[OT] Beware, Spam Source

Do you have a better idea?

SioL

that

send

filtering

examination

6

folder

Holy smokes! And I thought 75 a week was bad on my freebie email acct. So tell us what product youe ISP is using for filtering.

At work we started using Sophos Pure Message about a month ago and it has eliminated a lot of spam. I've talked to a anumber of the users and they have all said that it has reduced the spam dramatically.

But the company is secretive about how they do the filtering. All I can find in their website is that they use a 'cocktail' approach, with more than one method of filtering.

But a nigerian 419 letter slipped thru the other day, and in the headers it was marked as 43% probability. We have the cutoff point set at 50%. I was further dismayed to find out that a legit piece of email advertising was marked at 44%, so if I set Outhouse to filter out percentages below 50%, it may filter out some false positives. Bummer.

I was reading that one of the oompanies said that they found that spam made up over 3/4 of the emails last month. That's really dismaying, and should be viewed with great consternation, because it means that laws haven't been enforced enough, and spammers are just deluging the net with sewage to get past the heavy filtering that almost every ISP is now doing. If the increase in spam isn't brought to a halt, the whole net will become logjammed with spam.

Both AOL and Microsoft have publicly stated that they filter out 2.4 Billion spams a day or more, just a staggering amount of net pollution - over 50 thousand a second!

-- @@F@r@o@m@@O@r@a@n@g@e@@C@o@u@n@t@y@,@@C@a@l@,@@w@h@e@r@e@@ ###Got a Question about ELECTRONICS? Check HERE First:###

My email address is whitelisted. *All* email sent to it goes directly to the trash unless you add NOSPAM in the Subject: line with other stuff. alondra101 hotmail.com Don't be ripped off by the big book dealers. Go to the URL that will give you a choice and save you money(up to half). You'll be glad you did! Just when you thought you had all this figured out, the gov't changed it:

pollution -

I have a junk account at hotmail that I use for things that might generate spam. I used it for the free trial of Mathematica, and the download and password message wasn't showing up. After a while I decided to toss my 'junk', and for some reason the hotmail filters decided that the download and password message belonged with the Viagra ads. Actually, everything from wolfram is getting filtered...

Regards Bob Monsen

This is always a risk you take... we have a cut-off of 80% which works fairly well - only had 3 spam today... the rule is a composite... the scanning is the 80% bit but an additional rule that checks the mail first is to see if it has originated from a known source or bounced through a realy.. if it has, no further scanning happens, it is deleted without notice.

The hits on these two rules seem to be about 55% relayed, 45% spam "looking"

When spam does get through, we forward it to a special address to teach the engine about it - very effective.

I do know that we have lost required mail though in tiny quantities. This is bounced back to the sender and at least they know it wasn't recievede. What can you do about it? Raise the threshold and more spam gets through. What we have done is to introduce a "magic word" so that if a mail is sent with that word in it, it is passed directly with no further scanning. Which helps.

Current hits for May are:

-------------------------------------- FastTrack 38

4_RLY 0% 1809 1_DEFSPAM 80% 1444 2_KNWNWDS 20% 21

so that is 3000+ spam stopped in 17 days *sigh*

headers

50%.

Bummer.

first is

realy..

"looking"

teach the

This is

What

What we

with that

helps.

What antispam software are you using? I'm not sure that we can use Outhouse or exchange for that matter to prefilter before the Pure Messages gets to it. One reason that I say this is that we are still using sendmail on a *nix box as our email gateway. And also, our admin doesn't give the users permission to train the software.

On the other front, I was reading this article.

All of a sudden, it dawned on me. The authors of the Can Spam Act forgot one thing, that now that I think back on it, is all too obvious to be forgotten. Remember back when almost all spams lied, "This email complies with S.1618 passed by congress in blah-blah.. and cannot be called spam.."

Well, the authors of the Can Spam Act forgot to add an "egregiosity clause". It should have said, if spammer fraudulently claims that their spam complies with the Can Spam Act, then the penalties of section so-and-so are DOUBLED. Or maybe even tripled. So the spammer could get

10 or 15 years instead of five, and be fined 20 or 30 thousand instead of 10 thousand!

Don't you think that, for spammers, this is a much more fitting punishment?

YES!

-- @@F@r@o@m@@O@r@a@n@g@e@@C@o@u@n@t@y@,@@C@a@l@,@@w@h@e@r@e@@ ###Got a Question about ELECTRONICS? Check HERE First:###

My email address is whitelisted. *All* email sent to it goes directly to the trash unless you add NOSPAM in the Subject: line with other stuff. alondra101 hotmail.com Don't be ripped off by the big book dealers. Go to the URL that will give you a choice and save you money(up to half). You'll be glad you did! Just when you thought you had all this figured out, the gov't changed it:

FTGate + UBEBlock

not nearly sufficient... nothing short of flayed alive then rolled in salt :o)

salt

I just knew someone would chime in with the usual 'boil 'em in oil' type of punishment. AS much as we'd all like to see that, it'll never happen. But we really need to deal with reality, and get the gummint crackin' on dragging these parasites into the legal system and grinding them down. It's common knowledge that only a couple hundred of them are responsible for causing most of the damage, so a concerted effort from law enforcement would do some serious damage to their abuse of the net.

We needed this done years ago. It's gone way past the crisis stage.

-- @@F@r@o@m@@O@r@a@n@g@e@@C@o@u@n@t@y@,@@C@a@l@,@@w@h@e@r@e@@ ###Got a Question about ELECTRONICS? Check HERE First:###

My email address is whitelisted. *All* email sent to it goes directly to the trash unless you add NOSPAM in the Subject: line with other stuff. alondra101 hotmail.com Don't be ripped off by the big book dealers. Go to the URL that will give you a choice and save you money(up to half). You'll be glad you did! Just when you thought you had all this figured out, the gov't changed it:

dammit... disengage predictable mode... :o)

Heh.. It would be a comedy, if it wasn't such a tragedy. They're saying in the newsmedia that 3 out of 4 (or more!) emails are spam. Seriously. It's just an unbelievable disaster waiting to happen.

Every body wants Da Gubmint to take care of their problems for them. Sheesh! Whatever happened to that "shitlist" dealie, where somebody maintained a file of IPs of spammers, and other ISPs and people who shuttle traffic back and forth would start bouncing packets from these IPs. It'd sure be simple to do.

And you say they go through anonymizers? Fuck'em. Bounce the anonymizer.

They spoof their "from" addy? Well, fix whatever computer's letting them get away with _that_!

Cheers! Rich

----------------------- That's because we want all of us to gang up on criminal bullies and do away with them, the govt is merely ALL OF US!!

------------------------- Because it has an uncertain result we don't have to bother with.

-------------------------- We should cut any anonymizer that emits spam off the Net.

------------ Yup. But the govt does this best.

-Steve

--
-Steve Walz  rstevew@armory.com   ftp://ftp.armory.com/pub/user/rstevew
Electronics Site!! 1000's of Files and Dirs!!  With Schematics Galore!!
http://www.armory.com/~rstevew or http://www.armory.com/~rstevew/Public

saw a figure from message labs saying that 83.2% of traffic in the US for April was spam .. OH. MY. GOD!

anonymizer.

see my stats in earlier post... the RLY is for anytning that bounced through a known relay or from any "media company" that is a known source... deleted without notification. The S/W does a dns (ip) lookup on spambag, et al... if one matches then it's curtains. I am sure that some are on there for duff reasons (badly configed server) but as you say... Fuck 'em

agreed. We used to firewall the whole of Asia from traffic inbound port 25 but we started to lose mail from japan that we wanted and it was just getting tooooooooo big-a-job to keep on top of the firewall rules... still a few there tho'

what would be better IMHO is is the ISPs did not allow *automatic* outbound SMTP from their users. Joe public with an AOL account will only want to connect to AOL's mailer... This would scotch nearly every spambot infected PC in a NY minute... Anyone who WANTS outbound 25 only has to ask for it... the vast majority of net users wouldn't even know what this is all about and so wouldn't be impacted. Probs then with port blocking and users on DHCP etc... :o( what to do?

I am convinced this will only be solved by statue... but then if someone send out a million spams and one person replies sying "yes please" (and they do) then you have evidence the spamer can use to fight the corner. I think I am just going to kill myself instead... then they'll be sorry :o)

wrote

type

gummint

grinding

are

from

net.

Well, laws aren't worth the paper they're printed on unless they're enforced. And spamming may be lucrative enough that the spammers are willing to take the risk of being caught if the chances are slim. The LEAs just need to make the chances a lot less slim.

Already happening. Spamhaus has one, MAPS has a list, and there are several others. One problem is that spammers or their lackies are doing Denial of Service on some lists.

anonymizer.

Problem is that as soon as a good portion of the proxies get blocked, another worm/virus is released, and it infects another hundred thousand or more PCs, mostly on home broadband DSL or cable, and the block list is ineffective and has to be reupdated. It's a neverending battle, and the spammers have managed to keep ahead of the game. Some ISPs have stopped allowing any poret 25 email traffic from their users to pass thru to the outside world. Another help is a DUL list, which gives the IPs of all of an ISP's cable or DSL users.

That's what Microsoft's 'Caller ID for Email', SPF (sender policy framework), and Yahoo's DomainKeys are all about. One or more of these is about to be pushed and/or implemented. But already at least one spammer has a server with SPF.

They're saying that over 2/3 of the spam servers are in China. Some companies block all traffic from there and have some success. But the problem is that more and more companies have legit email from china, so that's a problem.

Filtering helps, but there's always the risk of losing an important email as a false positive. Believe it, Rich, if there was an easy solution, spam wouldn't be such a big problem.

Check this out: (As of May 19, 2004)

-- @@F@r@o@m@@O@r@a@n@g@e@@C@o@u@n@t@y@,@@C@a@l@,@@w@h@e@r@e@@ ###Got a Question about ELECTRONICS? Check HERE First:###

My email address is whitelisted. *All* email sent to it goes directly to the trash unless you add NOSPAM in the Subject: line with other stuff. alondra101 hotmail.com Don't be ripped off by the big book dealers. Go to the URL that will give you a choice and save you money(up to half). You'll be glad you did! Just when you thought you had all this figured out, the gov't changed it:

wrote

oil' type

for

Exactly. Holy crap! That's 5 out of 6 emails! AOL has said months ago that 80 to 90% of their emails are spam. Now it's holding true for ther other ISPs. And that is still happening even tho AOL has prosecuted numerous spammers in court. It's not a matter of if, but _when_ the straw that breaks the camel's back will occur.

through

deleted

al... if

duff

port 25

still a

outbound

to

infected

it...

about and

DHCP

someone

(and they

think I

The newsmedia are saying that some users are shying away from using email because of the spam problem.

Check this out: (As of May 19, 2004)