On Sep 01, Cameron Simpson [[EMAIL PROTECTED]] wrote: > On 13:44 31 Aug 2002, Jeremy Blosser <[EMAIL PROTECTED]> wrote: > | On Aug 31, Aaron Goldblatt [[EMAIL PROTECTED]] wrote: > | > an fyi so yall know it's happening, my email address used exclusively > | > for mutt-users and mutt-dev has been harvested for spam. i believe i > | > posted to mutt-users exactly once, and never to mutt-dev. > | > | Blame the people that are archiving this list on the web without > | obfuscating the addresses. > > Feh. If the addresses are mechanically munged, and decodable by humans > reading the archive, then the munging can be undone by address harvesters. > And since they don;t care about 100% accuracy, they only have to get it > mostly right.
Anything they have to do is more cost for them, and means less of them are able to do it. And they aren't known for being bright, either. (At some point, for example, they appear to have determined that addresses of the form '[EMAIL PROTECTED]' are munged forms of '[EMAIL PROTECTED]', which is completely backwards.) > Personally, I have long considered hiding from spammers a waste of > effort. A laudable ideal perhaps, but futile. Install spamassassin or > one of the newer Bayesian filters and cease to hide. You will feel freer. No, I will feel chained to my mail servers as people take that attitude, which has the nice effect of making it so they don't see the spam in their inbox, but the mail servers still see it and have to not only deal with it as normal, but also have to deal with the added processing introduced by determining if each and every message is spam or not, and what to do with it if it is (bounce it, eat it, or add it to Vipul's database or the local bogofilter lists, etc.). The mail servers I support are currently bouncing (or eating) upwards of 20% of their incoming mail volume as spam, on a system that sees upwards of 130k messages per week. We've managed to keep our users from seeing most of their spam using a combination of Vipul's Razor and some local filters, but we admins are having to deal ever more with the effect of it, upgrading and expanding our infrastructure and switching our blocking attempts to more efficient ones as they become available. (We're probably going to have to switch from Vipul's to DCC soon, just to save a little on the network overhead. And we'll be implementing bogofilter as soon as ESR completes the daemonization of it; we can't even consider the overhead until then.) They are of course sites that see much more mail than we do, and I'm sure they have it much worse. Oh, we're also having to continually change our tactics as the spammers do the same. Within days of implementing Vipul's (initially bouncing spam mails to protect against false-positives as we tested the effects it was having) we started getting spam with the forged return addresses set to inside our network, so that when the mails bounced they bounced right into user mailboxes[1]. Note that the same exact tactic *will* work against TMDA-like systems, and will render them completely useless. You can't use TMDA if sending the reply means getting the spam, and preventing yourself from seeing your bounces is asking for trouble and a complete non-option in enterprise environments (we stopped bouncing Vipul spams and just eating them and just hoped for the best false-positive wise, but this isn't an option in a system that depends on sending replies to let legit mail through). You can guard your bounces with something like Vipul's or bogofilter, but that's more overhead. And the more of them that use this method, the less useful TMDA is to actually block spam. This does of course require the spammers to use their own systems to send mail one-to-one instead of dumping on relays, but at least some of them are apparently willing to do it. I am not suggesting that the spam-detection methods aren't useful, but neither are they a complete solution to the problem, and it's negligently naive to think they are. The same is of course true of *just* hiding your address. We need to make spam completely undeliverable by any means at our disposal as soon as possible so they have to just give it up and go get real jobs. And we'll still have to bear the processing burden of checking each and every mail[2] to make sure it stays undeliverable, forever, so the never have the option of starting again. [1] A few of these bounces came with what has to be one of the most fscking evil things ever said by a spammer: "This email was sent to you via Saf-E Mail Systems. Your email address was automatically inserted into the To and From addresses to eliminate undeliverables which waste bandwidth and cause internet congestion. Your email or webserver <b>IS NOT </b>being used for the sending of this mail." [2] BTW, if you get a clever idea for a new spam blocking system, please don't write it in perl. Anything that a serious mail server has to run per every message damn well better be in C or better.
msg30599/pgp00000.pgp
Description: PGP signature