam bin so now I still have to wade through all the junk just to make sure that it is all spam.

Link to comment
Share on other sites

Client side filtering is certainly an option, and it works well. In fact, it is one of the things the SCBL can be used for. The problem with this method is that email is still sent and delivered, and thus uses up a certain amount of bandwidth, storage space, and CPU time.

By implementing things like the SCBL and the Spamhaus blocklists to actually reject spam at the server during the SMTP transaction, only a tiny fraction of the bandwidth is used, since the session never reaches the DATA portion of the SMTP transaction. It also foregoes the use of space to store the message, and saves the CPU time associated with storing, routing, and later retrieval of the message.

The other benefit of using blocklists to reject email is that there is not junk bin to sort through. If a good message is rejected, the SENDER receives a notice that the message did not go through, and can then try alternate methods of contact, or complain to their ISP, hopefully getting them to fix the problem. In my opinion, this is a much better scenario than potentially losing good mail in a junk mail folder with neither party being aware of it.

Link to comment
Share on other sites

Remember, the VAST majority of the websites you see spamvertised reside on hacked unix boxes, the owners have no idea that the websites are there.

Care to back up your statement? I would think that they are windows machines. But that is just a hunch based on the number of windows machines affected by Viruses, Trojans etc., as opposed to Linux machines...

I sometimes wonder what the point is of reporting spam, as nothing seems to actually change. I try as much as possible to take the trouble lookup the domain and send a complaint to the abuse mail provided. However, I have reached the point that I cannot see if it actually does anything.

I never had positive results with spamcop. Spamcop is only useful if you are using their SCBL and block emails at the server level.

However, if you are like me and rely on gmail or yahoo mail or some other web based email, then give knujon (www.knujon.com) a try. They are pretty good at closing down the spammy websites. I have been reporting to them for about a month. Currently they managed to suspend 3 sites based on my reports. So far knujon managed to close around 21000 websites since March 2005.

hth

raju

Link to comment
Share on other sites

"Remember, the VAST majority of the websites you see spamvertised reside on hacked unix boxes..."

Care to back up your statement? I would think that they are windows machines. But that is just a hunch based on the number of windows machines affected by Viruses, Trojans etc., as opposed to Linux machines...

Think about it this way. Most window machines are connected at a fairly low level behind some ISP gateway, with a variable IP address, not a good place to put a spamvertised (or any web page) you need people to get to. A virus or bot on the other hand can come to life ever time your aunt May dials up to check her email, get its instructions and spew spam until she logs off.

On the other hand a host connected directly to the net, supporting a number of addresses or a block of addressed would be a good place to put a web page (i.e. spamvertied page). In fact most of us do use our ISP to host our web pages, advertised with spam or not. What type of machines do most host have? UNIX. If they are not diligent, they are an easy target to hide a web page. They are a target for hosting for the same reason windows are a target for bots and viruses, there are lots of them and not every owner is careful.

Link to comment
Share on other sites

Here's a site with some very good information on various spam operations, including the My Canadian Pharmacy, one of the largest spam operations in the world, run almost exclusively through compromised unix machines used as proxies and web servers. Just because unix is more obscure does not make unix/linux administrators any more competent at configuring their security properly.

My Canadian Pharmacy Info

Link to comment
Share on other sites

I sometimes wonder what the point is of reporting spam, as nothing seems to actually change.

It might be more encouraging to imagine what things would be like if we didn't complain. One can only imagine what would happen if the anti-spam pressure weren't applied.

Right now, to be productive, a spammer has to resort to lots of chicanery and outright crime in order to get out the mail and take in the orders. If he could do these things with the blessing of (even encouragement of) major network providers, without facing any reckoning, then just think how much larger our inboxes would have to be, and how many more chickenboners would be encouraged to get in on the act.

Think about it this way. Most window machines are connected at a fairly low level behind some ISP gateway, with a variable IP address, not a good place to put a spamvertised (or any web page) you need people to get to. A virus or bot on the other hand can come to life ever time your aunt May dials up to check her email, get its instructions and spew spam until she logs off.

On the other hand a host connected directly to the net, supporting a number of addresses or a block of addressed would be a good place to put a web page (i.e. spamvertied page). In fact most of us do use our ISP to host our web pages, advertised with spam or not. What type of machines do most host have? UNIX. If they are not diligent, they are an easy target to hide a web page. They are a target for hosting for the same reason windows are a target for bots and viruses, there are lots of them and not every owner is careful.

My own theory, admittedly largely speculative, is that you could put a simple reverse proxy web server on a victim's Windows box (via the usual malware routes), and send it a short packet to tell it to proxy a particular server at a secret location (which will almost surely be a Unix box built by the spammer or his associates). The proxy passes HTTP requests from visitors to the secret server, and passes the secret server's replies back through to the visitor. The visitor has no way of knowing he's being proxied or where the actual web host is.

This theory helps me account for the fact that there are such a large number of IP addresses involved in these botnets, rather too large for me to comfortably attribute them all to "leaky" Linux boxes. It also explains why all of the addresses in a botnet can "turn on a dime" and begin serving a completely different website with a different set of HTTP headers, a behavior that I have observed more than once. You don't have to distribute a whole new website to each bot, you simply tell them all to start proxying for a new secret server.

-- rick

Link to comment
Share on other sites

I think Telarin gave the best explanation of blocklists and why they are useful.

Two additional points to consider:

One, 419 spams have been around a long, long time despite strong postal laws. A certain number of spams are not going to go away because the criminal element finds them lucrative. Therefore, blocklists that reject at the server will prevent those emails from using your resources (time, bandwidth, etc.)

Two, spamcop reports have two functions. The primary one is to block spam at this time. However, life isn't perfect and every once in a while there is a server admin who is grateful to be alerted via spamcop reports to a potential problem on his network.

If more people used blocklists that rejected at the server, then more people who use irresponsible email services (the SENDERS) would insist on reliable email service. Then all the blocklists would block are the criminals and the occasional mistake. The amount of time that a responsible server admin's IP address would be on the blocklist would be equivalent to a power outage. Nothing works perfectly all the time.

IMHO, blocklists that reject at the server level are the only solution to spam. Already, in a few years, there are almost no responsible email server admins who allow spam to originate through hir mail servers. The spammers have to rely on bots on compromised machines or greedy ISPs in other countries. There are even a few Chinese server admins who are responsible and see the problems now.

I don't know very much about having websites, etc. However, there are ways (as Wazoo as demonstrated with this forum) if you are diligent to still have registrations and not have spammers. It is not the 'easy - everybody has a website' way that they internet began with, but then we have come a long way from the days of the Model T where the driver also had to be a mechanic.

Miss Betsy

Link to comment
Share on other sites

I never had positive results with spamcop. Spamcop is only useful if you are using their SCBL and block emails at the server level.

Having a 'direct' "positive result" is a bit subjective .. but one can only decide on their own experiences, one could say. It is true that receiving any 'direct benefit' would require use of the results of 'your' reporting .... yet, that is available at other than server level .... There are a number of tools out there that can be used on 'your own system' that can in turn use the SpamCopDNSBL data ....

On quite the other hand, someone's reporting leads to results such as that seen in a recent Topic started in another Forum section ... http://forum.spamcop.net/forums/index.php?showtopic=8146 for an example of someone working at 'server level' that was tipped off by a SpamCopDNSBL listing ....

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...