Internet Is Losing Ground in Battle Against Spam

NY Times ^ | April 22, 2003 | SAUL HANSELL

[Pharmboy]

LOL!!

[TheSpottedOwl]

Two faces down, 53 to go. Anybody know a good manufacturer of custom playing cards?

They look like mimes, which are almost as irritating as getting 485 pieces of junk in your bulk mail folder.

[ErnBatavia]

I'm an admitted lightweight, so I continue to have AOL since that's what I learned on....I have no idea what I did right in setting up my mail controls (I have only three sending addresses blocked), but I get maybe one spam (unknown sender) mail every three or four weeks.

I do a lot of mailing, and get a lot of mail - just extremely rare to get stuff I don't want.

Maybe I'm just lucky!

[Obi-Wandreas]

I have to agree. I've been using OS X Mail's spam filter since Jaguar was released. It gets those dang spams out of my way. It doesn't hurt the spammers, but it keeps them from annoying me.

Another thing to do to avoid spam: DO NOT READ HTML FORMATTED EMAIL. The formatting is embedded in the mail, but the images are generally on a separate server. By simply reading the mail, your computer has to fetch the images, thus letting the spammers know that you are a live email address, causing them to spam you more (sadly, this is what most unsubscribe links do also). Any decent email program can be set to not render the images.

Combine that with the fact that you can embed a virus in html email which would be launched by simply reading it, without even opening an attachment, and that leads you to one conclusion:

A smart person avoids HTML formatted email.

[redheadtoo]

There is no point in trying to enact laws to stop these people. We need to hunt them down and kill them.

I have been waging a personal war against porn producers who have been targeting me. On my main e-mail account I have had to use five of my eleven filters to screen out porn. I block anyone who sends me porn and report them as spammers to my e-mail provider. With all of this effort I cannot go more than three days without receiving porn spam. I enbled my most recent filter last Sunday, after pornographers decided to send me a "gift" for Easter.

[steve-b]

There are a lot of extremely angry people out there that will now be aiming spam at THEIR private email accounts, signing them up for magazine subscriptions, etc ... and they deserve every bit of what they get.

Did you see the story about Alan Ralsky getting buried in junk snail-mail and whining about it? Hey, Al -- karma's a bitch!

[steve-b]

Spammers: one legitimate use for Uday's shredder....

[B Knotts]

http://spamassassin.org/

[jimt]

For her part, Ms. Sachs, the e-mail marketer, says that any such move would only end up making it harder to run a legitimate business.

But that's just the point - she is NOT running a legitimate business. She's stealing bandwidth and space that others pay for.

I want to see a "Do Not Spam" list like the do not call lists, and fat fines for those who violate them.

Spammers are scum.

[Voltage]

Mozilla (www.mozilla.org) is a web browser and e-mail client which includes Bayesian filtering. It's free, just download it.

The filtering improves with time, but I think I have probably approached its peak after about 3 weeks of use. It's about 95% effective in detecting spam and sending it to the spam folder automatically.

But there is a downside, of that 95% it thinks is spam perhaps 3% is not spam. So in order to not delete e-mails you want you have to review what it thinks is spam. You can do this quickly because it puts it all together for easy review, but its still a problem! It still wastes a lot of my time.

The only solution I think can be 100% effective yet consume almost no user time is TMDA (www.tmda.org). It's a 'white list' solution. Unfortunately my ISP doesn't yet offer it.

[evilC]

POPFile is a pretty good Bayesian filter. It should work with any e-mail client. I get about 95% accuracy with it. Regular filters catch most of what POPFile misses.

Mozilla also has an e-mail client with Bayesian filtering built in.

[girlscout]

Yesterday I had to check a co-workers email at the start of the day. There were over 700 spam emails in her in-box with an additional 200+ that had been blocked and went straight to delete. Spam mail has gotten out of hand. The porn crap is VERY graphic -- real good if a kid should be checking the mail.

[TechJunkYard]

I think the solution is rather simple: Make open mail relays illegal.

Some ISPs are restricting who they'll take mail from on this basis. AOL and Earthlink won't take your mail if you're on an IP addy which resolves to a DHCP block, or something other than the domain you present to their server. RoadRunner runs scans and tests on incoming mail servers and won't accept mail from open relays or proxies. Does this help? Not from where I sit, as I'm still getting spam from folks with American-sounding (mostly spoofed) domains, but with IPs which originate in places like China, Hong Kong, Romania, etc. So it's still getting into RoadRunner's network from somewhere, somehow.

The problem with this is that many people are running open relays and proxies and don't even know it. And if they never use it to send mail, it won't ever be detected -- except by spammers running scans. I see several episodes per month, where overseas spammers try to send test e-mails through my mail server. Thus, some misconfigured user gets penalized, while the spammer gets away.

And to stop people from merely moving their email harassment operations outside US borders, make it illegal for US internet companies to accept ANY connections from sites that have open relays ... no web connections, no telnet, no nothing.

This ignores the fact that many overseas ISPs are nothing more than spam relay houses. Now we're talking international commerce. And RoadRunner is taking some heat for doing its port scans.

I think the e-mail users are going to have to combat this problem themselves, as with banners and pop-up ads, with mail filtering and tactics... such as:

• Using a spam-box addy at the top of your e-mails, with your real addy as a "Reply-To" addy.
• Disposable, temporary addys pointing to your real addy, for dealing with businesses on a one-time basis, which get deleted the first time they get spammed.
• NEVER using your real addy on usenet posts or web forms.

[TechJunkYard]

.. DO NOT READ HTML FORMATTED EMAIL. The formatting is embedded in the mail, but the images are generally on a separate server. By simply reading the mail, your computer has to fetch the images, thus letting the spammers know that you are a live email address..

They mainly do this to reduce the size of the e-mail; it's generally impossible to resolve an IP addy in a web server log to an e-mail addy, however if they're using anonymous FTP to retrieve the images, they could learn your addy that way... therefore, DO NOT enter your real e-mail addy into your web browser for anonymous FTP.

[zeugma]

The only problem with this is that it also hits legitimate mailing lists. It's not really so much a problem of someone sending out 200 or even 100 emails, it's the sending of one email that BCCs hundreds of thousands of people. Unfortunately, this can also catch legitimate mail.

I think we'll eventually get to the point where you'll have to have sender confirmation. There are already some systems in place to do this. If we eliminate fake/forged return addresses, it will get rid of a lot of spam. Of course, then spammers will just randomly pick a valid address to send from. Some already do this. A lot of thought is currently being put into how to deal with mail in a better way. The POP protocol was fine back in the day, but it doesn't quite satisfy anymore. It is going to be hard to replace though, as there are also legitimate uses of anonymous mail that should be honored. I've used anonymous remailers before and have found them to be useful tools.

One thing that I'd like to see a lot more of is encrypted/digitally signed mail. I still don't understand the resistance so many people have to encryption.

[TC Rider]

It would be wrong to follow this link and use the email address and phone number there, to sign these people up for spam. Flat out wrong.

http://www.hcdonline.com/jobs/DisplayJob.asp?ID=32572

[tdadams]

I think the only effective solution to stopping spam is to go after the companies that hire spam marketers. In order to sell their product, there has to be a valid link back to their server, or some other traceable information, so tracking them down shouldn't be a problem. It's time for the FBI to set up some sting operations.

[Voltage]

Here are some interesting takes on killing spam: http://www.tmda.net/press.html

Its a whitelist with lots of additional features to make it more practical. I would really like to use it, but my cable internet provider seems uninterested..at least so far. Probably not enough complaints yet.

[zeugma]

AOL and Earthlink won't take your mail if you're on an IP addy which resolves to a DHCP block, or something other than the domain you present to their server. RoadRunner runs scans and tests on incoming mail servers and won't accept mail from open relays or proxies.

I've already run into this. I use sendmail at home to post outgoing mail. I don't accept mail, so can't be a relay, (other than for local users, but that's the way it's supposed to work), but I still can't send mail to a couple of people. I'd rather have the ISPs getting rid of all the jacka$$es that are still beating on my server with code red infections.Rather than just blatantly block all DSL/Cable IPs, it would make more sense to check for open an open relay and accept if it's not present.

[zeugma]

Yup. It would be wrong. It would also be wrong to call 800 numbers culled from spam from payphones as you walk through the mall. Don't do it.