John Rudd wrote:
Marc Perkel wrote:
My thinking on this is that if we had better automated reporting then
spammers could be shut down at the source and we could reduce spam
that way. I think what needs to happen is to develop some sort of
auto-reporting of spam process that's easy and tie in ISPs and the
big boys into the databse so that a surge of reports could auto
shutdown spammers.
I'm trying an experiment with Yahoo, Gmail, Hotmail, etc. where I'm
forwarding all Hotmail spam to [EMAIL PROTECTED], yahoo spam to
[EMAIL PROTECTED] with the idea of shutting down the perps at the source.
What do you all think of this. Can we build a tool or a web service
that gathers and stores abuse info and turns IP addresses and domain
names into abuse addresses and do automatic reporting?
Auto-reporting is a colossally bad idea.
a) One person's trash is another person's treasure. Similarly, one
person's treasure is another person's trash.
b) Being blacklisted for a false-positive is inexcusable.
c) Being blacklisted due to stupid-user reports is also inexcusable.
d) flooding an abuse address with messages that may or may not
actually be spam is also inexcusably rude.
The only way to prevent the problems that are caused by these is to
insist upon some level of human review of the message before it is
sent on to an external mechanism or process.
You shouldn't automatically send things that SA (or any other spam
detector) said was spam to the related abuse@ address ... because the
spam detector may be wrong. What if you're sending them a bunch of
false positives? That just undermines YOUR credibility with the
abuse group you're reporting to, making community anti-spam efforts
HARDER instead of easier.
Further, a deluge of spam is not helpful. An analysis of the problem
("your web server is sending this out through your outbound mail
gateway, and it looks like you've got a broken submit form on the web
server") followed by links to evidence (copies of the messages) that
backs up the analysis is FAR more useful than just forwarding the
alleged spam itself.
I agree it would have to be done right. Here's what I'm thinking is that
autoreporting could go to a screening system that would track these auto
generated complaints. A few complains wouldn't cause anything to happen
but lest say the complaint rate is coming in really fast. That would
indicate a problem. For example, say I'm Comcast and I see hundreds of
complains coming it for a dynamic IP. They probably have a virus.
Software could shut down port 25 or at least rate limit it until someone
can look into it.
