Re: spam harvesting
On Sun, Sep 01, 2002 at 09:04:32AM -0500, Jeremy Blosser wrote: On Sep 01, Peter T. Abplanalp [[EMAIL PROTECTED]] wrote: On Sat, Aug 31, 2002 at 04:31:54PM -0700, Will Yardley wrote: Yes, but it's much less likely to happen... a spammer would have to go to a lot of effort (comparatively) to sign up for a list like this... and spamming a list of largely technical people would be dumb anyway. i disagree. it would be trivial to set this up. i could set up a system in less than half an hour that would harvest the email addresses of posters. anyone who thinks that spammers aren't smart enough to do this is deluding themselves. even if the spammers weren't smart enough, they could pay someone who was to do it. You are correct in theory, but wrong in practice. The simple fact is that they aren't mining lists (yet), and avoiding posting your address online does prevent them from finding you as easily. Simple evidence: the web This hasn't been my experience, the vast bulk of the spam I get is (I believe) from putting my address onto web sites when I buy stuff on line etc. I ve started using a different address for usenet postings and that address has had no mail set to it at all since I started using it, that was some months ago now. So my conclusion is that E-Mail addresses on Usenet at least are *not* harvested, at least not on the groups I frequent. -- Chris Green ([EMAIL PROTECTED])
Re: spam harvesting
On Sat, Aug 31, 2002 at 04:31:54PM -0700, Will Yardley wrote: Yes, but it's much less likely to happen... a spammer would have to go to a lot of effort (comparatively) to sign up for a list like this... and spamming a list of largely technical people would be dumb anyway. i disagree. it would be trivial to set this up. i could set up a system in less than half an hour that would harvest the email addresses of posters. anyone who thinks that spammers aren't smart enough to do this is deluding themselves. even if the spammers weren't smart enough, they could pay someone who was to do it. It's much more likely for addresses to get harvested from a list archive, since a crawler will find them. it is much more likely that the spammers will use every means at their disposal and to think up new ones all the time. i do feel for those poeple that have to manage large email systems. i can see that they have it worse than i. all i have to do is filter my own email. i do this using spam assassin and see hardly any spam in my inbox. i do, however, agree with sven and the couple others that say hiding is not the answer. you just can't hide effectively as we've pointed out. you could disconnect yourself from the network. that would be effective hiding. -- Peter Abplanalp Email: [EMAIL PROTECTED] PGP: pgp.mit.edu msg30603/pgp0.pgp Description: PGP signature
Re: spam harvesting
On Sep 01, Peter T. Abplanalp [[EMAIL PROTECTED]] wrote: On Sat, Aug 31, 2002 at 04:31:54PM -0700, Will Yardley wrote: Yes, but it's much less likely to happen... a spammer would have to go to a lot of effort (comparatively) to sign up for a list like this... and spamming a list of largely technical people would be dumb anyway. i disagree. it would be trivial to set this up. i could set up a system in less than half an hour that would harvest the email addresses of posters. anyone who thinks that spammers aren't smart enough to do this is deluding themselves. even if the spammers weren't smart enough, they could pay someone who was to do it. You are correct in theory, but wrong in practice. The simple fact is that they aren't mining lists (yet), and avoiding posting your address online does prevent them from finding you as easily. Simple evidence: the web sites I admin that require my address to be posted on them get almost nothing but spam to those addresses, and have for years. The ones I admin that I only post a link to my website on (which in turn doesn't have an email link but pretty much says anyone with a brain can figure out how to mail me based on the site host name) do not get spam. Also, I posted for years to these mutt lists using a -mutt address, and never got a single spam to that address. Within minutes of posting my first feedback to the mutt bug tracking system, I was receiving spam to this address (the BTS posts full, unobfuscated messages on the web; the bugs themselves receive enough spam to make reading the bug logs a serious pain). It is of course accurate to say that spammers aren't mining lists directly because they don't need to yet, and if everyone hid their address from web pages, they would probably start doing this. Nevertheless, it does work to hide your address now, and works quite effectively, and it's silly to claim it doesn't. As I noted before, none of these things are complete solutions, but they all contribute to the solution. i do feel for those poeple that have to manage large email systems. i can see that they have it worse than i. all i have to do is filter my own email. i do this using spam assassin and see hardly any spam in my inbox. i do, however, agree with sven and the couple others that say hiding is not the answer. you just can't hide effectively as we've pointed out. I appreciate you feeling for us, but if you want to help, please do try to see the big picture, and work to know the enemy. We can't fight them if we fight them as we would be if we were them, we can only fight them if we fight them as they are. (BTW, if anyone thinks calling them the enemy, etc. is overly melodramatic, remember that spam in recent years has moved more and more from printer toner to all manner of pr0n, beastiality, etc. spams, and many of us are stuck trying to keep our bosses and spouses and parents and kids from being assulted with that trash.) msg30605/pgp0.pgp Description: PGP signature
Re: spam harvesting
On Sun, 1 Sep 2002, Jeremy Blosser wrote: (BTW, if anyone thinks calling them the enemy, etc. is overly melodramatic, remember that spam in recent years has moved more and more from printer toner to all manner of pr0n, beastiality, etc. spams, and many of us are stuck trying to keep our bosses and spouses and parents and kids from being assulted with that trash.) Spam is a problem. Hiding from it doesn't solve it, though. There's two solutions to protecting the user from the lion. One is putting the lion into the cage, the other is caging the user. One of them is wrong. You probably can tell which one. You've put bosses, spouses, parents and kids in the same cathegory. I'm not sure your kids/spouse knows you're censoring their email, are informed about the risks, and approve of that. Few spouses are, if your kids are young they shouldn't be surfing the net alone. If they're a bit bigger you should educate them, so they can tell shit from shinola on their own. This will help you, and them, especially when you're not there to look over their shoulders. The problem of spam is easily solvable for technically proficient users. Depening on your philosophy, install SpamAssassin/Vipul's Razor or a tagged message delivery system, and set up a few filters on MUA's side. Once in a while check into the Spam folder, looking for misflagged messages. Checking sender and subject is sufficient for that. Problem solved. If you're feeling like it, you can offer this as a commercial service. If your venture flops (as it is to be expected), you will know that people don't consider spam a big enough problem to pay a token amount for having their email screened. /offtopic
Re: spam harvesting
On Sun, 1 Sep 2002, Eugen Leitl wrote: if your kids are young they shouldn't be surfing the net alone. If they're a bit bigger you should educate them, so they can tell shit from shinola on their own. This will help you, and them, especially when you're not there to look over their shoulders. + Sorry That aint how REAL educashion works. You dont--indeed, cannot--teach about the good by immersion in, or even mere exposure to, the bad. Bank tellers/cashiers are trained to immediately recognize `counterfeit' bills by handling ONLY the good stuff, so-called. My use of quotations above gives reference to America's, and I s'pose ev.y other nation's, use of counterfeit currency. The Federal Reserve System is the world's largest purveyor of counterfeit currency. Today's Federal Reserve Note is one of our largest scams, since to qualify as a note ones paper must contain 4 things: A Payer, a Payee, an agreed upon something to be paid in, and a maturity date. Today's FRNs contain none of these things. To which one mite reply: `Yes, but they enable me to buy whatever I want.' Which is true, but doesnt mention it is the cause for America's National Debt of about 6 trillion $US which increases about $US5000.00/second, and to mention, the underlying cause of the failure of all other national currencies world-wide grin! So in actuality, even bank tellers arent trained to recognize Bogus Bill's bogus bills (or King George (Bush) 's Kinky Kurrency, neither, f'r a' that. ;-/ And we deny the world has reason to call us 'murkins `Ugly Americans' I may not know much about Mutt, but I do understand somewhat the processes of civil society, and what is causing their destruction. Of the two Mutt is the lesser in import and influence in all our lives. The more important not only explains why Billy Gates is worth 400 billion $US (+/-), but also why he [prob.ly] has to borrow a buck to buy a coke. Thanks for dialoguing! 1september sundaY2.002kenn 1RmSchlHse
Re: spam harvesting
On Sep 01, Eugen Leitl [[EMAIL PROTECTED]] wrote: The problem of spam is easily solvable for technically proficient users. Depening on your philosophy, install SpamAssassin/Vipul's Razor or a tagged message delivery system, and set up a few filters on MUA's side. Once in a while check into the Spam folder, looking for misflagged messages. Checking sender and subject is sufficient for that. Problem solved. If you're feeling like it, you can offer this as a commercial service. If your venture flops (as it is to be expected), you will know that people don't consider spam a big enough problem to pay a token amount for having their email screened. Next time please bother to read the thread you're replying to. Thanks. msg30613/pgp0.pgp Description: PGP signature
Re: spam harvesting
On Sat, Aug 31, 2002, Jeremy Blosser wrote: No, I will feel chained to my mail servers as people take that attitude, which has the nice effect of making it so they don't see the spam in their inbox, but the mail servers still see it and have to not only deal with it as normal, but also have to deal with the added processing introduced by determining if each and every message is spam or not, and what to do with it if it is (bounce it, eat it, or add it to Vipul's database or the local bogofilter lists, etc.). FWIW, I use Panix for my shell. They have Spamassassin installed system-wide. So anyone who wants to use it can put an INCLUDERC in their procmailrc to enable it. And of course you have your own prefs for it. But what they ask is for people to put it at the end of the procmailrc to reduce overhead as much as possible. Oh, we're also having to continually change our tactics as the spammers do the same. Within days of implementing Vipul's (initially bouncing spam mails to protect against false-positives as we tested the effects it was having) we started getting spam with the forged return addresses set to inside our network, so that when the mails bounced they bounced right into user mailboxes[1]. I've been noticing that one too. I'm not familiar with Vipul's or TMDA, but Spamassassin has a rule for when the From: and To: are the same. [2] BTW, if you get a clever idea for a new spam blocking system, please don't write it in perl. Anything that a serious mail server has to run per every message damn well better be in C or better. Oh. :) -Ken
Re: spam harvesting
On Sun, 1 Sep 2002, Ken Weingold wrote: On Sat, Aug 31, 2002, Jeremy Blosser wrote: No, I will feel chained to my mail servers as people take that attitude, which has the nice effect of making it so they don't see the spam in their I didn't realize the guy was arguing from a mail admin point of view. I've been noticing that one too. I'm not familiar with Vipul's or TMDA, but Spamassassin has a rule for when the From: and To: are the same. I think from the ISP mail server admin's point of view he should wish to shift the CPU load to the end user. He has allready paid for the peer traffic, and now he could at least doesn't pay for ridiculous amounts of rackmount boxes. [2] BTW, if you get a clever idea for a new spam blocking system, please don't write it in perl. Anything that a serious mail server has to run per every message damn well better be in C or better. Oh. :) I think the bottleneck is pattern matching. As such it doesn't matter, as Perl's regexp stuff is highly optimized C.
Re: spam harvesting and spam whiners
* Aaron Goldblatt [EMAIL PROTECTED] [2002-08-31 16:04]: an fyi so yall know it's happening, my email address used exclusively for mutt-users and mutt-dev has been harvested for spam. i believe i posted to mutt-users exactly once, and never to mutt-dev. so what? i got *seven* posts from you here - unless you have some enemies acting as imposters. ---snip--- AS SEEN ON NATIONAL TV: Making over half a million dollars every 4 to 5 months from your home for an investment of only $25 U.S. Dollars expense one time THANKS TO THE COMPUTER AGE AND THE INTERNET! ---blahblahblah--- what kind of proof is that? heh? you do know that the lists are archived and can be read via http? you do know about addresses harvesters which grep the web? do the math. Message-ID: 3D70A2B5.22121.36488AC@localhost and give yer host an fscking name, dammit! X-mailer: Pegasus Mail for Windows (v4.02) the nerve! spam happens! stop whining. Sven === Mutt 1.4i: =IN/MUTT (mailbox-order) [7/46110] [NEW=39736] [~f goldblatt] 34017 N L 011203 Aaron Goldblatt ( 26) Locking mboxes 34060 N L 011203 Aaron Goldblatt ( 72) Re: Locking mboxes 34122 N L 011204 Aaron Goldblatt ( 9) Re: Locking mboxes 42862 NsL 020520 Aaron Goldblatt ( 44) gpg return mangling display 42906 NsL 020522 Aaron Goldblatt ( 37) Re: gpg return mangling display 43595 N L 020610 Aaron Goldblatt ( 10) Re: GnuPG - verify signatures 46110 L 020831 Aaron Goldblatt ( 15) spam harvesting
Re: spam harvesting
Alas! Aaron Goldblatt spake thus: an fyi so yall know it's happening, my email address used exclusively for mutt-users and mutt-dev has been harvested for spam. i believe i posted to mutt-users exactly once, and never to mutt-dev. What did you want us to do about it? Spammers exist, and they harvest email addresses from wherever they can get them. Sounds like it might be time to install spamassassin. -- Rob 'Feztaa' Park http://members.shaw.ca/feztaa/ -- I'm hungry, time to eat lunch. msg30580/pgp0.pgp Description: PGP signature
Re: spam harvesting
On Aug 31, Aaron Goldblatt [[EMAIL PROTECTED]] wrote: an fyi so yall know it's happening, my email address used exclusively for mutt-users and mutt-dev has been harvested for spam. i believe i posted to mutt-users exactly once, and never to mutt-dev. Blame the people that are archiving this list on the web without obfuscating the addresses. msg30583/pgp0.pgp Description: PGP signature
Re: spam harvesting
* Jeremy Blosser [EMAIL PROTECTED] [2002-08-31 18:46]: On Aug 31, Aaron Goldblatt [[EMAIL PROTECTED]] wrote: .. my email address used exclusively for mutt-users and mutt-dev has been harvested for spam. i believe i posted to mutt-users exactly once, and never to mutt-dev. Blame the people that are archiving this list on the web without obfuscating the addresses. no - blame the spammers! making information unusable for serious use just because of people misuing it is a step backwards. Sven -- ANTI-SPAM URLs http://tmda.net/ http://www.cauce.org/
Re: spam harvesting
On Sat, 31 Aug 2002 the mental interface of Jeremy Blosser told: On Aug 31, Aaron Goldblatt [[EMAIL PROTECTED]] wrote: an fyi so yall know it's happening, my email address used exclusively for mutt-users and mutt-dev has been harvested for spam. i believe i posted to mutt-users exactly once, and never to mutt-dev. Blame the people that are archiving this list on the web without obfuscating the addresses. Isn' it possible to check the puplic archives? Ciao Elimar -- Never make anything simple and efficient when a way can be found to make it complex and wonderful ;-) -- msg30585/pgp0.pgp Description: PGP signature
Re: spam harvesting
On 13:44 31 Aug 2002, Jeremy Blosser [EMAIL PROTECTED] wrote: | On Aug 31, Aaron Goldblatt [[EMAIL PROTECTED]] wrote: | an fyi so yall know it's happening, my email address used exclusively | for mutt-users and mutt-dev has been harvested for spam. i believe i | posted to mutt-users exactly once, and never to mutt-dev. | | Blame the people that are archiving this list on the web without | obfuscating the addresses. Feh. If the addresses are mechanically munged, and decodable by humans reading the archive, then the munging can be undone by address harvesters. And since they don;t care about 100% accuracy, they only have to get it mostly right. Personally, I have long considered hiding from spammers a waste of effort. A laudable ideal perhaps, but futile. Install spamassassin or one of the newer Bayesian filters and cease to hide. You will feel freer. Cheers, -- Cameron Simpson, DoD#743[EMAIL PROTECTED]http://www.zip.com.au/~cs/ THE LOST WORLD is based on (so loosely as to re-define based on as with the same title as) Michael Crichton's sequel novel, which introduced us to a second island where dinosaurs were being genetically engineered. - Scott Renshaw on _Jurassic_Park_'s sequel
Re: spam harvesting
On Sat, Aug 31, 2002 at 11:04:21AM -0500, Aaron Goldblatt wrote: an fyi so yall know it's happening, my email address used exclusively for mutt-users and mutt-dev has been harvested for spam. i believe i posted to mutt-users exactly once, and never to mutt-dev. Hi Aaron, Sorry you got spammed. Unfortunately even if this list weren't archived with our email-addresses intact the list could still be mined for addresses by someone who just signed up to the list and listened. Unless the spammer was a total idiot there would be no way to tell them apart anybody else on the list who is just a listener. Since there is now way to tell the innocent from the guilty there would is no way to stop it. I use procmail and it stops most of the spam using RBLS lists. There are some relatively new schemes out there which, if widely adopted will actually put a virtual stop to spam. My favorite for best technical solution is called Camram. http://www.camram.org My favorite for Most gratifying solution is to find the SOB's and description of various extreme acts deleted 'em. Unfortunately that's probably illegal. Too bad. -- Jeff Kinz, Director, Emergent Research, Hudson, MA. [EMAIL PROTECTED] copyright 1995-2002. Use restricted to non-UCE uses. Any other use is an acceptance of the offer at http://www.ultranet.com/~jkinz/policy.html. [EMAIL PROTECTED] copyright 2002. Use is restricted. Any use is an acceptance of the offer at http://users.rcn.com/jkinz/policy.html. (¬_-o) //\ eLviintuaxbilse/\\ V_/_ _\_V
Re: spam harvesting
[EMAIL PROTECTED] wrote: On Sat, Aug 31, 2002 at 11:04:21AM -0500, Aaron Goldblatt wrote: an fyi so yall know it's happening, my email address used exclusively for mutt-users and mutt-dev has been harvested for spam. i believe i posted to mutt-users exactly once, and never to mutt-dev. Unfortunately even if this list weren't archived with our email-addresses intact the list could still be mined for addresses by someone who just signed up to the list and listened. Unless the spammer was a total idiot there would be no way to tell them apart anybody else on the list who is just a listener. Yes, but it's much less likely to happen... a spammer would have to go to a lot of effort (comparatively) to sign up for a list like this... and spamming a list of largely technical people would be dumb anyway. It's much more likely for addresses to get harvested from a list archive, since a crawler will find them. -- Will Yardley input: william @ hq . newdream . net .
Re: spam harvesting
On Sat, Aug 31, 2002 at 04:31:54PM -0700, Will Yardley wrote: [EMAIL PROTECTED] wrote: On Sat, Aug 31, 2002 at 11:04:21AM -0500, Aaron Goldblatt wrote: an fyi so yall know it's happening, my email address used exclusively for mutt-users and mutt-dev has been harvested for spam. i believe i posted to mutt-users exactly once, and never to mutt-dev. Unfortunately even if this list weren't archived with our email-addresses intact the list could still be mined for addresses by someone who just signed up to the list and listened. Unless the spammer was a total idiot there would be no way to tell them apart anybody else on the list who is just a listener. Yes, but it's much less likely to happen... a spammer would have to go to a lot of effort (comparatively) to sign up for a list like this... and spamming a list of largely technical people would be dumb anyway. It's much more likely for addresses to get harvested from a list archive, since a crawler will find them. Hi Will, nice to hear from you. Yes, you're quite right, a crawler harvesting from the archive is more likely than a harvesting listener. My point was that in the long run it makes no difference. Even if email addresses are obscured in the archive the spammers can still harvest from the list. Some already do this although perhaps not this list yet. (We can only hope.) I still like my Most gratifying Solution. :) My favorite for Most gratifying solution is to find the SOB's and description of various extreme acts deleted 'em. Unfortunately that's probably illegal. Too bad. -- Jeff Kinz, Director, Emergent Research, Hudson, MA. [EMAIL PROTECTED] copyright 1995-2002. Use restricted to non-UCE uses. Any other use is an acceptance of the offer at http://www.ultranet.com/~jkinz/policy.html. [EMAIL PROTECTED] copyright 2002. Use is restricted. Any use is an acceptance of the offer at http://users.rcn.com/jkinz/policy.html. (¬_-o) //\ eLviintuaxbilse/\\ V_/_ _\_V
Re: spam harvesting
On Aug 31, Sven Guckes [[EMAIL PROTECTED]] wrote: * Jeremy Blosser [EMAIL PROTECTED] [2002-08-31 18:46]: On Aug 31, Aaron Goldblatt [[EMAIL PROTECTED]] wrote: .. my email address used exclusively for mutt-users and mutt-dev has been harvested for spam. i believe i posted to mutt-users exactly once, and never to mutt-dev. Blame the people that are archiving this list on the web without obfuscating the addresses. no - blame the spammers! making information unusable for serious use just because of people misuing it is a step backwards. Hint: putting your hands over your eyes and saying you can't see me! does not, in fact, make you invisible. Put your real address online all you want. They will see you, and your mail servers will scream. msg30597/pgp0.pgp Description: PGP signature
Re: spam harvesting
On Sep 01, Cameron Simpson [[EMAIL PROTECTED]] wrote: On 13:44 31 Aug 2002, Jeremy Blosser [EMAIL PROTECTED] wrote: | On Aug 31, Aaron Goldblatt [[EMAIL PROTECTED]] wrote: | an fyi so yall know it's happening, my email address used exclusively | for mutt-users and mutt-dev has been harvested for spam. i believe i | posted to mutt-users exactly once, and never to mutt-dev. | | Blame the people that are archiving this list on the web without | obfuscating the addresses. Feh. If the addresses are mechanically munged, and decodable by humans reading the archive, then the munging can be undone by address harvesters. And since they don;t care about 100% accuracy, they only have to get it mostly right. Anything they have to do is more cost for them, and means less of them are able to do it. And they aren't known for being bright, either. (At some point, for example, they appear to have determined that addresses of the form '[EMAIL PROTECTED]' are munged forms of '[EMAIL PROTECTED]', which is completely backwards.) Personally, I have long considered hiding from spammers a waste of effort. A laudable ideal perhaps, but futile. Install spamassassin or one of the newer Bayesian filters and cease to hide. You will feel freer. No, I will feel chained to my mail servers as people take that attitude, which has the nice effect of making it so they don't see the spam in their inbox, but the mail servers still see it and have to not only deal with it as normal, but also have to deal with the added processing introduced by determining if each and every message is spam or not, and what to do with it if it is (bounce it, eat it, or add it to Vipul's database or the local bogofilter lists, etc.). The mail servers I support are currently bouncing (or eating) upwards of 20% of their incoming mail volume as spam, on a system that sees upwards of 130k messages per week. We've managed to keep our users from seeing most of their spam using a combination of Vipul's Razor and some local filters, but we admins are having to deal ever more with the effect of it, upgrading and expanding our infrastructure and switching our blocking attempts to more efficient ones as they become available. (We're probably going to have to switch from Vipul's to DCC soon, just to save a little on the network overhead. And we'll be implementing bogofilter as soon as ESR completes the daemonization of it; we can't even consider the overhead until then.) They are of course sites that see much more mail than we do, and I'm sure they have it much worse. Oh, we're also having to continually change our tactics as the spammers do the same. Within days of implementing Vipul's (initially bouncing spam mails to protect against false-positives as we tested the effects it was having) we started getting spam with the forged return addresses set to inside our network, so that when the mails bounced they bounced right into user mailboxes[1]. Note that the same exact tactic *will* work against TMDA-like systems, and will render them completely useless. You can't use TMDA if sending the reply means getting the spam, and preventing yourself from seeing your bounces is asking for trouble and a complete non-option in enterprise environments (we stopped bouncing Vipul spams and just eating them and just hoped for the best false-positive wise, but this isn't an option in a system that depends on sending replies to let legit mail through). You can guard your bounces with something like Vipul's or bogofilter, but that's more overhead. And the more of them that use this method, the less useful TMDA is to actually block spam. This does of course require the spammers to use their own systems to send mail one-to-one instead of dumping on relays, but at least some of them are apparently willing to do it. I am not suggesting that the spam-detection methods aren't useful, but neither are they a complete solution to the problem, and it's negligently naive to think they are. The same is of course true of *just* hiding your address. We need to make spam completely undeliverable by any means at our disposal as soon as possible so they have to just give it up and go get real jobs. And we'll still have to bear the processing burden of checking each and every mail[2] to make sure it stays undeliverable, forever, so the never have the option of starting again. [1] A few of these bounces came with what has to be one of the most fscking evil things ever said by a spammer: This email was sent to you via Saf-E Mail Systems.nbsp; Your email address was automatically inserted into the To and From addresses to eliminate undeliverables which waste bandwidth and cause internet congestion. Your email or webserver bIS NOT /bbeing used for the sending of this mail. [2] BTW, if you get a clever idea for a new spam blocking system, please don't write it in perl. Anything that a serious mail server has to run per every message damn well better be in C or
