But, I don’t like spam!

But, I don’t like spam!


How should I say this politely: I do not like spam! I hate spam. Can I choose something different? Perhaps a nice cold beer on such a warm day, but definitely not hot steaming, bug infested spam.

I read a report on my favorite news website yesterday, which stated that 95% of all sent email is spam. Hard to believe, but saying that I found it hard to believe that we only crossed the 50% mark two years ago. Sure, a company that makes spam filters wrote the article. However, even if the 95% figure is not 100% true we’re all still being sent excessively many fishy, smelly, stinky, irritating emails and I am such a saint! I am still waiting for a call from the pope, but not an email from Wendy over my personal problems. How on earth did she know?

Sad but true, the spammers seem to have the initiative in this war and thus are winning. The distributed nature of the internet combined with the cross boundary laws makes diminishing the effects of these repetitively boring full spectrum attacks difficult. I wouldn’t mind so much if my mailbox was less full or my spam filter was 100% accurate. I think it is brilliant the way thunderbird helps me to define away large chunks of spam. However, at the 95% mark even leak tight containers start to cringe under the onslaught. It is time to take back the initiative and start sharpening the tools. Many clever people are already doing so.

Tools I say and tools I mean. I love Linux live distributions and have a great deal of respect for the security minded. I particularly like the idea of kicking spambots with brilliant tools such as basted.

Spambots suck up email addresses. You leave your address in a mailto tag or on a newsgroup, and then you are so gone, but sadly and definitely not forgotten. You’ll be part of the history of the internet forever, more backed up than the Internet Archive and famous to those who wish to sell diplomas and cures for your obvious inadequacies.

Basted is a script that keeps track and sends many bad addresses back to the bot. Basted has the potential if widely deployed to have effect on the profit of spammers. Sure, it’s at an early version, but when it has grown up it will start bullying the bullies. But why stop there? There are Linux honeypot distributions, why not have one whose sole task is to help ISPs stop spam? Acting as a full spectrum inoculation at the source mail servers, if aggressive enough and updated enough and open proxied enough, then we have a chance to breathe again. Free from unwanted emails that our children may accidentally click on. Perhaps there’s already a distribution out in the wild that does all that I want. For example, STD 0.1 looks like a broader version of where it should be. I would hope for a distribution with less than 40 tools and many graphically assistive help files. A distribution that could be popped into a spare computer and with the help of virtualization look like a network of victims with really sharp hidden teeth. A virtual network that has the potential to be updated automatically with new tools every night. A zero maintained, headless, anti-spam attack drone. Remotely flying over the enemies head.

So what do you think? Have you any ideas for tools? If so, please leave a polite comment.

Category: 
Tagging: 

Comments

Terry Hancock's picture

All too often, discussion of spam in the popular press leads to the conclusion that "It ought to be illegal!", but most of the spam I receive is probably already illegal (at least in the US).

Anyway, IMHO, it's clear that technology will be the best way to solve the problem, even if that's not an easy thing to do. I've generally concentrated on filtering solutions. Bayesian filtering in Thunderbird is pretty good, although I'd like to move the stuff to the trash automatically instead of just marking it (haven't figured out how you do that yet).

I used to manage spam filters manually, but for awhile, things were so screwed up and I had so many false positives that I got in the habit of reading my trash folder first. Things are definitely better now!

I distrust the approach of automatically reporting spammers to their ISPs. Previous attempts at this have been foiled by smarter and smarter techniques to hide spammers' tracks and forge their origins. I've received a number of complaints myself from people who clearly got spam forged from my account (at least I sure hope I was not running an open mail relay somewhere -- I guess you can never absolutely know). However, the idea of a "honeypot" that screws up the spammers' modus operandi does sound like a good idea.

Ryan Cartwright's picture

Bayesian filtering in Thunderbird is pretty good, although I'd like to move the stuff to the trash automatically instead of just marking it (haven't figured out how you do that yet).

You'd have probably worked it out but to save you the time...
Tools->Junk Mail Controls
Under the Settings tab change the settings below "Handling".

Alan Berg's picture
Submitted by Alan Berg on

We should look at any disruptive approach that affects the economics of spamming. If we force down the profit margins then the spamming volume should follow.

Ryan Cartwright's picture

Attacking the bots sounds a good idea but surely it only works if the spammers are concerned over the number of genuine addresses they have on their lists. Also it won't stop my address getting onto the lists via another server.

I used to think spammers were like the people who send free catalogues and brochures but that's wrong. Spammers use an entirely fire and forget process. When they send a message they use a spoofed reply-to and to header (Terry this is probably what's happening to you) so that it is not them who gets the bounces.

Perhaps there is one way in which the spammers and the catalogue people do work the same. Maybe they work by carpet bombing: send one message to 10 million "addresses", of which 2 million end up in a real inbox, of which 50000 actually get read, of which 100 follow-up on the links. Those 100 may not buy the product but they will see the advertising on the site and they will have confirmed their address as being one of the gullible people - which will move them up a level on the spammers lists.

I don't think that abuse reports work. If they did then I wouldn't still be receiving spam via open-relays within popular ISP address ranges.

My preferred method is spam filters but at SMTP level (not yet deployed bt will be soon). Using something like Exiscan within Exim means that my server doesn't even handle the spam bounces. Okay the sending server therefore has to handle it but because it's a reject rather than bounce, it means the - spoofed - "sending" address isn't plagued with bounce message for mail they didn't send. The sending server would therefore have to be more efficient in stopping spammers sending mail through their system. If the spammer is using their own smtp then they would eventually get fed up of the rejection messages.

Alan Berg's picture
Submitted by Alan Berg on

I believe in defense in depth. Making a targeted Linux distribution may build that depth via a series of tools and server types. Start by targeting the Spambots then the spammers by distributed analysis. Make the distribution easy enough and then given a fair wind, the rest may follow.

ns2048's picture
Submitted by ns2048 on

I've seen fairly good results (from ~400 spams/week down to ~12) by using a combination of iptables (geo-blocking/filtered port 25) + DNS blacklist (i.e., Spamhaus, DSBL) + DSpam (dspam.nuclearelephant.com). The list of IPs blocked by iptables is generated daily based on analysis of Postfix logs and DSpam results.

Kirk Strauser's picture

I wrote an article last year for FSM. Check it out and use it if you can. Although my real email address is plastered all over the place, I typically get a spam every other day or so.

Good luck!

Anonymous visitor's picture

If we could create false email addresses, and then have an automatic system for generating and sending thousands of messages to the spammers of those addresses in order to clog up their systems. I don't know if this could result in a DOS for them, but regardless, it would eat up their bandwidth and cost them more $$. Could such a little program be written up and put out on torrents and spread around freely? If everyone had something like this running in the background on their computers, spammers would be toast.

Author information

Alan Berg's picture

Biography

Alan Berg Bsc. MSc. PGCE, has been a lead developer at the Central Computer Services at the University of Amsterdam since 1998. In his spare time, he writes articles, book reviews and has authored three books. He has a degree, two masters and a teaching qualification. In previous incarnations, he was a technical writer, an Internet/Linux course writer, and a science teacher. He likes to get his hands dirty with the building and gluing of systems. He remains agile by playing computer games with his sons who (sadly) consistently beat him physically, mentally and morally at least twice in any given day.

You may contact him at reply.to.berg At chello.nl