dra007 Posted April 3, 2004 Share Posted April 3, 2004 I just recieved spam from http://www.moensted.dk/spam/?addr=24.159.8...1&Submit=Submit who seems to be listed in SpamCop and other lists as well, can anyone enlighten me how this spamblock works? Is the spam sent randomly through several reelays at once? Seems to me the spam source varies in mysterious cycles, as soon as I stop recieving from one source another one awakens, but I have been keeping track of my spam reports, and the number of spamsources is fairly limitted. Link to comment Share on other sites More sharing options...
dra007 Posted April 3, 2004 Author Share Posted April 3, 2004 sorry for coming back at this, I don't want to sound like I am beating on a dead horse, but in the same vain as the query above, if one assumes that the same scumbag is sending repeats of the same spam over and over, using different pathways, can't someone find a way to trace it back at the source? The pattern of recycling spamroutes does not seem that random...Obviously, if they (i.e. the scumbags) find ways to bypass the spamblocks on a regular basis, people interested in stopping them should find a more effective way to block them for good...or at least incapacitate them for more than a 48h cycle... Link to comment Share on other sites More sharing options...
WB8TYW Posted April 4, 2004 Share Posted April 4, 2004 sorry for coming back at this, I don't want to sound like I am beating on a dead horse, but in the same vain as the query above, if one assumes that the same scumbag is sending repeats of the same spam over and over, using different pathways, can't someone find a way to trace it back at the source? ]/QUOTE] In many cases it has been traced back to the source. Getting someone to do something about it the issue. Even though one media report shows that the value of stolen bandwidth can be worth $5,000 per month, it appears that neither the owners of the networks that are getting victimized, or many of the law enforcement agencies are interested persuing civil or criminal charges against them. http://www.nzherald.co.nz/storydisplay.cfm?storyID=3251710 See http://www.spews.org and read their FAQ for some background on the spam fighting issues. Keep in mind that not everyone has the same view as SPEWS and their users. Much of the spam is being done by affiliates that have been duped by stories of wealth from spamming, and they have already spent more on spamming kits than they will ever get back from it. Unfortunately the media usually does not report that part of the story when they report on spam. people interested in stopping them should find a more effective way to block them for good...or at least incapacitate them for more than a 48h cycle... The only thing that a mail server typically knows at the time it receives the spam is the I.P. address of the sending server. So it is not practical at that point to to look for the common origin. Blocking at the source though does appear to be sufficient to stop most of the spam, if your mail server will do so. It will not stop all of the spam, as it takes a spam-trap or a human to verify a spam source to get it into a conservative DNSbl. To do that, you have to look at the content of the spam, and that means that your mail server has to accept the body. See the pinned topic on the cost of spam. And content checking alone is not reliable, yet people still seem to want to try it. So you really want to only do the content checking on e-mail that you do not know for sure is spam, but might be. If you know for sure that it is spam from the I.P. address, there is no reason to let it in to the mail server. There is a discussion about tracking the URLs used by spammers in another thread for the spam that gets through the DNSbls. Because content checking is risky, and uses resources, generally you would only want to do it on suspected spam. So instead of checking all e-mail, it would probably only need to be done by e-mail that has a bad rDNS, or is flagged by an aggressive DNSbl that may list real e-mail sources. -John Personal Opinion Only Link to comment Share on other sites More sharing options...
dra007 Posted April 4, 2004 Author Share Posted April 4, 2004 Thank you John....sorry about all my rantings, but I am beyond frustration, I feel more like being stalked by a criminal mind than suffering a common occurance, I have used e-mail since the 80's, yet I have never had to deal with so much spam as in the past couple of months, the problem is that most of it has an overlapping content and consistent source even if the looks are changed, and that does not seem random or coincidental... I was hoping that some of you with a savy in spam matters would give me some insight into the spammer's mind and why fighting them seems so hopeless at times...Your information is greatly appreciated... Link to comment Share on other sites More sharing options...
Farelf Posted April 5, 2004 Share Posted April 5, 2004 Wow, thoughtful answer John, I also appreciate it. dra007, I don't think you are flogging a dead horse at all, you surely have real, continuing and reasonable concerns. Perhaps the key to your unhappy experience (which is shared to a greater or lesser extent by all, including the growing volume), apart to the finite number of "spam kits" (= inevitable repetition) and the presence of a sizeable subset of spammers who seem to have "evolved" to live with BLs (= same ones coming back) might be the degree of public availablity of your email address both now and in the past (= number of spam lists you're on). Did you catch the helpful material posted by JeffG in thread Held mail, especially Miss Betsy's link? I have an email address "en clair" on a public website and seem to have made it to a sizeable number of spam lists but at least it is a fairly obscure website. The frequency of address scraping is supposedly much greater from frequently visited sites (and I gather you may inhabit one such?) As for "getting into the minds" of spammers, there isn't actually much evidence that there's much to get into. There supposedly have been deliberate and targeted attacks in the past, in which case there's no doubt there will be more in the future - but the probability of the ordinary, inoffensive "netizen" being hit by a random act of malice is inversely proportional to the web population, which is to say quite remote. It is more likely that apparent attacks have a totally dumb cause (and the dummy ain't you). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.