SPAMers' tactics and effective prevention

From: Dan Clemmensen (Dan@Clemmensen.ShireNet.com)
Date: Thu Feb 04 1999 - 15:41:48 MST

• Next message: NetSurfer: "Re: Spam"
• Previous message: Michael S. Lorrey: "META: LAW: Brady Bill update"
• In reply to: Spike Jones: "Re: Junk mail and rotting web (SPAM)"
• Next in thread: mark@unicorn.com: "Re: Junk mail and rotting web (SPAM)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Spike Jones wrote:
>
> does anyone know: when you get a spam with a remove button,
> should you reply remove or just play dead and not reply? spike

There is now a fairly effective way to block most SPAM.
There are two web-based organizations that maintain
lists of IP addresses that are SPAM-friendly or SPAM-neutral,
and there are mail helper client that can use these lists
automatically to delete anything from these IP addresses.

One service is ORBS, and the other is MAPS.

ORBS is a list of "open relays" that have been used by SPAMMERs.
an open relay is an SMTP server that will forward SMTP incoming
to SMTP outgouing without any checking whatsoever. Nearly all
open relays are simply sites whose sysadmins are clueless, not
places that are actually trying to help SPAMers. SPAMers probe
the net to find the sites. when a site is found, the SPAMer sends
a single e-mail to the site with thouhands of addresses, and the
site obligingly sends out thousands of individual e-mails. By
cutting off teh site and sending reject messages back to the postmaster
at that site whenever a SPAM is received, the anti-SPAM client
software eventually gets the sysadmin's attention, and the sysadmin
then reconfigs the mailer. ORBS isn't terribly choosy about
who gets on the list: anyone can send a candidate IP address, and
ORBS then does an automated test to see if it is an open realy.
If so, it goes on the list. ORBS periodically checks to see if the
site is still an open realy, if not, it comes off the list.

MAPS lists open relays and also lists other sites. Getting
listed and de-listed requires human intervention, so the lsit is
more accurate. It's run by a volunteers who are sysadmins, and it
looks very good.

The MAPS site did an experiment to check out the "remove" scheme.
they set up an e-mail address, and then wuse it for absolutely
nothing whatwoever but making a single "remove" request from
a single SPAM. Then the wait. sure enough, they start getting
SPAM from many sources. This is ome of their most effective
ways of identifying new SPAM-friendly sites.

The philosopy and tactics for the sites make fascenating reading.
Check them out.

http://maps.vix.com/tsi

http://www.orbs.org

• Next message: NetSurfer: "Re: Spam"
• Previous message: Michael S. Lorrey: "META: LAW: Brady Bill update"
• In reply to: Spike Jones: "Re: Junk mail and rotting web (SPAM)"
• Next in thread: mark@unicorn.com: "Re: Junk mail and rotting web (SPAM)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 15:03:00 MST