Date: Fri, 19 Jul 2002 12:45:41 +0100 (GMT/BST) From: Digby Tarvin <[EMAIL PROTECTED]> Subject: Re: Re[2]: [LIB] A special powful tool
> I know this doesn't help you *now* but may I recommend to you and others > that you use different email addresses for every place thats likely to be > picked up by spammers (easiest done by registering a domain then having > <random something here>@<yourdomain> ... yes it costs money but then so do > most decent email services now, besides think about the amount of time you > waste to spam anyway ... that's why the address I use for this list looks a > bit weird for instance) ... that way at least you know where they picked > your email address from (so you can take action) and you can disable that > account (or even better, get it to redirect back to the spammers ;-) > Actually I do do that to some extent. I use a forwarding service to forward mail to a login account on my ISPs machine, which in turn forwards it to a pop3 mailbox which my home machine polls on connecting to the net. So I should expect most spam to come via the same route if my address were harvested from my net activity. Or alternatively try to route straight back to my machine if they ignore the Reply-To line. But 80% of the spam goes to the un-published and un-used (except by the forwarding service) ISP addresses. This could imply the forwarders list was compromised, but I also get spam direct to my pop3 account, which is only referenced in the .forward on my IPS login account, so that suggests someone is getting lists from ISPs.... > >Most people seem to think setting up filters is the best way to handle > >spammers, but that seems a bit irresponsible to me, as having all the > >knowlegeable users hiding behind filters just leaves the > >nieve net users at the mercy of the crooks. > > I guess you could say that but you could also extend this to saying that > putting a burglar alarm on your house is irresponsible because it > encourages burglars to ignore your house and go for your neighbor. Now that > filters are so easy to set, filtering email clients so widely used and that > most ISPs have tutorials on the subject I think we could use filters with a > clear conscience ;-) I don't think it is purely a knowledge/expertise issue. For those of us on a dial up line that have to pay for connect time or amounts of data transferred, there is no advantage in filtering out the spam once it gets on our machines - we have already paid for the transfer by then. And what is particularly annoying is the fact that while the proportion of spam vs real mail is about 50/50, the spam messages are typically about 10 times larger because they are filled with all the HTML dross that so appeals to advertisers.. If I had an ADSL connection at home, this would not be such a problem, but it would still irk me that so much of the nets bandwidth was being soaked up by these bozos, and if nobody bothers to report the open relays, there will be nothing to keep the bad guys in check.. As far a burglar alarms are concerned, I take your point, but I have always felt that it is better to use a silent alarm designed to catch the thief than simply trying to look like a less appealing target than your neighbour. Of course if I could get away with it, I would go for the bear trap style of anti-burglary devices... Besides, I think a better analogy would be putting in soundproofing so you don't get disturbed by the screams of people being mugged outside. Those that can setup filters are not in any danger of being taken in by any of the scams - for them it is just an annoyance. What I find incomprehensible is the pre-occupation of the authorities with censoring the net to stop people having access to things that it is demeed they shouldn't have access to, but there is no concern about predators that actively practice fraud and deception. > >I sometimes think it would be worth buying one of these email lists > >that are constantly being advertised (obviously with my name on the > >list, so that more people can spam me...), and using it to send details > >of the spammer to everyone on the list. Given that the premise of > >spam is that if you send a scam message to a large enough group > >of people, even a small percentage of suckers out there to make you > >some serious money - I think I could similarly count on the small > >percentage that are homicidal psychotics so that the spammer would > >make Osama Binladen look like a good insurance risk.... > > Good idea but the problem is many spammers spoof their email addresses > (I've had that happen before when trying to report them myself) ... you end > up taking action against someone who had nothing to do with the spam and > THAT can get you into an awful lot of trouble. If what I hear is correct, > companies have been sued after retaliatory hack attacks that ended up at > the wrong place because of spoofing for instance. Absolutely - that is why the purchase would be necessary. The e-mail address is useless, as anyone who bothers to report spam will know. You have to use the mail forwarding headers, which will only reliably allow you to trace it back system doing immediate delivery to your domain. Sometimes it is the spammers machine, but more often it is just a system with a clueless admin that has left an open relay. All you can do is report the incident to them, and hope they have the expertise to follow it back the next step in the chain. Or at least they should close their open relay. To nail the perpetrator, you have to follow the money. The the scam to work, they need a way to accept payment. They either give a phone number or e-mail address or some other form of contact. Normally the former, as e-mail addresses can be reported to the host system administrator. Tell them you don't have a credit card and want to mail a cheque. If they give a post box number and no contact details, send them a big cheque that you forget to sign, and wait to be contacted.. (you probably want to open a special bank account for this - one with no money in it..) They'll have to provide a name for the cheque and an address to send it to. Talk to the guy, gain his confidence, make promises that make them think a lot of money will come their way (ie use their own scam against them) - Basically you have to do your homework. Perhaps we could push this as a worthy sport to replace fox hunting... No right minded person could object to a few spammers getting torn to pieces by a pack of hounds... > >Plus it would be the perfect crime for whoever did it. Can you imagine > >the poor homicide detectice being handed the list of people with a > >motive... > > *grins* ... *sigh* if only it were possible ;-) amen. Anyone know of a good anti-spammer mailing list.... DigbyT -- Digby R. S. Tarvin [EMAIL PROTECTED] http://www.cthulhu.dircon.co.uk ************************************************************** http://libretto.basiclink.com - Libretto mailing list http://www.silverace.com/libretto/ - Archives -------TO UNSUBSCRIBE------- Reply to any of the list messages. The reply mail should be addressed to: [EMAIL PROTECTED] - Then replace any text on the message's subject line: cmd:unsubscribe --------TO UNSUBSCRIBE DIGEST------ Do above but with this on subject line: cmd:unsubscribe digest **************************************************************
