Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Spam-Free at Last

By sudog in Internet
Wed Mar 17, 2004 at 05:45:54 PM EST
Tags: Internet (all tags)
Internet

For approximately a month now I have been completely spam-free. This amazing feat is the result of a one-time cost of many hours of careful mailbox combing, email address rediscovery, a judicious use of dual-sided addresses for posting and receiving on mailing lists, and a kind of soul-cleansing I never really thought was possible.

I'm here to tell you such a cleaning of the proverbial email stables is possible: If you're interested in the details, read on, and I'll do my best to describe them. This method requires you have control over your own sendmail daemon, or the cooperation of someone who does, your own domain name, and patience and discipline.

After you've completed the initial set-up, feeding and care of the system turns out to be minimal.

The target audience of this is either the hosting provider, the technically-savvy population who is already capable of administering their own mail server, or the interested layman who is curious about a different flavour of advanced anti-spam technique.


Preamble

Throughout this article, rather than using my real email addresses and presenting what exactly my new emails are, I'll be using equivalent substitutes instead. The example domain and subdomains I'll use will be based off RFC2606-friendly "example.com" and hopefully at least a few of you out there will find this information useful in your own personal battle against spam.

The Problem Outlined

About a year ago, I began getting deluged with spam--not just the usual one-offs from smalltime spammers who'd harvested my email from Usenet, or from the various popular websites I visit and post on, but a real, honest-to-goodness flood. Hundreds a day. Foolishly, I believed in the superiority of geek technology and began implementing a powerful set of filters: a kind of combination between spamoracle and bogofilter, where I'd run incoming mail through both, let them mark up the email, and then sort the results into their own bin that I could later peruse and make sure that I hadn't thrown away any real email in my rabid efforts to clean my inbox.

It seemed to work well for a while, but occasionally I'd get an important email from my boss, or a friend or relative, and my filters--not recognising the new non-technical words--would choke and throw away something that would otherwise have been vitally important to my daily life. I thought this was simply the price of being on the Internet, and my vanity domain allowed me to use the simple "water@example.com" as my primary email: it was cool.

The turning point when I realised filters were useless came when they tagged an email from an old friend and he, not realising the volatile nature of email, became insulted when he thought I was simply making a conscious choice to ignore him. I had missed his email in the tidal wave of endless spam I was being subjected to, and accidentally tossed it in the trash after too-hastily combing my spambin.

The Problem Defined

My folly was not my filters. My folly lay in the fact that I was approaching it from the wrong angle. What required finesse and discipline was being approached by hackers like Eric Raymond in terms of heavy artillery filtration mechanisms and acceptable collateral damage in order to account for simple carelessness.

It seems to me their outlook directs them to express themselves in terms of what they feel is a software solution. I've come to the tentative conclusion that this approach is a waste of time--a waste of time training the filters, a waste of time feeding them, and a waste of time keeping the software up-to-date.

Whereas filters often seem remarkably accurate, there will always be mistakes because of one simple fact: the filters are not humans and can't readily adapt to new, unforeseen emails. They can't comprehend the subtleties of tone, familiarity, nor intent. Besides, if you're manually checking your spambin to verify the accuracy of your filters, why use filters at all?

It turns out that simple catch-all domain names where anything@example.com and everything@example.com are both delivered to me without any initial set-up, are now detected as such by spammers, and used to provide another level of misdirection when spamming others: randomName@example.com, if it's checked by the remote machine and is listed as valid, means there's one less defense for that poor victim server. This is not a friendly way to host a mail server on the Internet.

The Solution

Instead, all exposure and vectors via which spammers actually obtain my email must be controlled and carefully monitored:

  • Each and every email address I give to a website or forum must be unique and completely traceable in a human-friendly way. Example: cnn.com@example.com
  • Every Usenet post must contain enough information for a human to unmangle it and write to it. That, or all Usenet posts are simply from a fake email entirely. Example: usenet099No@spammersexample.com
  • Mailing lists which accept email from non-subscribers should be posted-to using a different email than the one receiving it. Example: fred-receive@example.com is never revealed, and then fred-send@example.com is used for sending to the list, which itself doesn't accept incoming emails.
  • Mailing lists which don't accept mail from non-subscribers usually have a way of subscribing but then indicating that you don't want to receive any list-related email. Once you've subscribed, select those options, shut the alias down to external email, and use it to post to the mailing list. Don't forget to put a friendly bounce-message at the end of it so other list members who hit Reply-All don't get the wrong impression.
  • Any email addresses posted to actual webpages are either in the form of an obscured image, or a custom email such as website1-0a000404@example.com which contains the harvesting IP address of the bot in question. Unfortunately this only works where a program snippet (for example PHP) can be embedded to generate the emails on a per-visitor basis, but it does provide another good datapoint in tracking and reporting the harvesters themselves.

I've long been a fan of the concept of Information Warfare. One of the most approachable treatments of it is in Neal Stephenson's Cryptonomicon which I managed to finally slog through after I realised it could be applied to my everyday life.

The gist of my point is that every tiny scrap of information directly about you or which can be used to infer conclusions about you can be manipulated in a way that puts you at an advantage over your opponent. The main topic of the book is actually wartime cryptography, but Neal portrays ways in which even the slightest pattern--for example a secretary looking at the lottery balls she's pulling out of a box for use in one-time pads, thus biasing her choices--can in turn be exploited and subverted by a determined opponent. This must therefore be accounted-for.

Spam-Free Technical Details

Actually implementing this was a real bitch. Simplistically, though, here's a list of software I'm using and some methods I had to employ to convert my inbox to completely spam-free.

Methods

  • Built a list of every email address that ever wrote to water@example.com, categorised into friends, relatives, mailing lists that accept non-subscribed emails, mailing lists that don't, commercial subscribed websites, and commercial unsubscribed websites.
  • Built a special, private email alias for close, savvy friends and family and notified them the old email was disappearing.
  • Built a special, private email alias for acquaintances and notified them also.
  • Changed my email to specific-use aliases for all websites, forums, and mailing lists.
  • After monitoring the old email for three months for incoming non-spam (and rectifying any lingering uncaught problems) it was finally shut down, and an entry like the following was placed in my virtusertable: "water@example.com error:nouser Please interpret the image at www.example.com to write to me. Too much spam has forced this email closed. Sorry!"

Unfortunately this technique requires that you keep a complete archive of every email you ever received, which I do, but most people won't. Those of you that don't will find this process more painful than I did.

Software

  • sendmail 8.12.x The latest sendmail has some nice virtusertable functionality. I have about 280 actual aliases and I use subdomains rabidly.
  • KMail KMail from the KDE project has some nice filtering capabilities that allow it to integrate seamlessly with these many email addresses and folders. Plus, it's never crashed on me in such a way that I lost any email.
  • bogofilter It's still a nice filter, and it's tunable to the n'th degree. It's still a filter, though, so its use is lessened considerably now that I receive no spam.
  • spamoracle is a nice, OCaml-based implementation of a filter too.

If sendmail virtusertable could be programmed to do a regex on incoming emails I could create better one-off aliases, but until then I'll just use throwaway subdomains and some supporting scripts to deal with new addresses.

Other Spam Elimination Systems

There are actually other systems out there that can help with your spam problem. Tagged Message Delivery Agent for example, allows you to place the onus of authentication on the sender by using such techniques as challenge-response, and white- and blacklists. In challenge-response, people who are unknown to you must visit a webpage, prove they're a human, and then the email gets through.

The problem with these kinds of systems is that for most people--especially the non-savvy Internet users such as grandmothers and those who simply can't afford (or are unable) to spend the time to jump through your hoops, you are effectively unreachable. Just imagine if everyone who phoned you had to answer a timed, skill-testing question!

DNS-based blacklists can also be very effective, but then again the base cost is the latency of a DNS lookup against multiple external servers. Also, you're placing your spam solution in the hands of someone else who might someday disappear, much like how ORBZ shutdown in the face of mounting lawsuit pressure.

Logistics

The average cost of a refused-email message on my own server is actually very minimal, because the only servers that continue to try to email me at defunct aliases are ones that usually drop the connection instantly the moment a "nouser" error message pops up. That's only a few hundred bytes or so.

Those that are sending legitimate email are told in the bounce message a way to contact me via an image interpretation, along with a website they can visit.

Automation is easily accomplished with some supporting scripts to manage the email aliases and subsequently rebuild a sendmail virtusertable, and also to present a nice user-friendly interface that someone who's in a rush can then bookmark and return to often.

Attacks against this method will only show up after a large segment of people the spammers wish to bypass or reach begin using extensive aliases in a similar pattern. Possible attacks include dictionary attacks where the spammer guesses what websites I'm active on, and the possibility that multiple opponents (read: sites) will collaborate, collate, and interpret the fact that I've given them email addresses with a discernable pattern.

At that point, we can begin moving up to signed-hash one-offs and beyond. Hopefully at that point the spammers will realise that people going to such lengths aren't worth the effort to spam after all.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
Spam free?
o Bee! 14%
o Say hello to Mr. Smashy! 14%
o Simon says take off your pants! 14%
o You are angering Simon! 21%
o Silence the heretic! 21%
o Open the trunk, Billy! 7%
o The pimp! Finally, someone with some sense! 7%

Votes: 14
Results | Other Polls

Related Links
o RFC2606
o spamoracle
o bogofilter
o Eric Raymond
o Informatio n Warfare
o Cryptonomi con
o one-time pads
o sendmail 8.12.x
o KMail
o OCaml
o Tagged Message Delivery Agent
o ORBZ shutdown
o Also by sudog


Display: Sort:
Spam-Free at Last | 104 comments (92 topical, 12 editorial, 1 hidden)
In other words (2.46 / 13) (#1)
by Fredrick Doulton on Tue Mar 16, 2004 at 02:32:30 PM EST

You've solve your spam problem, but in the process have turned it into a full time job. Most people don't have time for that kind of nonsense. They just want to check their mail and go.

If you cannot solve this problem(don't worry, no one can) so that average Joe can make full use of it in three short steps that take less than one minute, then this article is nothing more than self-congratulatory masturbation.

Bush/Cheney 2004! - "Because we've still got more people to kill"

Easily automatable.. so it's on its way. (none / 2) (#13)
by sudog on Wed Mar 17, 2004 at 12:34:58 AM EST

I've already set up an infrastructure, interfacing scripts, and a skeletal user control panel to provide this to other people (friends and associates). If I ever get around to completing the work, Joe average will be able to use this no problem: in fact, with the fact that subdomains are free (for me) I can either delegate control to anyone who wants it, or provide the service directly.

I should be including more in the story itself, and I will; however, your claiming it's masturbation without providing non-obvious criticism is masturbation itself--and seems hypocritical and trite. Can you make yourself a bit more useful or are you just going to continue to poo-poo from the sidelines? :-)


[ Parent ]

What's wrong with masturbation anyway? (none / 2) (#19)
by sholden on Wed Mar 17, 2004 at 01:13:09 AM EST


--
The world's dullest web page


[ Parent ]
Err.. nothing, long as it's friendly. :) n/t (none / 1) (#23)
by sudog on Wed Mar 17, 2004 at 02:36:26 AM EST



[ Parent ]
Quick addition-- (none / 2) (#15)
by sudog on Wed Mar 17, 2004 at 12:38:27 AM EST

It was only a pile of work because I had to clean up my prior habits (the soul-cleansing stuff.) Starting with a method like this from scratch would be much simpler.

:-)


[ Parent ]

Seems like a lot of work... (none / 3) (#2)
by alby on Tue Mar 16, 2004 at 02:39:04 PM EST

...that I wouldn't have time to do. But as an article in itself it's pretty interesting.

--
Alby

Interesting Idea (none / 3) (#4)
by wolrahnaes on Tue Mar 16, 2004 at 03:15:52 PM EST

unfortunately requiring both owning a domain (or at least a subdomain) and running your own incoming mail server. should work great for those who can do it (and help track down which sites most spam "starts" at.

-------------
fuckitall
your own mail server (none / 3) (#7)
by b1t r0t on Tue Mar 16, 2004 at 04:15:07 PM EST

...at which point it's easier to pick a couple of good blackhole lists. The ones I picked which cut out 95% of my spam (mostly winderz proxy zombie crap) were list.dsbl.org, cbl.abuseat.org, and dnsbl.sorbs.net.

-- Indymedia: the fanfiction.net of journalism.
[ Parent ]
more checks (none / 1) (#56)
by frozencrow on Thu Mar 18, 2004 at 11:41:25 AM EST

If you run your own mail server, then it's probably also worthwhile to turn on a few other checks, in addition to blacklists. My other checks actually catch about 3-4 times as many things as the DNSBLs do (though the DNSBL is consulted after all the checks, so that's probably why.)

I have checks that verify that the sender domain exists and that the HELO is not one of my names/IPs. The sender domain lookup is approximately as expensive as a DNSBL lookup (they're both just DNS queries,) but it doesn't depend on a third party, so I favor it.

Oh yeah, I also reject anything that looks like an MS executable. That's an expensive check, though, and obviously, it makes it harder for people to send you MS executables.



[ Parent ]
Excellent, +1FP (2.75 / 3) (#6)
by Hide The Hamster on Tue Mar 16, 2004 at 04:02:23 PM EST

A great change from what seems like an endless supply of screaming anti-spam zealots like www.sorehands.com.


Free spirits are a liability.

August 8, 2004: "it certainly is" and I had engaged in a homosexual tryst.

perfect, +1 FP (none / 2) (#9)
by Focx on Tue Mar 16, 2004 at 06:22:27 PM EST

Very good idea - until now, I luckily haven't received enough spam that it would be necessary, but I think I'll use a few ideas... This means work tough, so it's really only for people who get way too much spam. The question is, could this be automated?
--- "Even anywhere, humans are always connected." - lain
I know of someone ... (3.00 / 4) (#10)
by pyramid termite on Tue Mar 16, 2004 at 07:00:38 PM EST

... who simply required everyone who e-mailed him to use the word "zimboni" in the subject. That was awhile ago, though.
On the Internet, anyone can accuse you of being a dog.
My solution is a lot simpler. (2.60 / 5) (#12)
by Kasreyn on Wed Mar 17, 2004 at 12:14:17 AM EST

I never ever ever ever ever give anyone my email address until I already know them and have lectured them about not giving it out. I suppose if a cracker rooted their computer and then bothered to harvest their address books, they could get it. But there are much easier ways to harvest addresses for spam, so I'm not worried. I've also strictly told my acquaintances that they will be blocked if they ever include my address in a mass forwarding (which sends the address to everyone else on the list...).

When I need an email address for a website, I use a throwaway yahoo address, or, when the company in question isn't savvy to it, a fake email service like mailinator. I [heart] mailinator.

As a result, since getting a new ISP ~10 months ago, I've received zero spam. My spamboxes, most notably my address at my old ISP, have received hundreds, but who cares, since I never read them?


-Kasreyn


"Extenuating circumstance to be mentioned on Judgement Day:
We never asked to be born in the first place."

R.I.P. Kurt. You will be missed.
The essence of info warfare. :-) (none / 1) (#18)
by sudog on Wed Mar 17, 2004 at 12:53:03 AM EST

You're keeping the information out of the hands of spammers completely. Unfortunately I find my desire to participate in mailing lists and forums overwhelms my desire to remain anonymous.

Thank you for your comments!


[ Parent ]

You need more email addresses (none / 2) (#28)
by squigly on Wed Mar 17, 2004 at 06:32:35 AM EST

I have 3 email addresses.  

MyName@MyDomain.co.MyCCTLD.  Goes only to people who I know don't send everything to everyone (with one exception.  A mistake on my part).

MyName@yahoo.co.uk.  Goes to people who are probably not going to put it online.  Subscriptions to reputable websites, contacting companies, giving out to people to talk online

squigs@postmaster.co.uk.  Everyone else.  Usenet, public forums, online quizzes, anywhere I know will probably get published.  

The third tends to get filled up with spam regularly.  I check it once every couple of weeks,  and only look at emails that make a direct reference to a site I know I've used it on.  It tends to fill up more quickly than I empty it.

[ Parent ]

Yours is a good solutions... (none / 0) (#37)
by sudog on Wed Mar 17, 2004 at 12:43:00 PM EST

...for those people who aren't interested in maintaining hundreds of email aliases.


[ Parent ]
Good thinking good advice (none / 1) (#68)
by BabyT403 on Thu Mar 18, 2004 at 07:54:54 PM EST

Thanks that really helped me out because i hate spammers reading your story really made a difference

[ Parent ]
Good thinking (none / 2) (#24)
by squigly on Wed Mar 17, 2004 at 02:59:05 AM EST

I do the same thing.  My secondary email adress suffered from being included in a mass email to everyone the guy had ever heard from (including close personal friends like endofauction@ebay.com).   Suddenly, I've started to get half a dozen virusses in my inbox every day.  

Ironically, the original mass forwarded message was an email hoax.

[ Parent ]

That was MY problem... (none / 3) (#41)
by Skywise on Wed Mar 17, 2004 at 04:36:28 PM EST

I have a friend who should *know* better (he's an IT admin... Okay a Windows Admin..>sigh< )
Who gave my email address to a fast food website so that I could be sent a coupon as well...


[ Parent ]
Wow. (none / 1) (#46)
by Kasreyn on Thu Mar 18, 2004 at 12:18:31 AM EST

I pity whatever company he admins for. They are SO pwned.


-Kasreyn


"Extenuating circumstance to be mentioned on Judgement Day:
We never asked to be born in the first place."

R.I.P. Kurt. You will be missed.
[ Parent ]
So do I. (none / 1) (#47)
by Skywise on Thu Mar 18, 2004 at 01:14:36 AM EST

Y'know there's gotta be problems when on his own PC, clicking any link caused about 7 pop-ups.
Me: "Dude!  How can you use your PC like this?"
Him: "Yeah, I know... those pop-ups are getting pretty bad.  I need to wipe Windows and reinstall"
Me: "wha..gha... Just freakin' use Mozilla!"
Him: "Ah, I don't like it as much."

What can I say... I've known him for years and he's a good a friend... but man I don't wanna be near his company...  They solved their "spam"/"virus" problem by going to Lotus Notes...  (which actually isn't a bad idea...)

[ Parent ]

People aren't always the problem (none / 2) (#45)
by gidds on Wed Mar 17, 2004 at 09:15:06 PM EST

And what happens when one of those people gets a worm or virus that collects your email address (from their address book, or from a file on their HD), and sends it off to the spammers? It doesn't matter if the people are trustworthy; their machines must be trustworthy, too -- and can you say that about machines running Windows?

OTOH, to be fair, for the last few years I've always registered at web sites with an address specific to that site, but none of the spam I get has ever resulted from those. I'm sure that some webmasters are unscrupulous, but IME almost all aren't. All the spam I get must result from 1) a handful of Usenet posts, made almost a decade ago; 2) a period when my address was listed on a couple of web sites; and/or 3) any acquaintances whose address book has been compromised (none that I know of).

What the article doesn't say is how often any of the individual email addresses get compromised, and how much time it takes blocking them...

Andy/
[ Parent ]

And he's just great at parties. (none / 1) (#52)
by Robert Acton on Thu Mar 18, 2004 at 06:23:38 AM EST

If you're willing to sever all communications with  anyone and everyone you know, just because they infinitessimally raised the chance that you'll one day receive an offer for cheap pills and have to move your finger all the way to the delete button, then why do you bother talking to them in the first place?

--
I am cured.
[ Parent ]
Giving out your friend's addresses ... (none / 1) (#64)
by RevLoveJoy on Thu Mar 18, 2004 at 06:48:06 PM EST

Don't most of the current crop of Windows viruses search their infected host for email addresses?

I know most of us have friends and family who have picked up a virus in the past year - wouldn't that invalidate all of your careful efforts?

Cheers,
-- RLJ

Every political force in the U.S. that seeks to get past the Constitution by sophistry or technicality is little more than a wannabe king. -- pyro9
[ Parent ]

For those that don`t own a domain... (2.60 / 5) (#21)
by el tito on Wed Mar 17, 2004 at 02:08:10 AM EST

....try www.spamgourmet.com
It`s much better than any other disposable adress services in the way that I dont actually have to visit the site to create an address.I just think of the most convenient thing that comes to mind and use that e.g:
antispam.10.tito@spamgourmet.com
that specifies that that address can only get 10 emails before the rest are forwarded to dev/null. You can always go to the site and change that limit on that particular email.Great for site registrations
And it`s free.

Problem: spammers have identified catch-alls.. (none / 1) (#22)
by sudog on Wed Mar 17, 2004 at 02:33:56 AM EST

.. already. I used a catch-all before (part of the reason this transformation was so painful--tracking them all) and recently the spammers have located it as a catch-all and begun using random names@water.con as their from addresses. I was getting about 30 bounces a day from these various emails when I realised that further action was necessary beyond just a catch-all with throwaways.

:( Unfortunately...


[ Parent ]

Catch-alls are identified? (none / 1) (#33)
by Kyle on Wed Mar 17, 2004 at 12:28:19 PM EST

I have the same problem with mass forgeries from random addresses at my domain. I solved it differently.

Do you have any evidence that spammers are actually identifying catch-all domains, or is that speculation? Would they actually notice if they were forging from a domain that didn't catch all?

[ Parent ]

They appear to: (none / 1) (#36)
by sudog on Wed Mar 17, 2004 at 12:40:54 PM EST

Only those domains of mine that are catch-all see the random-name From: forgeries. According to the sendmail maillog, the rest of them don't.

Usually the catch-all forgeries begin with a single, body-less, subject-less delivery of an email from a throw-away account in a foreign country. Shortly thereafter, the bounce messages start.

For me, anyway. While this isn't proof, it seems to be to be an indication as to a detection technique on the part of spammers.


[ Parent ]

That's VERY interesting. Thanks! [n/t] (none / 1) (#38)
by Kyle on Wed Mar 17, 2004 at 12:47:32 PM EST

No text.

[ Parent ]

catch-alls (none / 1) (#89)
by frozencrow on Fri Mar 19, 2004 at 12:26:43 PM EST

Catch-all domains are a real treat for spammers. Since it's a "legitimate" domain, it can't just be blacklisted like a throwaway domain can be. Such domains can then be used to send spam to people who have sender address verification turned on. I don't know if we were actually probed for it, but I can definitely say that we were getting hit pretty hard with an avalanche of bounces for a domain of ours that had accidentally been configured as a catch-all. I did not see this for any of the domains that were not configured as catch-alls. This was only a sample size of about 60 domains, though, so not terribly conclusive.

[ Parent ]
spamgourmet solves this as well (none / 1) (#39)
by drivers on Wed Mar 17, 2004 at 02:16:47 PM EST

In advanced mode you can set up "watchwords" that have to a substring of the new address for a new address to be created. That and you can specify a prefix as well, like a password for creating new addresses, that you can change whenever you like.

[ Parent ]
Very nice. :) regexps in virtusertable work too.. (none / 0) (#70)
by sudog on Thu Mar 18, 2004 at 07:57:38 PM EST

I'm sure I'll either get around to adding regexps or it'll just be added by someone else. But that spamgourmet stuff looks interesting!

Thanks for the note, much appreciated. Your comments are partly why I posted a story here.


[ Parent ]

I too am doing the same thing. (2.83 / 6) (#26)
by Scott Robinson on Wed Mar 17, 2004 at 05:33:38 AM EST

But I still receive spam on my "personal" account, simply because once other people have your e-mail address a time will come that your address is spread. Mass CCs, "einvites", and the like.

What happens once your personal account is defeated? You have a problem...


Only a handful of people have it; plus, (none / 0) (#35)
by sudog on Wed Mar 17, 2004 at 12:38:01 PM EST

... my grandmother doesn't participate in mass-invites, chain letters, and so forth. Or hasn't so far anyway. She gets quite annoyed when non-family email comes in and usually just deletes it. :-)

Other than that, the rest of my friends and family who have the personal email account are savvy enough that the chances of that happening are slim. Besides, even if it does happen I'll just switch again, so it shouldn't be necessary for another year or two. That's fine by me! :-)


[ Parent ]

What about viruses? (none / 1) (#42)
by koreth on Wed Mar 17, 2004 at 07:03:07 PM EST

Your grandmother reads email but never accidentally opens an innocent-looking attachment, and is never hit by a worm that exploits some as-yet-unpatched security hole? Either one of those things will potentially put your super-duper-private address in the hands of spammers.

[ Parent ]
She's running antivirus. (none / 0) (#69)
by sudog on Thu Mar 18, 2004 at 07:55:51 PM EST

Also, most successful trojans aren't pure spammer harvesting tools. Also, her virus auto-updater means that eventually, the virus will be eliminated from her system.

Also, since the chances of that actually happening are very slim (the exposure of her own email address is minimal since she only uses it for email) by the time something like that does happen, I'll be able to comfortably shut down that email and start up a new one a few years down the road anyway.

Finally, I haven't forsaken my filters--with all the training they received and with the fact that I have a filter which throws all executable attachments into its own spambin, the impact will be minimal anyway.

Oh sure, I'll no longer be completely spam-free, but it'll be less than the tidal wave I was receiving previously. :)


[ Parent ]

+3 mentions email [nt] (1.75 / 4) (#29)
by momocrome on Wed Mar 17, 2004 at 10:22:53 AM EST



"Give a wide berth to all that foam and spray." - - Lucian, The Way to Write History
Defeats meaning of email (none / 2) (#43)
by jeroenvw on Wed Mar 17, 2004 at 08:16:26 PM EST

Email is meant so that people can write you a message - easily, simply by looking up your adress, get it from friends, etc.

You cannot post publicly (usenet, mailinglists), and then later revoke that particular emailadress.  Any private followups get impossible then. Posting to a mailinglist with a disfunct emailadress like you suggest, is especially asking for being ignored by people - those ML's with sender verification by means of callback won't even recieve your posts!

Taking this kind of severe measurements will make that a lot of people won't even bother to mail you, because it's too much effort. I particularly won't ever consider mailing you, reading the actions I would need to perform to do so. If you're fine with only getting mailed by people you already know and that you personally give the adress too - fine, but otherwise, this won't work.


Graduation (none / 0) (#54)
by PigleT on Thu Mar 18, 2004 at 08:50:34 AM EST

I happily reject all mails at SMTP injection-time with a spamassassin score > 10. I have reviewed the scores of valid mails, and nothing approached that, and for various reasons (passing on to further downstream MTAs with rejection filtering) it makes sense to block off the worst spams too. Plus, in the highly unlikely event that a real live human gets a mail rejected, their local MTA's bounce will include the reason, so no problem there.

Thereafter, I also have 2 Bayesian filters - bogofilter and something I knocked-up in Haskell just for kicks. I use tracking addresses, but some local-parts have become so spammy that I'm relying on the filtering for them; otherwise, I can filter some recipients out as I see fit.

It works for me; I keep a fairly close eye on my spam folders (organized by which utility identified it as spam), and I'm generally happy with the results myself. And nobody's complained either way.

Now, things like TMDA and algorithmic systems, I agree - I should be able to mail a distribution's package-maintainer for an open-source library I help maintain to alert them to updates or offer assistance with bug-fixing, etc, without being subjected either to some auto-bounce "please resend with the magic word in the subject", or without risking the mail being ignored. In practice, this has worked out just fine - but I, for one, would not be prepared to go to the trouble of filtering someone else's spam for them.
~Tim -- We stood in the moonlight and the river flowed
[ Parent ]

That's what the lists were for. (none / 0) (#67)
by sudog on Thu Mar 18, 2004 at 07:51:05 PM EST

I buiilt a (very complete) list of people who've emailed me in the past..  oh.. five years or so at the email addresses I was shutting down. I've notified them of the new, friends-only or acquaintances-only email address and now all they have to do is update their address books or find their last email from me and hit "Reply".

Publically-available mailings which archive my email as-is demand an unavailable email address; to do otherwise would be to invite spam. The solution for those people who are looking me up and trying to email me from public archives is the human-readable bounce message they'll receive from my mail server. In other words: if they can read, they'll eventually be able to contact me. However, these kinds of contacts are circumvented anyway because my example.com homepage has about five different ways to contact me, so in reality I'm just a click away.

Replying directly to people instead of the mailing list means that person has read my note, and thus my .sig, which is very clear about how to respond to me.

It's far from ideal, I freely admit; however, it's the easiest way I know of to ensure that normal harvesters don't get hold of my emails. Something simpler would be nice: convincing the mailing lists owners to obfuscate my posting email is not possible. I'm only one voice. :)


[ Parent ]

algorythmic email address (none / 3) (#44)
by saul on Wed Mar 17, 2004 at 09:01:56 PM EST

my friends heath and hogge tried out algorythmic email addresses. for example, heath's email would be heath-nov97@hisdomain.com then heath-dec97@hisdomain etc... emailing old versions would get you a bounce message that explained the algorythm.

in the end he gave up because nobody bothered to email him, I think.

my solution is that I love spam, I get all my best ideas from it.

Spam free as well, and less work (none / 2) (#48)
by scruffyMark on Thu Mar 18, 2004 at 02:51:41 AM EST

Use Mac OS X. I don't know how their spam filter works, but it works.

It learns from its own mistakes, too. At first it catches maybe 75% of the spam, as you flag spam messages and unflag legitimate ones, it gets better and better. Within about a week or two (depending on how much spam you get, and how varied it is), it will pretty much stop making mistakes - turn on the automatic filtering, and relax.

It lets through maybe one spam a month (catching about a hundred a week), and the only time it mistakenly junked a message was a while back when hotmail decided to send html-only messages without a plaintext alternative...

My spam solution (none / 3) (#49)
by NMSpaz on Thu Mar 18, 2004 at 04:30:35 AM EST

I've found a very effective way to stop spam that doesn't require whitelists or other maintenance, but does require an initial change of address to be effective.  It relies on the fact that anything between a "+" and the "@" in the address gets emailed.

So you have a new address:
    foo@example.com

Don't ever use this address.  Instead, tell all your friends and family that your email address is:
    foo+real@example.com

Your email will still get to the foo@ account on every mail server I've seen.  Then, whenever you post your email address online, obscure it with something after the "+":
    foo+fake@example.com

Now, if your email address is scraped by a crawler, all your spam will be tagged with "+fake" in it.  This also can be used to find out where the spammer got your email address from:
    foo+k5@example.com
    foo+usenet@example.com
    foo+amazon@example.com

You can start doing this with an old account, but you've probably already told everybody just to use foo@example.com, so it might be hard to get people to change.  It's important to use the +real part, because if enough people catch on to this way of dodging spam, it's likely the spammers will strip away the "+spam" part of the address and just email the base name.  Having a "+real" (or whatever) acts as something of a public password for people wanting to send you mail, but it looks just like another email address, so you don't have to retrain everyone to understand how/why it works

problem (none / 1) (#53)
by cockroach on Thu Mar 18, 2004 at 06:57:57 AM EST

The problem with this solution (which i've been using for some time as well) is that some web forms don't accept e-mail addresses which contain a + ...
--
Webisoder - never miss another TV episode
[ Parent ]
plus is special in urls (none / 0) (#75)
by NMSpaz on Thu Mar 18, 2004 at 11:09:11 PM EST

This is probably because "+" can also be used in urls as a word separator. I wonder if "+" would work in those cases, as in "foo+website@example.com"

[ Parent ]
*sigh* left HTML on (none / 0) (#76)
by NMSpaz on Thu Mar 18, 2004 at 11:11:43 PM EST

Obviously, the last part should be:

I wonder if "&#43;" would work in those cases, as in "foo&#43;website@example.com"


[ Parent ]

Solution: bookmarklets (none / 0) (#83)
by sacrelicious on Fri Mar 19, 2004 at 02:56:49 AM EST

The problem with this solution (which i've been using for some time as well) is that some web forms don't accept e-mail addresses which contain a + ...

Try instead using a bookmarklet on those sites to "wipe" the client side authentication, if there is any.

Of course, you're still outta luck for serverside email authentication.

[ Parent ]

another modification (none / 2) (#59)
by frozencrow on Thu Mar 18, 2004 at 12:40:25 PM EST

It's probably not terribly easy for someone to guess the valid +whatevers, but if you look at it on the larger scale, it becomes apparent that a dictionary style attack would be pretty successful against this type of setup. You may want to consider adding another field. I use timestamps (output from perl -e 'print scalar time . "\n"',) but random strings or strategic mispellings would probably also work.

For example:
foo+k5-1079631185@example.com
foo+usenet-1079631280@example.com

A problem I run into with this, though, is that a lot of web forms have limits on how long an email address can be. This can lead to abbreviations which are too short to be meaningful. And, as someone else said, there are a few web forms that don't appear to recognize the "+" as a valid character in an email address. When possible, I try to contact the authors of such packages to recommend a fix, but YMMV.



[ Parent ]
A dictionary attack? (none / 0) (#74)
by NMSpaz on Thu Mar 18, 2004 at 11:05:57 PM EST

I don't see how the +scheme is susceptible to a dictionary attack.  Everything after the + is a valid address that gets delivered, it just then gets filtered out.  Having 90,000 identical messages addressed to foo+a@.. foo+aardvark@.. is a pretty easy thing to filter.

I don't want to add random numbers after everything because that defeats the whole idea that the + address is "just another address" to everybody who doesn't understand the system.

[ Parent ]

dictionary (none / 0) (#79)
by frozencrow on Fri Mar 19, 2004 at 12:45:46 AM EST

It's mostly only an issue if you're worried about the possibility of an attacker (a rogue admin who can see what address you're subscribed with, for example) who notices that you are using email addresses of the form foo+kuro5hin@example.com. A wily attacker might guess that the address foo+bugtraq@example.com is what you used to subscribe to bugtraq. They would still have to figure out a way to do something nefarious with that address, of course, and depending on what system they're interfacing with, that may or may not be difficult. The timestamp (or whatever) just adds an extra degree of difficulty to the guessing process. It also allows you to keep your mnemonic if you decide to resubscribe. For example, retire the foo+bugtraq-1071200957 address and subscribe foo+bugtraq-1079674804 instead.

This doesn't really matter a whit as far as spam filtering goes, though you can use such a system to filter out your email+whatever addresses that start receiving spam. It's mostly just for tracking and for defending against rogue administrators. I'd agree that it's certainly less friendly if you're interfacing with humans.



[ Parent ]
I wrote a diary entry about this. (none / 1) (#61)
by tbc on Thu Mar 18, 2004 at 02:22:48 PM EST

As I mention in my previous comment.

[ Parent ]
I have an idea.. (none / 2) (#50)
by Golden Hawk on Thu Mar 18, 2004 at 05:31:00 AM EST

How about we just set up a whitelist system?  The problem with these is what if some strange e-mails you that you actually wanted to get into contact with?

I have two solutions.
1)e-mail a reply to the reply address with your phone number in it, and don't accept call-id blocked calls.

2)Send an e-mail back with a special hash, which you can reply to to get automatically added to the whitelist.  (Or alternatively, to get added to a 'grey list' which only allows 100 max character messages.  Essentially a "Please add me to your whitelist!  I'm xyz" is all they could say)

There.  Spam gone.  Or at the least SEVERELY tripped up.

The graylist idea is the best, because you could also have it filter out URLs, etc.  (by filtering out all characters letters and basic punctuation), thus, combined with the character limit, making it totally useless to spammers.
-- Daniel Benoy

Actually I have two ideas.. (none / 1) (#51)
by Golden Hawk on Thu Mar 18, 2004 at 05:37:26 AM EST

http://www.hashcash.org/

A spam filter could require a hashcash of an amalgimation of the body of the message, the sender address, and the recipient address, to be included as a header, or the message is rejected.  It could be placed on top of the current SMTP standard, no need for a rewrite.

Basically the spammers would be forced to do a large amount of CPU usage per sent e-mail.  But the recipient could check it instantly, and so could every hop along the way.

Which isn't hurtful at all to legitimate senders, but to senders who fire out a million e-mail a second, they'd be lowered to a mere ten e-mails a second or less depending on the required length of the hashcash.
-- Daniel Benoy
[ Parent ]

client computations (none / 1) (#58)
by frozencrow on Thu Mar 18, 2004 at 12:18:02 PM EST

Forcing senders to generate a hash of some sort is an idea that sounds good only so long as the spammers are limited to having One Big Mailserver each. Real Spammers don't have OBM. Real Spammers have a couple decades or more of cheap boxes. Real Spammers also occasionally have large botnets. Real Spammers don't shut off their machines promptly at 5pm. Even at only 10 emails/second, you're still looking at 864000 emails/day. If that's not enough, they just get a second machine. And then, of course, they can also buy faster machines to do the computations faster.

Add to that the fact that you WILL hurt legitimate senders, mostly those folks who run large mailing lists, such as bugtraq. And then there's the part where every mailserver on the net would have to be updated to work with this system. Even if it doesn't require a rewrite of SMTP itself, it still requires modifications to all the MTAs.

The bottom line is that if you want to stop spammers, then you have to do something that Real Spammers can't handle, but everyone else can. Anything else leads to legitimate mailserver operators being hurt, while spammers modify their routines a bit and continue spamming. Spammers spam for a living. They have plenty of time to work on ways to get around anti-spam solutions, so if there's a hole in the anti-spam solution, they'll find it and use it.



[ Parent ]
Hashcash objections, addressed. (none / 1) (#63)
by Kyle on Thu Mar 18, 2004 at 03:05:02 PM EST

You're right about botnets computing computational challenges to go through spam filters. Pretty much any anti-spam solution has that same problem: insecure computers on the Internet, compromised, and used for the spammer's purpose. Even if we had perfect authentication, a spammer can break into a legitimate user's machine and use that user's credentials to spam.

You're wrong about mailing lists, though. The solution, as mentioned in the Hashcash FAQ is for recipients to accept hashcash addressed to the list. Then the list just passes the mail through without having to do any computing.

There's also not really any update to the mail server necessary. You can do it all in user space. In fact, the next version of the widely used SpamAssassin tool will be able to check hashcash and factor it into its assessments.

[ Parent ]

hashcash objections, not really addressed (none / 0) (#82)
by frozencrow on Fri Mar 19, 2004 at 02:21:29 AM EST

Having read more about hashcash, I see that it's not necessarily something involving the MTAs. However, it still requires modification of a minimum of two elements (something on behalf of the sender and something on behalf of the recipient) in the chain. So great, you don't have to modify the MTAs, but you do have to modify the clients.

And mailing lists. The mechanism you're describing to handle mailing lists sounds like a whitelist variation. Which means that it breaks in all the ways that other whitelist-styled spam filters break. The only saving grace here is that most of those failure modes are not severe.

So it appears that hashcash doesn't really solve the core problem (spam,) but it does impose significant burdens on legitimate users.



[ Parent ]
people already do this (none / 1) (#57)
by frozencrow on Thu Mar 18, 2004 at 11:55:47 AM EST

It is called TMDA and it is a major pain in the ass. That would be my humble opinion, by the way.

How do you deal with the case where two people use TMDA, but neither one is on the other's whitelist? You either have to accept that this deadlock can occur, or you have to work around it in ways that basically make the system useless. TMDA only really works at all because so few people are using it. Yes, *those* people see benefits, but all the rest of us have to suffer for it. Thanks guys.

Also, there's no reason that a spammer can't set up an auto-ack system to deal with TMDA. I haven't heard of it being done on a widespread basis yet, but it's only a matter of time. Spammers are not as stupid as we wish they were.



[ Parent ]
TMDA ends spam (none / 1) (#62)
by Kyle on Thu Mar 18, 2004 at 02:31:16 PM EST

Your concerns, and more, are addressed in "TMDA Ends Spam," an article I wrote in August.

Briefly, the ways to avoid deadlock are the same as the ways to guarantee that people can always reply, and there's more than one way to do that. If spammers set up auto-repliers, they'd be supplying a real email address, which makes them easier to track. Also, this raises the cost of spamming. Anything that raises the bar is a good thing, IMO.

[ Parent ]

raising the bar (none / 0) (#81)
by frozencrow on Fri Mar 19, 2004 at 01:24:37 AM EST

I have to disagree with the raising the bar thing. Spammers do this for a living, so raising the bar a bit isn't going to even come close to stopping them. Meanwhile, the non-spammers also have to deal with the raised bar. I don't exactly think the sky is falling, but I do note that that it's getting much harder lately for me to send email to other people, and I think that that sucks ass. I tend to see TMDA as Yet Another Kludge that doesn't really fix the spam problem, though it certainly does add some new ones.



[ Parent ]
Stop or I'll hinder! (none / 1) (#87)
by Kyle on Fri Mar 19, 2004 at 10:47:05 AM EST

Stopping spammers is ideal. Hindering them is the next best thing. Spamming continues because it is profitable. As I think we agree, it will always be possible. Raising the bar reduces the profit; if we can raise it high enough, the spamming will stop. It won't be because we made it impossible to spam; it will be because it costs too much.

[ Parent ]

bar raising (none / 0) (#88)
by frozencrow on Fri Mar 19, 2004 at 12:06:24 PM EST

I would definitely agree that due to the way SMTP is designed, it will probably continue to be possible to spam. I would also agree that raising the cost of spamming will make it unprofitable.

The part that I'm disagreeing with is the idea that this class of solutions (personalized whitelists that are populated by semi-automated mechanisms) in particular is a good solution. It raises the bar for everyone (it has to, otherwise it would be trivial to circumvent.) It is distasteful to a sizable number of people on the net. It increases the number of automated-reply-type emails flying around on the net. And worst of all it is automatable, so if the spammers ever decide that it is worth their while to create a workaround for this particular anti-spam solution, someone will spend a few hours figuring out how to do it, at which point the spammers will no longer be hindered anywhere near as much as the common email user.

If we want to raise the bar, we need to do so in a way that really and truly raises the bar, not something that puts in a small, finite number of speedbumps. Spammers are smart enough to automate. They're smart enough to do simple math. They're smart enough to collaborate. They're smart enough to realize that they can use throwaway domains, offshore accounts, and other people's machines to get their messages out. The "common user," on the other hand, is smart enough to realize that they do not push the volume to justify creating an automated workaround for whatever anti-spam systems are in place. In terms of the tradeoffs (increased cost to spammers versus decreased utility to legitimate users,) this is a bad trade.



[ Parent ]
No. (none / 0) (#99)
by vectro on Sun Mar 21, 2004 at 09:56:58 AM EST

"Spamming continues because it's profitable."

This statement is close to the truth, but not completely. In fact, reality is:

"Spamming continues because spammers think it's profitable."

This is an important distinction, because now the only things required to perpetuate spam are: profit from spam software, and a ready supply of stupid peple.

“The problem with that definition is just that it's bullshit.” -- localroger
[ Parent ]

skill-testing question (none / 2) (#55)
by Ranger Rick on Thu Mar 18, 2004 at 09:13:47 AM EST

Just imagine if everyone who phoned you had to answer a timed, skill-testing question!

I believe what you meant to say was, "Just imagine if everyone who phoned you had to answer a timed, skill-testing question once, and then never again had to because they're whitelisted!"

I don't like TMDA by itself, it challenges too often, but it's not like they have to answer the question every time they want to e-mail you. Grandma can reply once, and then never have to worry about it again.

Instead of just TMDA, I use a combination of tools (it's actually morphed a tiny bit from what I have there, but is essentially the same).

It works pretty darn well, and the only active participation I have to do is drag new spam to the blacklist IMAP folder. I deliberately have the bayesian stuff err on the side of caution, and my spam has gone from up to the level of 100 a day to maybe 3.


:wq!


Grandma and others wouldn't know how to.. (none / 2) (#65)
by sudog on Thu Mar 18, 2004 at 07:33:44 PM EST

..deal with that kind of email. The comprehension and more importantly the desire to comprehend given the fears about the Internet and the hostile light the media often portrays it in just isn't there.

It'd be unrealistic to expect people who are 85+ years old to conform to some kind of weird email telling them what to do, because 1. they don't like being told what to do, and 2. the email doesn't have her grandson's familiar tone and from: address.

That's just a singular example--there are lots of normal people who simply can't be bothered or are too afraid to, and going through them one by one just because I'm too lazy to manage my own email addresses seems selfish to me.

Even for myself, when I get reply notes from TDMA'ed people I find the imposition on my time to be extremely irritating, especially if they wrote me first and forgot to add my address to their whitelist. It borders on insulting, really.


[ Parent ]

Ah, but you don't need to TMDA everyone! (none / 0) (#98)
by vectro on Sun Mar 21, 2004 at 09:53:33 AM EST

I had (*) an anti-spam system set up that would use SpamAssassin as a primary filter on e-mails, with a relatively high threshold. Then any incoming mail which failed the filter would generate a bounce, to the effect of:
"This message was flagged as spam. If that's not right, reply with the subject 'Unambiguously Spam Free'"

After that, the e-mail's whitelisted and that person doesn't have to deal with it ever again.

(*) Past tense because presently I am travelling, and moved my e-mail to a webmail service.

“The problem with that definition is just that it's bullshit.” -- localroger
[ Parent ]

And: You drop all HTML email..!? (none / 0) (#66)
by sudog on Thu Mar 18, 2004 at 07:36:52 PM EST

From that page you linked to: "There are some pretty simple methods to take care of this, and it's not really a big problem anymore. Somewhere toward the bottom of the page, I've got a procmail script that kills HTML mail."

That would drop about 75% of my incoming "normal" emails right into the void! That seems to be an imposition on others which forces them to conform to an ideal which simply no longer applies before you'll deign to reply to them.

Probably 15% of my friends and acquaintances would no longer use email to contact me in that case. It's supposed to make contact with me easier, not harder. :)


[ Parent ]

uh-ignore the above note. Need to wake up. :) n/t (none / 0) (#71)
by sudog on Thu Mar 18, 2004 at 08:03:02 PM EST



[ Parent ]
sneakemail.com and plussed users are MUCH simpler (none / 3) (#60)
by tbc on Thu Mar 18, 2004 at 02:21:23 PM EST

Same idea. Throwaway addresses. I also use plussed user addressing. (In fact, I'm about to blacklist timc+kuro5hin@divide.net because it's been harvested. All I have to do is change it to timc+k5+1@divide.net. ) I have never had SPAM leaks to my "real," secret e-mail address since adopting this system several years ago.

UH, YEAH, SURE (1.00 / 17) (#72)
by Worker Bee on Thu Mar 18, 2004 at 08:38:54 PM EST

YOU SAVED AN HOUR A YEAR DELETING EMAILS AND INSTEAD SPENT FIVE HOURS RESEARCHING AND WRITING THIS SHITTY ARTICLE.

WE'VE GOT A FUCKIN' AL EINSTEIN HERE, PEOPLE!

THE WEAK AMONG US CLAMOR ABOUT ETHICS BECAUSE IT'S THE ONLY CHAIN THEY HAVE LEFT TO SHACKLE THE STRONG.

A bit more than that perhaps (none / 2) (#73)
by greenrd on Thu Mar 18, 2004 at 09:42:58 PM EST

I used to spend far more than an hour every month (i.e. more than 2 minutes a day) deleting spam before I started using bluebottle.com.


"Capitalism is the absurd belief that the worst of men, for the worst of reasons, will somehow work for the benefit of us all." -- John Maynard Keynes
[ Parent ]

Your math is a bit off. (none / 1) (#94)
by sudog on Fri Mar 19, 2004 at 06:01:56 PM EST

I spent upwards of five minutes a day combing through my spambin for "legitimate" emails to make sure my filters were working correctly. Do the math: 2 minutes/day * ~340 email-fiddling days/year = 680 minutes, or closer to 11 hours, or approximately an entire working day per year just dealing with my spam problem.

I have that time back now, and expect to enjoy the mental benefits and lack of frustration for another two years at least.

I spent less than 35 minutes writing the story the first time, submitting it to the queue, and then another 15 minutes fixing it up in response to the editors' suggestions, or about an hour writing it and having it posted to Kuro5hin. I spent about another 15 minutes making these replies and modding everyone (even you) to "3".

If I've saved a full working day of someone else's time--even just one single other person out there--then I believe the effort spent here is completely and totally worth it. In fact, I'd be happy to have spent double or triple if it meant one other person was motivated to finally go ahead and do what they've been putting off for months or years, as I was.

I have no self-aggrandising illusions that I'm the only person to have thought of this and done it: quite the contrary. However, having jumped through the hoop of fire and come out unscathed on the other side, I think I have something somewhat unique to offer the rest of the Kuro5hin readers who were themselves thinking of doing this: my hand and a big, giant grin!

[ Parent ]

Filters are good enough for me (none / 1) (#77)
by skim123 on Thu Mar 18, 2004 at 11:40:21 PM EST

I used to use a homegrown C/R system, but I found that many people either didn't bother responding to the challenge, or lost it in their own web of spam filters or C/R systems.

After a few months of not being happy with C/R, I swtiched to Spambayes. I jacked up the settings so that only those with a spam score of 95% or higher are automatically junked. Still, I get about 80-100 auto-junked per day, and about 10-25 in the "junk suspects." I've never had a false positive in the Junk Email folder, but have a few false positives for "junk suspects" each day. I'd say about 5 spams end up in my Inbox (ones that get past both the junk email and junk suspect checks.

Money is in some respects like fire; it is a very excellent servant but a terrible master.
PT Barnum


Funny thing with filters (none / 3) (#78)
by vyruss on Fri Mar 19, 2004 at 12:01:58 AM EST

When I was at university, my adviser stopped responding to my emails at some point. I knock on his door and he says, "what emails?". Apparently they'd been tagged as spam by the university system. Now how an email from the same departmental domain could be spam, I don't know. So I started wondering, why the hell would my departmental address be tagged as spam?

Then it all came back to me. One day I was testing my new Pine installation (by the way, I don't want to start a flamewar but Pine rocks for both *nix and windows) and I sent a test e-mail from that address to the same address. But the e-mail's subject was "Lalala" and the text was "Spam spam lovely spam lalalalala". I received it all right, but apparently the stupid filter thought I was a spammer.

Now tell me, for the love of god, who is the genius that thought spam email would actually contain the word "spam" in the text?

  • PRINT CHR$(147)

That's not so unusual. (none / 1) (#85)
by ant0n on Fri Mar 19, 2004 at 07:43:37 AM EST

I have received some spam-emails with a subject line that goes "Never receive any more spam" or "The solution to all your spam problems" from spammers already.
-- Does the shortest thing the tallest pyramid's support supports support anything green?
Patrick H. Winston, Artificial Intelligence
[ Parent ]
There was no "spam" (none / 0) (#97)
by vyruss on Sat Mar 20, 2004 at 02:57:08 PM EST

in the subject line though!

  • PRINT CHR$(147)

[ Parent ]
what about stupid friends? (none / 3) (#80)
by kubalaa on Fri Mar 19, 2004 at 12:56:19 AM EST

What happens when your best friend with your "private" address includes it on a giant CC: list which includes some mailing list with online archives. Or just falls victim to some Outlook-address-book-scanning virus. Do you just get a new private address?

I've been doing this (none / 1) (#86)
by DoorFrame on Fri Mar 19, 2004 at 10:19:12 AM EST

I've been doing essentially the same thing with unique emails for each service I use... for exampe my email on kuro5hin is kuro5hin@example.com.  It allows you to keep track of all incoming mail in a fairly organized way and easily block all spam from untrusted folks who have decided to sell your name.

Now, I actually had two people give out my trusted email on huge CC lists.  I chastised both of them severely and received immediate apologies.  One of them caused no damage, the other resulted in exactly ONE spam to date (I immediate reported the spammer using Spamcop) from a service directly related to what the CC list was about, so clearly it came from there.  Luckily, it hasn't yet happened.  Hopefully, it will continue to not happen.  In a worst case scenario where my trusted email becomes unusuable, I can always switch and let the important people in my life know and start again.  

It's really important to own your own domain, it makes avoiding spam somewhat possible.

[ Parent ]

Good question. (none / 0) (#93)
by sudog on Fri Mar 19, 2004 at 05:50:09 PM EST

That's why I built more than one alias--one for the people I thought might or would do that, and one for the close friends and relatives I know are savvy enough (or disinterested enough) to forego that particular silliness. :)

I suppose I've done as much mitigating of my exposure as is possible without making contacting me nearly impossible.

Still spam-free at the moment though, so the personal satisfaction at this point makes the effort worthwhile.

Yes, I have some time on my hands these days. Everyone should have some time on their hands so they can have the choice to do this themselves if they so desire.


[ Parent ]

Not to ask a dumb question but... (3.00 / 4) (#84)
by Yori on Fri Mar 19, 2004 at 02:57:05 AM EST

What happens when your close personal friends get some virus that spams out your private, unfiltered email address out to random people and eventually makes it's way onto spammer lists? o_O;

I cross my fingers *grin* (none / 0) (#92)
by sudog on Fri Mar 19, 2004 at 05:46:29 PM EST

... I don't expect to remain 100% spam-free forever. However, careful maintenance can minimize (and help eliminate) future releases, either accidental or on purpose, of my emails to future spammers.

Certainly nothing on the order of the effort I was forced to undertake this time will ever be required again unless the one lonely server I have my virtusertable in is hacked and that specific file is stolen by a harvester in the future.

I pray that day never arrives of course, and I'll try not to make a target of myself.


[ Parent ]

How about... (none / 0) (#102)
by sab39 on Tue Mar 23, 2004 at 11:06:52 AM EST

...giving different aliases to each individual friend/acquaintance so that when one of them gets virused, you know which it is and can easily give them a new alias.

eg myname-friendsname@example.com - if friendsname gets virused, they get given myname-friendsname2 or similar.

You could make this even more bulletproof (at the cost of making your friends' lives harder) by arranging your filters to only allow email to myname-friendsname if the "From" address matched friendsname's known email address. Then even most virus spam wouldn't get past because most viruses are "smart" enough not to use the true "From" address associated with the computer they're on.
--
"Forty-two" -- Deep Thought
"Quinze" -- Amélie

[ Parent ]

Not a bad idea.. (none / 0) (#104)
by sudog on Mon Mar 29, 2004 at 02:49:18 AM EST

..but not so hot unless I can figure out catchy aliases to give to them all that they're remember so they don't have to reference an address book back on their home computer when writing to me.

If I can, then separate aliases would work fine for close friends or associates.

I wouldn't be able to get away with making it obvious that I made a personal alias just for them if I'm attaching a "I'm getting too much spam. From now on, write to me-yourname@example.com." Then I get to deal try to mitigate any insult that would garner. :)

[ Parent ]

DIfferent strokes ... (none / 1) (#90)
by jesterspet on Fri Mar 19, 2004 at 01:33:02 PM EST

Seeing this article on the heels of one posted on the Anti-Spam Solutions & Securityon Security Focus simply shows me that there is no "Killer App" or combinations of apps that will work for everyone all the time.

One thing a person should keep in mind when reading this article, is that one persons solution will not work for everyone. It is important that the reader understand what their needs are & how they differ from the authors.




(X) Yes! I am a brain damaged lemur on crack, and would like to buy your software package for $499.95
.. true enough. (none / 0) (#91)
by sudog on Fri Mar 19, 2004 at 05:40:24 PM EST

However, you'll notice that I put my intended audience (for whom this solution is more likely to be ideal) in my introduction.


[ Parent ]
Subject: Kuro5pam (none / 0) (#95)
by mcgrew on Fri Mar 19, 2004 at 09:44:59 PM EST

From: taylormarcus1965@netscape.net
Date: 3/15/04 4:21 AM
To: Kuro5pam@mcgrew.info

Dear friend,

My proposal to you will be very surprising, as we have not had any Personal contact before. However, I sincerely seek your confidence in this transaction, which I propose to you as a person of transparency, honesty and high caliber. Let me first start by introducing myself properly to you. My name is Marcus Taylor; i am the son to President Charles Taylor, the President of Republic of Liberia. I got your email address from network directory. I apologize if I have infringed on your privacy. It may interest you to know that my Father (former President Charles Taylor) has been fighting serious civil war with the Liberia United for the Restoration of Democracy (LURDS) for quite some years now. The LURDS has been backed (all along) by some foreign powerful countries. Not quite long ago, the American government ordered My Father to leave Liberia or be forced out of power. Knowing fully well the capabilities of America and other powerful members of the United Nations, my Father (President Charles Taylor) decided on the 11th of August 2003 to go into exile in a neighboring country Nigeria to seek asylum. He is presently in a town called calabar is Nigeria.

A new government headed by Vice President Mr. Moses Blah has been sworn in. Based on these developments, the various foreign bank accounts of my Father are already being investigated. News just came in that one of the fattest accounts he has in Switzerland has been frozen. In the light of all these sad happenings, my Father, through the help of his loyalists has secretly moved a sum of US$25M (TWENTY-FIVER MILLION UNITED STATES DOLLARS] to a private security company vault in Europe and right now, my Father wants the services of a highly reliable foreigner that will help us claim these boxes containing the funds from the security company and receive the funds into his/her bank account for the future survival of my family because he cannot presently operate any foreign bank account on his name. These funds (US$25m) arose from various compensation he received from the sales of rubber, timber and diamonds which are abound in great quantity around the coastal areas of the country.

My father and I have decided that if you are able assist us, you shall be compensated with 20% commission of the funds, 5% of this money shall be set aside to take care of any local or foreign expenses that might be incurred along the line. My family will make do with the remaining 75% of the funds. It might also interest you to note that all security arrangements regarding this transaction has been put in place, therefore, you have nothing whatsoever to fear or worry about.

Most part of this share (80%) for my family will also be invested in your country courtesy of your full advice and assistance because that is the most important part of this transaction. Please as you show your willingness, forward to me your full name, address and Tel/ Fax numbers, to me via my private email, and I will get back to you immediately with more information and subsequently send you the necessary documents needed in this transaction.

God Bless you as you assist us.

Best regards,

Marcus Taylor.

"The entire neocon movement is dedicated to revoking mcgrew's posting priviliges. This is why we went to war with Iraq." -LilDebbie

I'm in! (none / 1) (#96)
by tiamat on Sat Mar 20, 2004 at 01:45:32 PM EST



[ Parent ]
Here's one way I just thought about reducing spam (none / 0) (#100)
by bigchris on Mon Mar 22, 2004 at 08:21:53 AM EST

Use the plus addressing that was mentioned earlier, but in front of the address put a unique ID that identifies the mail. Of course this would only be useful for responses to your email when you don't want people to harvest your email address.

In other words: you have to send a support email to a company. You make your email GUID1134-5DAE-53B2+blah@example.com - then set up an account on your system to accept mail from this email address for a short period of time. This would forgo TMDA for one time emails that you need a reply on. Then, kill the email address after you receive the email and when you reply change the email address to another email with a GUID+blah@example.com.

Why would this work? It's like session tracking, just with email.

Given that a lot of email is harvested from archives and mailing lists, you could extend the idea to implement something similar in mailing lists so that the session tracking of the email would be done at the list-serv side. Each email address that gets posted to a list coversation gets rewritten as "conversationGUID+posterGUID@listserv.com", then you reply to this. ConversationGUID is the conversation or thread, and posterGUID is a GUID of the person sending the email. The reply emails get sent to the mailing list... now if you aren't in the mailing list and your reply-address doesn't get matched then the mail gets bounced by the list-serv or gets placed into a queue for moderators to look at the email. This way it's a lot harder for spammers to send spam through the mailing list, and impossible for them to harvest email from achives.

Now you could also make it that anyone who wants to get in contact with you needs to send an email to posterGUID@listserv.com and the listserv writes back asking for some sort of authentication - like a GUID number, etc. You authenticate and the email gets through to the person you want to contact. If they then choose to they reply back. This means that spammers have to be registered with the listserv and if you report a spammer they have to verify themselves - if they can't then they get banned. Of course... if a spammer does get through you give yourself an email like devmailinglist+blah@example.com. If the spammer gets through (unlikely) then you regenerate the blah bit of the mailing list and update your email address with the listserv.

Yeah, a lot of hard work and this idea has probably got flaws/could be thought through better, but it might be one way of doing things.

---
I Hate Jesus: -1: Bible thumper
kpaul: YAAT. YHL. HAND. btw, YAHWEH wins ;) [mt]

Spamassassin (none / 0) (#101)
by jrballard on Mon Mar 22, 2004 at 05:04:20 PM EST

Unfortunately I am not able to change my email address (ah, to be the mail admin...)

Anyway, an excellent system is SpamAssassin. It is an amazing collection of all of the techniques (RBL + filtering) into a system that works remarkably well. Combined with Bayesean filtering, it catches several hundread spams I get every day. -Jeff

Yahoo mail rocks... (none / 0) (#103)
by dealsites on Wed Mar 24, 2004 at 09:55:59 PM EST

I've been using yahoo mail for quite some time. I'm really impressed with thier spam filtering. I rarely get any spam. If it's questionable, they will put it in a bulk mail folder for you.

--
Tech deals updated in real time from all the major deal sites.

POPFile (none / 0) (#105)
by worktheweb on Fri Apr 02, 2004 at 11:14:17 PM EST

I've been using POPFile for about a month now. It is a Bayesian filter and has been remarkably accurate. Including the training period (when it is "supposed" to screw up ... it learns from mistakes) I've had a 99.3% accuracy rate. Out of over 4,500 e-mails in the last month (I get a lot of spam -- around 98% of my mail) it only got things wrong 31 times, only 10 of which were non-spam being classified as spam.

It isn't perfect, and I still check the spam list every once and a while to see if it dumped a good message, but it has allowed me to do that on my own schedule. Previously e-mail had become all but unusable, POPFile has fixed that -- and it keeps getting better.

Spam-Free at Last | 104 comments (92 topical, 12 editorial, 1 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest © 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!