TELECOM Digest OnLine - Sorted: Re: Trial Shows How Spammers Operate

Re: Trial Shows How Spammers Operate

Scott Dorsey (kludge@panix.com)
23 Nov 2004 11:02:08 -0500

Review Index Sorted By: [ date ][ thread ][ subject ][ author ]
Next message: Gary Breuckman: "Re: Anyone Having any Luck With Google Ads?"
Previous message: Nathan Strom: "Re: How Do I Learn an Unknown Number?"
May be in reply to: Monty Solomon: "Trial Shows How Spammers Operate"
Next in thread: Scott Dorsey: "Re: Trial Shows How Spammers Operate"
TELECOM Digest: Home Page

In article <telecom23.558.1@telecom-digest.org>, jdj <jdj@now.here>
wrote:

> On Wed, 17 Nov 2004 03:12:34 -0500, Dan Lanciani wrote:

>> My filters respond to every (seemingly) spam message with a note
>> indicating how to bypass the filter if in fact the mail is not spam.
>> (Actually they do this only once per sender per some months, but you
>> get the idea.) I really can't just dump (seeming) spam in the bucket
>> since there are a few false positives. But I get 1500+ spams per day
>> and I can't look at them all.

> Chances are that your filters are sending responses to forged
> addresses. Occasionally I see messages like that and they are treated
> like spam, since they have nothing to do with me and responding to
> them is useless. They go to /dev/null. Until it's full.

I am totally inundated these days with misidirected challenge/response
messages and bounces from spammers that send out huge amounts of spam
using my e-mail in the return address. It's got to the point where I
just dump anything from mail-daemon or from postmaster addresses, and
I just dump anything that looks like a C/R. When someone does a spam
run with my return address, I will get ten to fifteen thousand bounces
in a 24 hour period. This is very annoying.

You _might_ do a lot better just to extract the first Received: line from
the header and send a complaint to wherever that came from. For example,
take the following procmail rule:

# Comcast dynamic addresses

:0
* ? /usr/local/bin/formail -xReceived: -uReceived: | grep client.comcast.net
|cat $HOME/spam - | Mail -s "Your Spam" abuse@comcast.net

We can basically be sure that if something comes from a dynamically
allocated address on comcast, that it's spam from a zombie machine, so
the false positive rate on this is basically zero. Real mail from
comcast customers comes from the comcast mail server.

Of course, Comcast doesn't care and they won't do anything about the
complaints, but it will make you feel better to report the stuff
anyway. And there are legitimate ISPs that do actually take care of
problems, although these days they are increasingly in the minority.

--scott

"C'est un Nagra. C'est suisse, et tres, tres precis."

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Gary Breuckman: "Re: Anyone Having any Luck With Google Ads?"
Go to Previous message: Nathan Strom: "Re: How Do I Learn an Unknown Number?"
May be in reply to: Monty Solomon: "Trial Shows How Spammers Operate"

Next in thread: Scott Dorsey: "Re: Trial Shows How Spammers Operate"

TELECOM Digest: Home Page

Post Followup Article	Use your browser's quoting feature to quote article into reply
Go to Next message: Gary Breuckman: "Re: Anyone Having any Luck With Google Ads?"
Go to Previous message: Nathan Strom: "Re: How Do I Learn an Unknown Number?"
May be in reply to: Monty Solomon: "Trial Shows How Spammers Operate"
Next in thread: Scott Dorsey: "Re: Trial Shows How Spammers Operate"
TELECOM Digest: Home Page