--- In Anti-spam@yahoogroups.com, "realtimespankingsnvegas"
<realtimespankingsnvegas@...> wrote:
> We have put together a listing of the top spam related categories
> and we are asking you to cut and paste all the Spam you receive into
> the correct Spam categories.

How much are you going to pay us for performing all that labor for you?
I estimate it'd take about 3 minutes per spam to read it and figure
out what category it belongs in. I get several hundred spam per day.
So it would take me maybe a thousand minutes (more than 16 hours)
per day. Will you pay me at least the legal minimum wage for that work?

Instead, why don't you write software to scan spam automatically and
figure out (based on various keywords) what category the spam is in?
Then you write software to automatically slurp everything posted
to news.admin.net-abuse.sightings with [email] in Subject field,
and also slurp everything posted to any of the SpamCopies or SpamFromISP
or SpamFrom/8 groups? Then we could write scripts to automatically
post our new spam to one of those places, and you'd take over from that point.

--- In Anti-spam@yahoogroups.com, Colin-JB <colinjb@...> wrote:
> I've been off-line for sometime due to broadband issues and having
> just got back on-line checked my email.  2000+ spam messages in my
> spam folder.  These had happened in 44 days.  That's a rate off 44 a
> day!  Never before have I had such a problem with my Gmail account.

You need to get Google to change their policy about spam. Instead of
accepting apparent spam and storing it in spam folder, never accept it
in the first place. That way if they make a mistake and reject legitimate
e-mail, the sender will get an immediate non-delivery notice, and will
be able to try a different way to contact you. The way it is now, the
person believes his/her e-mail was delivered, and waits for you to
reply, but you never reply, because you never saw the e-mail.

If Google refuses to refuse incoming apparent spam, get a different
e-mail provider.

> A small while before I went off-line I received an email from someone
> I had never heard of.  It was innocent enough, telling the intended
> recipient all about there recent holiday and how they were hoping to
> meet up in such and such a place.

That's not innocent at all. It's an obvious bulk mail to hundreds of
millions of randomly-generated e-mail address (dictionary attack),
seeing who is stupid enough to reply and thereby reveal their address
to the spammer.

If you're not sure whether it's dictionary attack or legitimate mistake,
search in news.admin.net-abuse.sightings to see whether the same reply
address was reported in bulk e-mail to other people. Also you should report
your own e-mail there so that others can be warned. (After all, if everyone
expects somebody else to warn them, nobody will warn anybody.)

Note: Most people either have a formal "address book" which never makes
a mistake in the address, or use copy&paste from old e-mail to new outgoing
e-mail which very rarely ever generates a mistake. So if this was supposed
to be e-mail to an already-established penpal, it was obviously fake.
First-contact e-mail should always say where you saw the person's address
and why you are trying to establish e-mail contact, and from your description
of the e-mail it wasn't anything like that.

> I responded to there email, suggesting that they had emailed the wrong person.

What do you mea "there"?? Perhaps you mean "their" i.e. his/her??

--- In Anti-spam@yahoogroups.com, rdcchristianson <no_reply@...> wrote:
> Hi, I hope this is the right place to post this.

It seems fine (on topic) to me.

> Here is a link to my blog:
> http://yahoospamcontrols.blogspot.com/index.html

    ... until such time as Yahoo
    starts instituting decent spam controls of their own. All they'd have
    to do is go through their membership base and start deleting certain
    members. There's definitely a pattern. I'm very disappointed that,
    after many months of this, they (a multi billion dollar corporation)
    still have yet to figure this out. A six year old could figure it out.
    My cat could figure it out.

You're making a typical beginner's mistake, thinking
you can recognize all spammer's IDs and texts as
similar to what they did before, and then anything not
fitting that pattern must be legitimate.

It's the other way around. Spammers can create hundreds
of new IDs per hour, per any pattern they want,
including randomly generated patterns unlike anything
previously tried. Spammers can modify the text of their
spam to defeat any pattern matcher. Even the "payload"
(the URL or e-mail address you're suppose to click on
or mail to) can be newly generated hundreds per hour,
including brand-new domain names on "free trial" from
domain registrars.

The only sure way to protect against spam is to require
each new ID to establish a good reputation before the
user of that ID is granted priviledges. At the bare
minimum I recommend:
- First verify that the IP number is within an IP block
    that has a valid WHOIS record with a working
    spam-complaint address that has a good reputation for
    eliminating spammers from use of its IP numbers.
- Next require the new ID pass some sort of Turing
    test, not a Captcha that can be cracked in a fraction
    of a second, but something that demonstrates a real
    human comprehended a question and thought about an
    answer, maybe did a Google search to find the answer,
    and entered the correct answer, which takes a minute
    or two for most people to complete.
- Next allow the person to post a single introductory
    message explaining why he/she wants to obtain an
    account for whatever service we're talking about, such
    as posting to a message board. To protect against
    spammers posting millions of such introductory
    messages, each a megabyte long, totally swamping all
    available storage, limit both the size of each
    introduction (for example 255 characters maximum) and
    the number of new accounts per CIDR (simply divide up
    the available storage among all the possible CIDRs).
- Finaly have already-established non-spamming members
    evaluate these introductory messages to see if they
    sound legitimate.
- Then allow only a limited number of slightly larger messages.
   Let the reputation build up gradually, allowing more
    and more longer and longer messgages from people with
    longer-established still-good reputations.

It will take some programming to implement such a system.
Is there anybody interested in working with me on design of such a system?

> nuala-alexander

Yeah, I got some of those, but I got a bunch of others
too. As soon as I banned a lot of nuala-alexanders, I
got a shitload of some completely different name
spamming in her place. Most of the spam was for Windows
Vista piracy, and one other scam I forgot. Same with you?

--- In Anti-spam@yahoogroups.com, "Denise" <talkabouthorses@...> wrote:
> Just let a new memeber join my group. Sent the group a Hello and
> welcome to SMBQHS@...  and they wrote back Oh your welcome and
> thanks for the spam list. I only have a small group and I banned the
> adr. at once.

Maybe this was a case of miscommunication. Maybe by "list" they meant
mailing list, as in e-mail delivery of newly posted articles to the Group.
Maybe the new member thinks of this Group as more of a mailing list
than a Web-based bulletin board? So maybe the person was simply thanking
you for setting up a mailing list where we can discuss spam? Maybe
you made a mistake banning that person. It might be a good idea for
you to make contact with that person privately to learn more about
the person, why he/she joined the group, what the person meant, and
if he/she turns out to be legitimate (non-spammer) then un-ban and
re-invite?

--- In Anti-spam@yahoogroups.com, "Capri" <capri@...> wrote:
> ... There's
> probably nothing more you can do except set the group to moderate all new
> members to prevent anyone joining to post nonsense or other spam. Trusted
> members can be taken off moderation after a while, when you feel it's right,
> and if you do set the list to moderate new members, that won't effect
> anybody already subscribed, but only those that subscribe after you set the
> setting.

That sounds like a good idea, but I have never seen that option available.
I manage several groups (not this one) and would like to know how to do it.
Would you please post a plain text USASCII file somewhere we can see it,
which tells in detail what an owner/moderator needs to do to set it up?

> It works IMO better than setting a group to restricted membership, because
> there are a lot of potential good members that don't like having to be
> approved to be on a list - me being one of them. :)

Also it's a royal pain to get e-mail saying there's pending activity,
somebody wants to join my group and needs approval, but
by the time I have time to deal with it, it's expired already.

> Something else that might be worth while is to run this person's address
> through a search engine and see if you can find they have posted anywhere
> else and what the nature of their posts were. Chances are good if they are a
> spammer, there will be something.

No, it's the other way around. Spammers make up new e-mail addresses all
the time to start new runs of spam to bypass filters tuned on their old
addresses. On the other hand, a legitimate person might have posted to
a newsgroup or set up a Web site using the same address consistently over
several years.

They called your list a "spam list"? Hmmm, they sound like a troll. There's
probably nothing more you can do except set the group to moderate all new
members to prevent anyone joining to post nonsense or other spam. Trusted
members can be taken off moderation after a while, when you feel it's right,
and if you do set the list to moderate new members, that won't effect
anybody already subscribed, but only those that subscribe after you set the
setting.

It works IMO better than setting a group to restricted membership, because
there are a lot of potential good members that don't like having to be
approved to be on a list - me being one of them. :)

Something else that might be worth while is to run this person's address
through a search engine and see if you can find they have posted anywhere
else and what the nature of their posts were. Chances are good if they are a
spammer, there will be something.

Capri

Just let a new memeber join my group. Sent the group a Hello and
welcome to SMBQHS@...  and they wrote back Oh your welcome and
thanks for the spam list. I only have a small group and I banned the
adr. at once.

What else should I do in the future to stop this from happening?

Is there really such a think as a spam list?

I looked at their Ebay page. Looks as if they're trying to sell the domain.
Hmmm, can't get people submitting their email addresses, so now they're
trying to sell their site? I don't think a domain name like that is too
likely to sell anyway.

Capri

[quoted text removed by moderator]

This is one of the most laughable pieces of crap I have ever seen find its way
into my inbox.

   Spamusnow.com has even gone so far as to list itself on eBay, if you can
imagine that.

   The bidding ended today, with no bids being offered, but what absolutely
amazes me is that the seller has an approval rating of 99.2% after 358
transactions.  How can this be?

   Of particular note is the profusion of misspelled words -- one of the surest
signs of misbegotten spam.

   I also love the way PayPay is listed at the bottom of the page, even though
the seller refuses to accept payment in that manner.

   Here's a link for anyone who else is interested in trying to figure this one
out:
http://cgi.ebay.ca/SPAMUSNOW-COM-IS-AVAILABLE-FOR-THE-1ST-TIME_W0QQitemZ14008956\
4733QQihZ004QQcategoryZ11153QQcmdZViewItem



---------------------------------
Ahhh...imagining that irresistible "new car" smell?
  Check outnew cars at Yahoo! Autos.

[Non-text portions of this message have been removed]

In message <evtt5e+jcgm@eGroups.com> rdcchristianson writes:

> I've created an informational blog about this.  My blog contains a
> message which can be sent to banned spammers, a home page notice for
> group owners who decide to restrict memberships, plus a (no doubt
> partial) list of spammer names which follow a certain pattern.

There is no point in sending anything to spammers' addresses.
No-one will ever see it.

rgds
LAurence

... I'd never steal a tagline...well almost never...
~~~ Tag-O-Matic V.13F

> [Mod note: I am not sure such extreme measures are necessary.]

I agree. Moderating only messages from _new_ members is enough
to keep members from receiving vast majority of spam through the group.
At first message either ban or approve+set to "use group settings".
No need for moderation of all messages _because of spam_
(it can be necessary because of a troll),
no need for membership moderation unless group topic is sensitive/private.

--- In Anti-spam@yahoogroups.com, Colin-JB <colinjb@...> wrote:
> Is it possible this is a disguised way to test email addy's and I have
> confirmed my existence and availability to be spammed?

Not even possible, IMHO extremely probable.

Your address has now been tagged as working, so it is more valuable
when spammers trade the address lists.

esa

I've been off-line for sometime due to broadband issues and having
just got back on-line checked my email.  2000+ spam messages in my
spam folder.  These had happened in 44 days.  That's a rate off 44 a
day!  Never before have I had such a problem with my Gmail account.
Is it possible I fell for a new trick?

A small while before I went off-line I received an email from someone
I had never heard of.  It was innocent enough, telling the intended
recipient all about there recent holiday and how they were hoping to
meet up in such and such a place.

I responded to there email, suggesting that they had emailed the wrong person.

Is it possible this is a disguised way to test email addy's and I have
confirmed my existence and availability to be spammed?

Colin-JB

--
Life's to short, lighten up!
http://groups.yahoo.com/group/ukrats/ rat chat and more
http://groups.yahoo.com/group/valeriesmiceparadise

I moderate about 20 yahoogroups. Most are totally moderated, meaning that I
have to approve new members and all messages. For the most part, this keeps
spammers at bay.

Even on the bigger groups where message volume is too high for me to
moderate messages, I still have to approve all new members. That keeps out
most spammers, and the few that get by are dumped after spam number one.



Norm



Coalition for Peace and Justice; UNPLUG Salem Campaign, 321 Barr Ave,
Linwood; NJ08221; 609-601-8583; Cell Phone - 609-335-8176

   _____

From:  rdcchristianson

I've created an informational blog about this. My blog contains a
message which can be sent to banned spammers, a home page notice for
group owners who decide to restrict memberships, plus a (no doubt
partial) list of spammer names which follow a certain pattern.

Here is a link to my blog:
http://yahoospamcontrols.blogspot.com/index.html

Hi, I hope this is the right place to post this. :) As an owner of
several Yahoo Groups, I'm completely tired of having to moderate my
groups, only to find that despite being fully moderated, spammers
inevitably sign up for my groups and attempt to spam anyway.  I've now
resorted to restricting memberships in addition to fully moderating my
groups.

I've created an informational blog about this.  My blog contains a
message which can be sent to banned spammers, a home page notice for
group owners who decide to restrict memberships, plus a (no doubt
partial) list of spammer names which follow a certain pattern.

Here is a link to my blog:
http://yahoospamcontrols.blogspot.com/index.html


[Mod note: I am not sure such extreme measures are necessary.]

I saw through this one as well. Nice try, but uhm, no way. Hehe!

Capri

----- Original Message -----
From: "Rob Nielson"

LOL.

I seriously hope no one is going to send this guy your spam. Gotta
admit, its a creative idea! Harvest Email addresses to spam people by
telling people to send them your spam. *rolls eyes*

Rob





realtimespankingsnvegas wrote:
>
>
> Have You ever wondered just how much spam others receive? Well so
> have we, that's why we created Spam Us Now - http://spamusnow.com
> <http://spamusnow.com> .
>

LOL.

I seriously hope no one is going to send this guy your spam. Gotta
admit, its a creative idea! Harvest Email addresses to spam people by
telling people to send them your spam. *rolls eyes*

Rob





realtimespankingsnvegas wrote:
>
>
> Have You ever wondered just how much spam others receive? Well so
> have we, that's why we created Spam Us Now - http://spamusnow.com
> <http://spamusnow.com> .
>
> We have put together a listing of the top spam related categories
> and we are asking you to cut and paste all the Spam you receive into
> the correct Spam categories.
>
> Post your Spam in the appropriate category - Add A Comment!
>
> Please include who sent the Spam. We hope that buy doing so we can
> help do our part to eliminate Spam once and for all!
>
> Everytime we receive 1 million new Spam items on our Spam Us Now
> Blog, we will give away 1 case of Hormel Spam.
>
> If you wish to be entered into the Free Case of Hormel Spam Contest,
> just send an email with your name and address to: media@...
> <mailto:media%40spamusnow.com>
>
> What are you waiting for SPAM US NOW!!!

Have You ever wondered just how much spam others receive?  Well so
have we, that's why we created Spam Us Now - http://spamusnow.com .

We have put together a listing of the top spam related categories
and we are asking you to cut and paste all the Spam you receive into
the correct Spam categories.

Post your Spam in the appropriate category - Add A Comment!

Please include who sent the Spam. We hope that buy doing so we can
help do our part to eliminate Spam once and for all!

Everytime we receive 1 million new Spam items on our Spam Us Now
Blog, we will give away 1 case of Hormel Spam.

If you wish to be entered into the Free Case of Hormel Spam Contest,
just send an email with your name and address to: media@...


What are you waiting for SPAM US NOW!!!

Welcome to the Yahoo Anti-spam Club! You are receiving this message
as a new member of our Anti-spam Group. We are glad to have you
with us. To learn more about our Anti-spam group, please visit our
site at http://groups.yahoo.com/group/Anti-spam .

We would like all members to please note the following:

* Our Group's web resources are very open. Our Message Archives,
Files, Bookmarks, and Photos are OPEN TO PUBLIC VIEW ON THE WEB!

* You may elect to conceal your email and IP address from moderators
and members alike. If you have have a Yahoo ID, visit
http://groups.yahoo.com/group/Anti-spam/join and set your
preferences to post without revealing your email and IP address.
[This is HIGHLY recommended!]  This limits you to posting only
from the web site, but it preserves your privacy to a greater
extent than possible when using email.

* All members are expected to act and post responsibly.

* To prevent spam and other abuse, new members are moderated.

You may choose to get messages individually, in a Daily Digest,
Special Notices, or no email at all.  If using Daily Digest and
posting by email, please edit/remove the Digest portion of the
message before posting. If using an auto-responder, please set
your preference to NO EMAIL.

Mission Statement:

Spam is often called unsolicited bulk or broadcast email (UBE or
UCE). It may also be off-topic or cross-posted messages in public
forums. This club is dedicated to ethically fighting spam, not
debating its merit or lack thereof.

Our web space here has information on prevention, filters, spam
reporting, ethical e-marketing, laws and more. Be sure to check the
info page (link below) and our Links Page for other great anti-spam
resouce sites! Post your ideas, strategies and questions in the
messages area.

Helpful reminders:

(1) We are not interested in counting kills or propogating email
warnings - real or imagined. Find some other forum for that waste
of time.

(2) The only time you spell "spam" in all caps is when SPAM refers
to a canned meat product. "Spam" of the .net variety is not worthy
of capitalization. [Pun intended!]

Yahoo Anti-spam Club Resources:

Our Group Bookmarks:
http://groups.yahoo.com/group/Anti-spam/links

View our totally unofficial resources home page at:

http://www.spamlinks.net/

http://www.geocities.com/spamresources

If you do not wish to be a member of our Anti-spam Club, you may unsubscribe
by sending a blank email to: Anti-spam-unsubscribe@yahoogroups.com .

To see and modify ALL your group memberships, go to
http://groups.yahoo.com/mygroups


Best regards,

Moderators of the Yahoo Antispam Club

[5/24 Revision: Added Group's HOME Page description to Welcome Message.]

Here are the offending usernames minus the numbers and
fake domains which
continually change:

alexis-sabry
barbi.elizabeth
barbi-elizabeth
belle.gobble
belle-gobble
boni.greenslade
boni-greenslade
brenda.warnes
brenda-warnes
brittney.steele
brittney-steele
brylee-stevens
etc
do all these domains end in. info?
and all those names - whois tells me
that are protected by whoisguard (which is
owned/controlled
by namecheap.com

It isn't the only number they're giving out. I have a folder where I put all
the spam in and it's about a hundred miles long! Some I actually looked at
had the same sort of ads for getting degrees online w/o studying, and gave
different numbers to call.

But they're all long-distance and I'd worry about them actually transfering
me to 900 numbers during the call, and you know what that means.

But I wish something could be done about these spammers.

They keep coming back with the same names, but different numbers and fake
domaines.

The first while these spammers hit, they put a '.' between the first and
last part of their userids, but later replaced it with a '-'

These bots aren't troubling my own lists because I don't let them in or if
they get in they are banned. But they're spewing mountains of junk posts on
other groups, running wild, and getting away with it.

Here are the offending usernames minus the numbers and fake domains which
continually change:

alexis-sabry
barbi.elizabeth
barbi-elizabeth
belle.gobble
belle-gobble
boni.greenslade
boni-greenslade
brenda.warnes
brenda-warnes
brittney.steele
brittney-steele
brylee-stevens
brylee.stevens
chani-kopnicky
diva.bensley
diva-bensley
domenique-mcnally
dorie-chabot
erika-haven
georgette.murdock
georgette-murdock
ignatia.kirkland
ignatia-kirkland
josalyne-overfelt
junelle-coyne
kayarna.lopez
kayarna-lopez
kendra.mackey
kendra-mackey
lily-gannaway
maneisha-mccarthy
monika.overfelt
monika-overfelt
muriel-berggren
nuala-alexander
savanna-terk
sherry-heath
skye-ollmann
steelie-mcmath
suzan.johnston
suzan-johnston
teisha-reifel
thomasina.kirby
thomasina-kirby
vi.west
vi-west
ziggy.millam
ziggy-millam

Hey there, friends:

Michael Albert here.

Note this name and phone number:

Todd Parker with "University Programs" at (646) 461-8450.

CALL my friend Todd and then e-mail me back or post here and let me
know what happens....here's why:


I have had it with spam!  Have you?  It has driven me nuts.  Maybe a
little over the edge.  Viagara!  Stocks ready to SOAR! On-line
Pharmacies!  Hot teen...you-know-what!  Faux-lex watches!  My E-bay
account is about to be CANCELLED!  Nigerians asking me to help them
get MILLIONS out of the country!  My Fifth-Third Bank account
security has been breeched!  A hundred every day!

So, that brings me to those "Get your university diploma in two weeks
with no studying or classes!" ads.  They differ from all of the
others...how?  They come with a PHONE NUMBER!  SO, just for giggles --
  I called it, and I left a message:  "Hi, my name is Michael and I am
looking for a (think, think) BUSINESS degree - Call me!"

About a week later, I get a call from Todd Parker from "University
Programs".  And his phone number [(646) 461-8450] actually shows up
on my caller ID!  I ask him how he got my e-mail address and why his
organization uses spam.  And then the excuses start:  "it's an
outside agency that does our advertising," "I'm just a registar (oh,
please),"  "if you give me your e-mail, I'll have it removed (oh,
PLEASE)," "no, there are no other phone numbers of anyone else who
works anywhere else in this 'university' (oh, PUH-LEEZE!)".

To make the long story short, I told Todd I would continue to try to
do what I could to stop their spamming practices (hey, I was off most
of that day).  I want to know what agency does the spamming.  I want
to know who is responsible.  I want it to stop.  He gives me no
information, and gets irritated with my several calls.  And though
(assuming he's telling me the truth) he may be just a cog in this
annoying and unethical wheel, he is all I've got and he isn't
directing me anywhere else.

I have sent this information to a few anti-spam organization
websites; also, to the Illinois Attorney General's Consumer
Protection area.  I don't know what, if anything will come of that.

Won't you help me stop one spammer?  Take a moment to give Todd a
ring and let him know that spamming is unethical, and probably
illegal.  It's fun!  Do what you can to find out who controls their
spamming.  Keep him on the phone a few minutes out of his "busy" day
trying to sell fake diplomas for your "life experience".  Leave a
message!  Pass his number along to others.  If he gets irritated
enough, he might give me the info I seek out of sheer frustration.

Granted, this won't stop all the other spam.  Granted, I have snapped
just a bit, and maybe this is just making one guy's life miserable
for no particularly good reason.  But...well....THEY STARTED IT!  And
maybe, just maybe, something productive will come of it.  Who
knows?

Dear all,
   I have finished my post graguate cources and I want to choice a good subject
for my Ph.D. thesis ..... I choice spam problem.....my question is : "Which
feild in computer sciences concerning with the spam problem ...or solving the
spam problem by Bayesian classifier.....?"

    thankx alot

   Regards
   Post g. student
   Alaa


---------------------------------
Don't get soaked.  Take a quick peek at the forecast
  with theYahoo! Search weather shortcut.

[Non-text portions of this message have been removed]

> LONDON - Most people just grumble and hit delete, but when Gordon Dick
> received a spam message advertising Internet services, he fought back.
>
> <http://news.yahoo.com/s/ap/techbit_spam_fighter>
>
> The 30-year-old Web marketing specialist from Edinburgh sued the
> sender, Transcom Internet Services Ltd., in small-claims court. The
> court ordered the company to pay $1,445 in damages and $1,190 in court
> costs.
>
> Dick argued that Transcom had taken his e-mail address from an
> Internet forum without his consent, violating the European Union
> Data Protection Act.
>


Web sites mentioned in article:

Scotch Spam: http://scotchspam.org.uk

Spam Legal Action: http://spamlegalaction.pbwiki.com

> > That is a Complex system, I had to do some research to decode.
>
> Not really, just a mail server and SpamAssassin, but thanks for
> looking everything up.

There are a lot of "users" here that would have to look up the programs and
systems.  I had to on some of them so I was just making it easier for them.

> The mail server rejects connections arriving from IP addresses that
> are listed in the DNS based blacklists (queried via DNS at the time
> the remote system connects, so this is a bit different from
> peerguardian lists).

I'm building my own at the moment.
After the problem I had at the beginning of the month I've been watching the
tcp traffic and noticed that when a 550 (unknown recipient) is sent back at
least one of the spammer programs is then sending something that causes an
"illegal response to many bytes" to be generated by the server.
As far as I've been able to tell it's only the spammers that are doing this.
I've been collecting these and putting them into a "peerguardian" list for
rejection.

So far I have 6498 unique IP addresses listed.  That is a LOT of spamming
computers sending to just one person that never replies to spam.


> > So is it possible to get some details (not here) maybe in a package of
> > instructions so that others can assemble the same system?
>
> I have always been hesitant to do this because I used to do this for
> work (setting up, maintaining and documenting things), and I don't
> want to create something I might not be able/willing/have time to keep
> up to date. The way things are done might change when a component gets
> upgraded (and very often do), so when a new version comes up the doc
> needs to get revised.
>
> But, I think I have a go at it. Most likely it'll be a meta document
> with enough glue so that readers can study things further.

Sounds like a great idea, get them started.

> 1-2-3
> documentation has never appealled to me because I believe people
> should understand what they're doing so that they don't get into
> trouble when something doesn't work.

The trouble is the general "user" can't understand what most of the acronyms
stand for let alone what the technologies do.
That's why I looked up all the stuff you spoke about as there are a lot of
laymen on here.  At least that gives them a chance to learn the basics.

Mostly the "users" want to put a system in and go back to reading the daily
jokes they get on Email.  Which from what I've seen is what MOST email is
used for...IN the home at least. :-)


> I also train the bayesian with ham every now and then by scanning my
> inbox, but this this I do manually perhaps once a month.

Can you feed back from outlook?


> > Anyone I send an Email to is automatically put into the white list.
>
> But people often use multiple servers to send e-mail out, so
> whitelisting doesn't occur for all of them.

No when they send an email from each they would be white listed.
I use many Email addresses myself but for any one destination it's generally
use just one.

> > Challenge responses from addresses not in the white list can be
> ignored as
> > they are back scatter.
>
> Hmm. Well, I do take backscatter a bit more seriously than you.

Taken in the context of my original Email (a universal adoption of C/R) back
scatter would not be a problem.

> > It has to be a concerted effort.  If everyone started forwarding the
> spam to
> > their ISP the ISP would do something about it.
>
> Unfortunately I'm perhaps too old. In my eyes a sentence that starts
> with "If everyone" is always a pipedream.

But the trouble is if no one tries nothing happens.  If everyone thought the
same nothing would happen.  MANY great discoveries, inventions, movements
would have never happened if they thought "this is a pipedream".


> > Those crimes are *almost* universally condemned.
> > BUT I'm sure in some part of the world we could find a place where it is
> > legal.
> > The trouble is "junk mail" isn't seen by anyone except the people
> like you
> > and I that deal with massive amounts of it to be anything of importance.
>
> The crimes that are currently almost universally condemned weren't
> always like that. There lays the hope. 10 (in some places 5) years ago
> e-mail wasn't considered mission critical. Nowadays it most often is
> mission critical for businesses. When spam starts to seriously damage
> e-mail for businesses things'll start to change. I think/hope that
> we're almost there.

Maybe...but it sound like a "pipedream"....LOL sorry just couldn't resist.
Yes we can but hope.

> > If only the original designers had of foreseen what was to come.
>
> There and then they could trust that the users would use the system as
> intended. The e-mail we have now is a lab experiment that got loose.

YEP at the beginning everyone could be trusted, we live in a VERY different
world now.

> With X400 things would be different.

I think it was ESA that asked how the system I use checks if "from" Email
addresses are valid.

Below is the PHP used by the program to validate them.

Your system will need access to port 25 outgoing which eliminates a lot of
private Email servers.

You simply call the script and add "?email={address to be checked}" to the
end of the url.



The System I use also adds faked addresses to the black list so that they
are only checked once.



This eliminates all spam that has a illegitimate "from" address.

Of course if the spammer has a list of legitimate addresses then this one
preventative won't stop it.



BTW: It's not my code so I can't give you any definitive answers as to how
it works.

But if there are any questions I will try and help.  :-)



Enjoy

John





<?php



error_reporting  (0);



//Uncomment the below if you wish to perform the password check to prevent
unauthorised lookups using your server.



//$Password=($_GET['password']);



//if($Password!="myPassword")

//{

//          echo "400 Password Invalid";

//          break;

//}



ValidateMail($_GET['email']);



// Validate Email Address Function

function ValidateMail($Email)

{



// Note set the $HTTP_HOST to your domain name.  It is used in the HELO
request.



//global $HTTP_HOST = "emailAIPro.com";



// Breaks apart the username & domain name



             list ( $Username, $Domain ) = split ("@",$Email);



// Checks to see if the domain name actually exists



             // Does an MX lookup on the domain name to find the domains mail
server entry.  If it doesn't find one it defaults to the domain name.

             if (getmxrr($Domain, $MXHost))

             {

                 $ConnectAddress = $MXHost[0];

}

             else

             {

                 $ConnectAddress = $Domain;

             }



             $ip=gethostbyname($ConnectAddress);



             if($ip==$ConnectAddress)

             {

                         echo "300 Invalid domain name";

                         return;

             }



// Connects to the mail server and proceeds to check the email addrss



             $Connect = fsockopen ( $ConnectAddress, 25 );



     if ($Connect) {



         if (ereg("^220", $Out = fgets($Connect, 1024)))

                             {

                                     fputs ($Connect, "HELO
emailAIPro.com\r\n");

                                    $Out = fgets ( $Connect, 1024 );

                                     //echo "$Out<br>";

                                     while(ereg("^220",$Out))

                                     {

                                     $Out=fgets($Connect,1024);

                                     //echo "$Out<br>";

                                     }



            fputs ($Connect, "MAIL FROM: <{$Email}>\r\n");

            $From = fgets ( $Connect, 1024 );



                                     //echo "$From<br>";



                                     while(!ereg("^250",$From))

                                     {

                                                 if(!feof($Connect))

                                                             break;

                                                 $From=fgets($Connect,1024);

                                                 if($From=="")

                                                             break;

                                                 //echo "$From<br>";

                                     }



            fputs ($Connect, "RCPT TO: <{$Email}>\r\n");

            $To = fgets ($Connect, 1024);

            fputs ($Connect, "QUIT\r\n");

            fclose($Connect);

                                     //echo "$To<br>";

            if (!ereg ("^250", $From) || !ereg ( "^250", $To ))

                                     {

                                                 if(!ereg("^550",$To))

                                                             echo $To;

                                                 else

                                     echo "100 Server rejected address";

                                                 return;

             }

         } else

                                     {

                         echo "101 No response from server";

                                                 return;

             }



                         }



                         else {



         echo "102 Can not connect to e-mail server";

                         return;

     }

     echo "200 email address appears to be valid";

             }

?>





[Non-text portions of this message have been removed]

--- In Anti-spam@yahoogroups.com, "John Morrison" <jmorrison@...> wrote:

> That is a Complex system, I had to do some research to decode.

Not really, just a mail server and SpamAssassin, but thanks for
looking everything up.

> IS this a linux/windows based server system?

I'm using linux based system, but the components are available also on
  Win32 platform.

> How do you implement the black lists?

The mail server rejects connections arriving from IP addresses that
are listed in the DNS based blacklists (queried via DNS at the time
the remote system connects, so this is a bit different from
peerguardian lists).

> What is MAT?

MTA = Mail Transfer Agent, a trade term for mail server.

> This must have taken years to get working with all the various packages
> inter working.  Not to mention the upkeep with patches and upgrades.

Not really. SpamAssassin supports all those, so if you go carefully
thru the docs and configuration you pick up what can be done with
them. So, when I selected Courier-MTA as the server MailDrop was
obvious choise (from the same author, included in the package). Then I
chose SpamAssassin since it had the configurability and features I
wanted (blacklists, heuristic filters, bayesian filtering came later
if I remember correctly).

SARE rulesets gets updated automatically via a scheduled job, the
other components get updated when the updates arrive for the
distribution I use (once every few months, no reboot necessary). I
upgrade them at the same time I upgrade other sw components in the
system. I check for new upgrades irregularly, normally about once a week.


> So is it possible to get some details (not here) maybe in a package of
> instructions so that others can assemble the same system?

I have always been hesitant to do this because I used to do this for
work (setting up, maintaining and documenting things), and I don't
want to create something I might not be able/willing/have time to keep
up to date. The way things are done might change when a component gets
upgraded (and very often do), so when a new version comes up the doc
needs to get revised.

But, I think I have a go at it. Most likely it'll be a meta document
with enough glue so that readers can study things further. 1-2-3
documentation has never appealled to me because I believe people
should understand what they're doing so that they don't get into
trouble when something doesn't work.

> > I train SA's bayesian database regularly with both spam and ham.
> So how much time do you spend on doing all this.

Less 2 minutes/day. I transfer spam that got thru to a folder that
gets scanned by SpamAssassin to be included in the bayesian database
(the scanning is scheduled, so no personal intervention is required).

I also train the bayesian with ham every now and then by scanning my
inbox, but this this I do manually perhaps once a month.


> Anyone I send an Email to is automatically put into the white list.

But people often use multiple servers to send e-mail out, so
whitelisting doesn't occur for all of them.

> Challenge responses from addresses not in the white list can be
ignored as
> they are back scatter.

Hmm. Well, I do take backscatter a bit more seriously than you.

> It has to be a concerted effort.  If everyone started forwarding the
spam to
> their ISP the ISP would do something about it.

Unfortunately I'm perhaps too old. In my eyes a sentence that starts
with "If everyone" is always a pipedream.

> Those crimes are *almost* universally condemned.
> BUT I'm sure in some part of the world we could find a place where it is
> legal.
> The trouble is "junk mail" isn't seen by anyone except the people
like you
> and I that deal with massive amounts of it to be anything of importance.

The crimes that are currently almost universally condemned weren't
always like that. There lays the hope. 10 (in some places 5) years ago
e-mail wasn't considered mission critical. Nowadays it most often is
mission critical for businesses. When spam starts to seriously damage
e-mail for businesses things'll start to change. I think/hope that
we're almost there.


> If only the original designers had of foreseen what was to come.

There and then they could trust that the users would use the system as
intended. The e-mail we have now is a lab experiment that got loose.
With X400 things would be different.

> > Teergrubing - never heard of it.
>
> Teergrubing: slowing down the smtp conversation according some
> criteria, like blacklisted address, too many smtp errors like
> non-existant addresses etc.

Thanks for the explanation.  I have heard of it just not under that name.

> > Spamproofing - ??? explain
> > 	 - Does that help when your domain is being spammed.
>
> Spamproofing is something what you do when you need to display
> publicly an e-mail address. You don't include the address in the html,
> but disguise it in javascript, hex, or just describe the address
> without writing it out. It is proactive, so it won't help when domain
> is being spammed.
Most of the spam I get now is *to* non existent addresses that I've never
and will never use.  These are eliminated immediately (NO C/R).


> > You ignored the fact that I've tried other methods!
> > C/R was not my first choice.
>
> I didn't ignore it and I understand that it wasn't your first choice.
> For me it wouldn't have been the last choice either, but here we
> disagree and I don't see either of us changing our minds so let's just
> let it be, ok?
It's my final choice *only* up to the fact that the server I now have uses
it.
The Future holds infinite possibilities.


> > Yes!
> > Because spammers do it to make money!
>
> They do it to earn money, you do it to not to loose time (i.e. money).
No I use it so I have a mail system I can use.  I make almost no money from
Email.
3000 messages (yes it is real) in one day made it impossible to use the
system.


> > Our job is to educate people to the best of our ability.
>
> Guess what I'm trying to do ;-)
Hmm trying to do the same myself.
It isn't education to tell (again and again) someone he is "abusing" people
when it's been explained to you that the server I've had to purchase and
install to make my Email system usable uses C/R.
OK you think its abuse I get it!
I'm not going to throw it away and go back to a non-usable email.

AND a straight C/R system with NO intelligence or other methods to remove
spam is major abuse but that is not what I'm running!

> > Great sounds like a good system, what software do you use?
> > Give some details so that others can put together a system like yours to
> > eliminate that problem as you have.
>
> Basically I use blacklists in front at the MTA. When the message
> passes that some mailing lists are directed to appropriate mailboxes
> using Maildrop (same can be done with procmail or shellscripts), and
> then SpamAssassin gets hold of it. SA is configured with DCC, Razor
> and Pyzor, and a choise of SARE rulesets (available at
> http://www.rulesemporium.com). In case of SARE rulesets, you'll have
> to figure out yourself which ones will work in your environment.

That is a Complex system, I had to do some research to decode.  Here is what
I found so other readers don't' have to waste time looking it up.  If I've
made any mistakes please correct.

IS this a linux/windows based server system?
How do you implement the black lists?
What is MAT?
MailDrop - mail delivery agent with filtering -
http://www.courier-mta.org/maildrop/
Spam assassin - http://spamassassin.apache.org/
DCC - Distributed Checksum Clearinghouse -
http://www.rhyolite.com/anti-spam/dcc/
Razor - spam detection and filtering network - http://razor.sourceforge.net/

Pyzor - identifying digests of messages - http://pyzor.sourceforge.net/
SARE - SpamAssassin Rules Emporium - http://www.rulesemporium.com

This must have taken years to get working with all the various packages
inter working.  Not to mention the upkeep with patches and upgrades.

So is it possible to get some details (not here) maybe in a package of
instructions so that others can assemble the same system?  As you pointed
out with your system there are very few false triggers.  So put some
instructions together and others can use the same system and you've solved a
major part of some peoples spam problem.

> I train SA's bayesian database regularly with both spam and ham.
So how much time do you spend on doing all this.


> > But in your eyes because the Email server I use uses C/R (after many
> other
> > things) then I am abusing people....
>
> How would you describe a message, from a person you've never been in
> contact with, asking you to confirm that you really sent a message? If
If they've been in contact then they don't get any more.  The C/R in the
current system is a one shot deal.  You reply to ONE challenge and you are
white listed forever.

> C/R systems get huge popularity, multiply that by a large number. See
> the picture?
Yep if *EVERYONE* used the program I use and the way it implements C/R as
part of it's system spam would disappear over night.  :-)
As NO spam would get though and the spammers would quickly die out from
starvation.

Anyone that regularly converses would get one Challenge then they would be
in the white list.
Fake/nonexistent "from" addresses would be eliminated.
Challenge responses are only sent to those that aren't in the white list.
Anyone I send an Email to is automatically put into the white list.
Challenge responses from addresses not in the white list can be ignored as
they are back scatter.

> > What about we all send the spam we receive to our respective ISPs,
> asking
> > for answers?
>
> That might do some good IF we got enough people behind it. But please
> do report back when you've done it by yourself ;-).
As you know and have said already one person can't sway them!
So why suggest it??
It has to be a concerted effort.  If everyone started forwarding the spam to
their ISP the ISP would do something about it.

> > That is the trouble there is no international body that can pass a
> law on
> > it.
> > Laws would have to be passed in "every" country to stop it.
> > The LAW makers thought are generally on Government servers with lots of
> > people buffering them from the real world.
>
> Well, there are several crimes that are quite comprehensively
> forbitten like pedophilia, murder et al. So, there IS a possibility to
> get some international action if there are enough eyeballs in it.
Those crimes are *almost* universally condemned.
BUT I'm sure in some part of the world we could find a place where it is
legal.
The trouble is "junk mail" isn't seen by anyone except the people like you
and I that deal with massive amounts of it to be anything of importance.

> > > The trend cannot continue for eternity.
> > Are you sure? :-)
>
> Just wishful thinking.
Yeah :-(
If only the original designers had of foreseen what was to come.  Back then
it would have been a very small thing to change.  Now it's almost impossible
to redesign the system. :-(

--- In Anti-spam@yahoogroups.com, "John Morrison" <jmorrison@...> wrote:
> I'll check with the software writer on how he does it.

Thanks, this is appreciated!

> Most likely the cost will be increased by charging for emails sent.
> AND the ISP makes more money which is an incentive for them. And we
loose.

If e-mail postage ever gets adopted competition will make sure that
other costs will drop. If something is too lucrative the competition
moves in.

> Ok you said it but did you explain it. :-)
> Filtering - yep know what that means what method/program do you
suggest is
> best

Personally I have good experience with SpamAssassin, after the first
line of blacklists. I could tell which one, but the effectiviness
depends too much on your e-mail habits so it is better I don't skew
the readers' own intellect. I prefer mainstream, rather conservative
lists like sorbs and spamhaus, complemented with country-specific
lists from http://blackholes.us/ (personally I don't receive any mail
from China, for example, and same applies to the users of the system I
administer).

> Teergrubing - never heard of it.

Teergrubing: slowing down the smtp conversation according some
criteria, like blacklisted address, too many smtp errors like
non-existant addresses etc.

See a bit simplistic explanation at
http://en.wikipedia.org/wiki/Tarpit_(networking)

> Spamproofing - ??? explain
> 	 - Does that help when your domain is being spammed.

Spamproofing is something what you do when you need to display
publicly an e-mail address. You don't include the address in the html,
but disguise it in javascript, hex, or just describe the address
without writing it out. It is proactive, so it won't help when domain
is being spammed.

> You ignored the fact that I've tried other methods!
> C/R was not my first choice.

I didn't ignore it and I understand that it wasn't your first choice.
For me it wouldn't have been the last choice either, but here we
disagree and I don't see either of us changing our minds so let's just
let it be, ok?

> Yes!
> Because spammers do it to make money!

They do it to earn money, you do it to not to loose time (i.e. money).

> I had 3000 messages in one day before this system.

I feel for you, really.

>
>
> > Personally I know of people that answer C/R requests when they're
> > misdirected.
> Well they are very silly doing that arn't they and you should
educate then
> not to.

They know perfectly well what they're doing: they're giving back to
the ones that are abusing their mailboxes. Personally I don't think
fighting abuse with abuse is a good thing.

> Our job is to educate people to the best of our ability.

Guess what I'm trying to do ;-)

> Great sounds like a good system, what software do you use?
> Give some details so that others can put together a system like yours to
> eliminate that problem as you have.

Basically I use blacklists in front at the MTA. When the message
passes that some mailing lists are directed to appropriate mailboxes
using Maildrop (same can be done with procmail or shellscripts), and
then SpamAssassin gets hold of it. SA is configured with DCC, Razor
and Pyzor, and a choise of SARE rulesets (available at
http://www.rulesemporium.com). In case of SARE rulesets, you'll have
to figure out yourself which ones will work in your environment.

I train SA's bayesian database regularly with both spam and ham.


> But in your eyes because the Email server I use uses C/R (after many
other
> things) then I am abusing people....

How would you describe a message, from a person you've never been in
contact with, asking you to confirm that you really sent a message? If
C/R systems get huge popularity, multiply that by a large number. See
the picture?

> What about we all send the spam we receive to our respective ISPs,
asking
> for answers?

That might do some good IF we got enough people behind it. But please
do report back when you've done it by yourself ;-).

> That is the trouble there is no international body that can pass a
law on
> it.
> Laws would have to be passed in "every" country to stop it.
> The LAW makers thought are generally on Government servers with lots of
> people buffering them from the real world.

Well, there are several crimes that are quite comprehensively
forbitten like pedophilia, murder et al. So, there IS a possibility to
get some international action if there are enough eyeballs in it.

> > The trend cannot continue for eternity.
> Are you sure? :-)

Just wishful thinking.

> --- In Anti-spam@yahoogroups.com, "John Morrison" <jmorrison@...> wrote:
> > The server I have uses Black/White lists, it checks if the sender is
> a valid
> > email address and C/R.
>
> I wonder just how the server is checking if the sender e-mail address
> is valid. The domain part it certainly can check (and should, IMHO).
I'll check with the software writer on how he does it.  But it checks each
address is valid before it's accepted.


> > The BIG problem is nothing is being done to stop the spam.
>
> True. The answer, IMHO, is to make it cost enough so that the
> incentive to spam is lost. Just how exactly this could be accomplished
> is a bit cloudy. Some cost increases will be from getting their
> accounts cut, payment methods freezed and getting law enforcement to
> look into it.
Most likely the cost will be increased by charging for emails sent.
AND the ISP makes more money which is an incentive for them. And we loose.


> > > I think it is important to know good and bad from each method so one
> > > can make informed decision.
> > So inform people AND give alternatives when you reply.
> > It isn't enough to say C/R is BAD and shouldn't be used and leave it as
> > that.
>
> I've said: filtering, blacklisting, teergrubing, spamproofing ones
> address, throwaway addresses.
Ok you said it but did you explain it. :-)
Filtering - yep know what that means what method/program do you suggest is
best
Blacklisting - already in my software.  What do you use?
Teergrubing - never heard of it.
Spamproofing - ??? explain
		 - Does that help when your domain is being spammed.
Throw away - Doesn't help if you have a domain being dictionary spammed.

> > Without C/R I would have had to read and process 65000 emails.
> > I've tried all the other methods that I know of including
> spamcop/etc and
> > none of them made that much difference.
>
> But this C/R thing. Somebody is annoyed enough to do something to
> protect his mailbox with C/R, but at the same time perfectly happy to
> spam myriads of innocent bystanders? Somehow this doesnt' compute.
I have heard the argument before and considered it.
You ignored the fact that I've tried other methods!
C/R was not my first choice.


> Do you realize that you probably spammed about 65000 individuals?
NOPE!
As I said my software checks for invalid address (most are).
And Uses a blacklist.
So it's not 65000 but a somewhat smaller number.
Personally I'd prefer not to send any as it cuts into my internet allowance.
But I'd also like not to spend hours on received spam.
It's not a perfect world.

> And you're annoyed when spammers do that?
Yes!
Because spammers do it to make money!
The "SYSTEM I USE" eliminates all the false addresses (Source and
destination), deletes the blacklisted, lets though the white listed and the
few left it sends a C/R to.
This gives me a mail system that I can actually use again.
Without spending an hour (or more) a day deleting the JUNK.
I had 3000 messages in one day before this system.


> Personally I know of people that answer C/R requests when they're
> misdirected.
Well they are very silly doing that arn't they and you should educate then
not to.
I have customers that used to click the Unsubscribe link on the bottom of
spam emails, until I educated them.
It's not a perfect world.
Our job is to educate people to the best of our ability.

> My system which includes blacklists, SpamAssassin with selected SARE
> rulesets and Bayesian stopped or filtered about 4000 messages/day
> (around December), let pass 10 messages and generated less than 1
> false positive/week (yes, I go thru filtered messages (about 300 a
> day, the rest is blocked during smtp conversation) to find phishes
> which I duly report in various places, I don't actively check for
> false positives).
Great sounds like a good system, what software do you use?
Give some details so that others can put together a system like yours to
eliminate that problem as you have.

> All this without inconveniencing my fellow netizens.
It's great that with your software you can do that.
The server I use uses C/R.


> > Yep but what I've seen, is there is always at least one person that is
> > against anything suggested.  The end result is there is no acceptable
> > solution.
>
> This is no democracy, so don't worry about somebody disagreeing with
> you. Think, if anything he says has validity and adjust accordingly.
I do.

> If the method or approach is a good one, it'll get implemented. In a
> few places first, and if it really makes the difference without
> generating too many other problems, in other places as well.
Well advertise your system here so that others can try/implement it.

> While there are many suggested ways to stop spam, many of which would
> work, there is always something in them why they haven't been adopted,
> at least widely.

> Some abuse innocent 3rd parties (C/R, graylisting, although the
> graylisting is gaining popularity since most of the time it is not too
>  abusive).
Now IMHO there is one of the problems, when systems are discussed, the
emotive language "ABUSE".
You are obviously hard against C/R so there is no place for it in any
system.
But for me it's the only thing that has worked and it's part of the mail
system I've purchased.
But in your eyes because the Email server I use uses C/R (after many other
things) then I am abusing people....

> Some are not compatible with the current e-mail system (which many see
>  too valuable to throw away).
> Some require almost simultaneous changes in mail servers.
Neither are good ideas.

> Some assume that ISPs are interested in something else than making money.
So how do we "the spammed" make it better for them to stop the spam then to
let it through?

What about we all send the spam we receive to our respective ISPs, asking
for answers?


> But something will come along that will change the current status quo.
> I suspect the solution is laws and enforcement, but I may well be
> wrong.
Australia already has laws to stop Australian Spam.
That is the trouble there is no international body that can pass a law on
it.
Laws would have to be passed in "every" country to stop it.
The LAW makers thought are generally on Government servers with lots of
people buffering them from the real world.

> The trend cannot continue for eternity.
Are you sure? :-)