Re: Anti-Spam ideas for usenet/list harvested email addresses
On Wed, 24 Sep 2003 15:20:09 -0600 (MDT),
"Jacob Anawalt" <jacob@cachevalley.com> wrote in message
<[🔎] 2147.192.168.1.4.1064438409.squirrel@scsi-burn.office>:
>
> Arnt Karlsen said:
> > On Tue, 23 Sep 2003 22:06:19 -0600,
> > Jacob Anawalt <jacob@cachevalley.com> wrote in message
> > <[🔎] 3F71183B.70506@cachevalley.com>:
> >
> > > Arnt Karlsen wrote:
> > >
> > > > On Tue, 23 Sep 2003 13:16:38 -0600 (MDT),
> > > > "Jacob Anawalt" <jacob@cachevalley.com> wrote in message
> > > > <[🔎] 1141.192.168.1.4.1064344598.squirrel@scsi-burn.office>:
> > > >
> > > > > Compare this to the "dog chasing cars" method of inventing a
> > > > > new filter rule that looks through the MIME data to decide if
> > > > > this is the latest worm you don't want or the kissing picture
> > > > > that you do. Sure it's cool to be a geek and figure out the
> > > > > rules. If you like doing this, do it.
> > > > >
> > > > ..another option is "blow up the road":
> > > > http://www.ordb.org/submit/
> > >
> > > I laughed at this at first, taking it as a "Jacob, this is about
> > > as dumb an idea as blowing up the road to your house", but then
> > > after seeing the link was to their open relay form, I was stumped.
> > >
> > > Do you mind shedding some more light on this for me if you were
> > > not trying to be light hearted? Thanks.
> >
> > ..why spoil the fun? ;-) Spam etc needs relaying "roads" to travel
> > to your box. ORDB also accepts email reports rather than this, uh,
> > "massive" web form, and I would think mailfilter or fetchmail or
> > somesuch can be a workable source for a mailto pipe.
>
> Doesn't some spam come directly from an individual running SMTP from
> their box to yours? I'm pretty sure this is the case for the
> W32/Swen@MM's email spreading methods.
..dunno, it's all in /dev/null ;-) , but most of the other spam comes
directly to my pop3 service provider, but there is some that has more
hops. These hops is IMNTHO ORDB fodder, and these relays deserve it.
..the "direct smtp'ers" uses someones "cracked wintendo on fat pipe"
which needs to be stomped flat, and the fat-piper isp's needs to know
where to stomp.
>
> > ..a third idea is a to "first check if the same spam relay has been
> > reported by someone else", ORDB has a 200 host report cap, and
> > reporting the same box half a bazillion times a day would just DOS
> > ORDB, which is not quite what we wanna do. ;-)
>
> A bitter irony is that we aren't using anything like ORDB to stop
> email because others users don't trust it to not block email they want
> to get. They heard stories about occasional blockings of places like
> AOL, and they have friends set on using those ISP's.
...with sloppy mail host admins that could use some flogging around.
> I'm going to try the suggestions I've seen on the list by running S/A
> on one domain. Maybe I can show the other users that it will be OK to
> use RBL filtering of email. I like the ideas I've read on having S/A
> trigger firewall rules for obvious spam.
>
> Still I'd like to find some better way of sharing my email address
> without feeling obligated to process all email sent to me in full. If
> there is a good way of doing this, it would help not just my situation
> but also users who like to post to lists and usenet but have no
> control over how their ISP handles email and who have limited
> bandwidth or quotas on their traffic. If many of these users were all
> on the same mail system, that mail server would benefit by not
> processing the DATA of list/usenet trolled spam/worm SMTP traffic.
.._take_ that control: Reporting open relays "blows up the road",
by _making_ sloppy isp's do some work to get their boxes outta that
baaad isp list.
..my scheme can also be extended to report "slow stompers", if
their _paying_ clientele is denied access, these will take that
internet business they pay for, _elsewhere_.
> Maybe rotating email addresses is the only way. That puts almost all
> of the burden of spam prevention on my end without any special hoops
> for others to jump through and once I close an account the SMTP server
> gets to reject at the RCPT TO: stage.
>
> Someone looking at an old message and trying to use the old email to
> contact me would get a bounce. Hopefully I could minimize even this
> inconveniance by having an overlap of some reasonable time frame
> between opening the new account and closing the old one, and I forward
> all email from the old to the new until the old is closed.
>
> Maybe I could even coordinate OpenPGP sub keys used to sign my
> coorispondance to expire on some interval, and my .sig could say "If
> the public subkey for this digital signature is revoked or expired,
> I've changed email addresses."
>
> Any rants on how inconveniant those methods would be if they wanted to
> be nice enough email me? :)
..strikes me as "you wanna duck", and it will not harm the spammers,
nor their sloppy or co-operating isp's. We need the "dogs chasing
the cars" for that number one new spam/worm etc, (O)(P)GP(G) is all
nice and could become a part of a C-R scheme, but it does not stop
the "dog chased cars" DDOS'ing you off the net. That stop bit still
needs the pipe stomp.
> Next month's news: "A new email worm that attacks only users of
> OpenPGP key servers by pulling down their public keys and emailing all
> their identities." *sigh*
..those worms still needs relays or cracked-wintendo-on-fat-pipe-hosts.
> I'll keep trying things and if I get some more mail server side wild
> (possibly bad) ideas, I'll post it to the debian-isp list.
--
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
Reply to: