Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Spam The Internet

What's in Your Spam-Fighting Arsenal? 56

Posted by Cliff from the tools-of-the-trade dept.
Spamhunter asksL "Everyone has their favorite tools to stop spam at the inbox, whether it's using a scoring tool like SpamAssassin, bayesian filters, or something as extreme as challenge/response whitelists (which creates a few problems itself). What I'd like to know is, what are your tools for actively investigating and shutting down spammers? I've found information sites like SPEWS and Spamhaus to be invaluable in tracking down spam gangs and spam-friendly ISP's in order to put pressure where it belongs. Sometimes just chasing the chain of ownership in WHOIS is helpful. What tools, approaches, and resources do you find helpful?"
This discussion has been archived. No new comments can be posted.

What's in Your Spam-Fighting Arsenal? More

What's in Your Spam-Fighting Arsenal?

Comments Filter:
  • Mozilla mail's bayesian filtering are more than enough for the spam that comes my way. Of course, I have a fat connection - spam would probably still annoy me a lot if I had to download it at POTS speeds.
    • For my regular account Mozilla's filtering works fine. For my hotmail account, I get about 100 messages a day, with about 2-3 not caught by the filter. In the end bayesian filtering cannot ever completely replace the human eye. I think that most people know this, but I have heard some exaggerated claims.
      • I'd rather deal with 2-3 leakers than risk throwing away good mail.

        Generally, messages that leak through have bizarre subjects or contents are easily to identify. Mozilla does a remarkable job (for me at least) in getting rid of the spam that looks like generic mail.
        • What I have had problems with lately is spam messages selling pills or something. Their subject heading contains a line of question marks like "meds????????", but it seems that varying the number of question marks lets some messages get through. I have yet to see a message that I want to keep get wrongly sorted to the Junk folder.
  • SpamAssassin is great because it does almost all of those things. My setup filters for regexes, checks some databases on the web for relays and for registered spam messages, manages an auto-whitelist, and does wonderful Bayesian filtering.

    I've had the same setup for several months, and I only have about 1 to 2 mistakes a month. A mix of various techniques is really the only way to go.
  • The adaptive spam filtering works great for me. :)
  • Technically the Rules Wizard isn't a spam filter, but it does help me kill spam. I use it as a white list. I'll only see messages from peeps who I want to hear from.

    Also, I have a few forwarders. If I register with Best Buy, for example, then I create a bestbuy@mydomain.com address for them and register with that. So if I get SPAM there, I just turn that forwarder off.

    When somebody emails me and they're not on my list, they get a message back saying "Didn't get your message with human readable instru
    • Oh good job. Way to contribute to the problem of joe jobs! I'm glad to see that you're contributing to the spam problem while hiding it from your eyes.

      Any "solution" that autoreplies to email based on who it purports to be from is broken and needs to be fixed. Sending autoreplies to spam just causes somebody's legitimate inbox to fill with garbage whenever the spammers use that innocent party's address in their spam. Naturally since you personally don't see any of these nasty side effects it must not b
      • "Any "solution" that autoreplies to email based on who it purports to be from is broken and needs to be fixed."

        If I were sending out a bunch of messages, I'd agree with you. But I'm not.

        " Sending autoreplies to spam just causes somebody's legitimate inbox to fill with garbage whenever the spammers use that innocent party's address in their spam."

        BzzT sorry.

        1.) Outlook 2000 only sends one message to a recipient per session.

        2.) The message that is sent back is pretty clear: Somebody sent me an email
        • So no, it's not 'just filling an innocent party's address with spam'.

          Except when 10,000 other people do the same thing...

          Please understand that what you are doing is being a poor netizen and not appropriate. I'm glad it makes *your* life easier but it makes others lives more difficult. Please reconsider your actions.

          -davidu

          • "Please understand that what you are doing is being a poor netizen and not appropriate."

            That is the fault of the person who spoofed the address, not mine. They don't need me to use automated responses to get 10,000 mails, all they need is for people to respond with "don't spam me!". The problem is there whether or not people use automated responders. The victim is in trouble anyway.

            "Please reconsider your actions."

            I reconsidered, and no, I will not stop. If the other guy was using the system I dev

            • That is the fault of the person who spoofed the address, not mine.

              Although I hope it never happens to you, I guess the only way you'll understand is when you personally get joe-jobbed and your server starts to flail for a while as thousands of auto-ack's start /needlessly/ nailing your server in addition to the bounces.

              I guess there are still a lot of selfish people out there...a shame really; didn't your mother teach you to 'share the `net?'

              -davidu

              • "Although I hope it never happens to you,"

                It has happened to me. Happened with the Sobig virus. It wasn't a big deal either. Yeah, I got flooded with email. I wasn't mad at the people with responders (actually it was nice knowing I was spoofed), I was annoyed at the idiot worm writer. It was easy enough to filter them out anyway. You see, with my setup, though that happened, the important mail still got through.

                "I guess there are still a lot of selfish people out there..."

                Oh fuck off. You have
                • If I got 4,000 emails flooding my machine, I'd turn off the rules wizard. Give me some credit, will ya?

                  Sorry to step into the middle of your guys' flamewar, but I have to agree with davidu (not that I expect you to care, nanogator).

                  If a spam/joe-job campaign consists of 10,000,000 email addresses, and one tenth of one percent of all recipients had your software installed, the spoofed mailbox owner would receive 10,000 "notification" emails.

                  I trust that you ARE monitoring your own client and will shut it
                  • "but I have to agree with davidu (not that I expect you to care, nanogator)."

                    It's not that I don't care, it's that I'm not being given any credit here. I'm being treated like I'm going to use my machine to bug other people, nobody's ever given thought that I've considered any of it.

                    " trust that you ARE monitoring your own client and will shut it off if you start sending more than "4000" emails per [some magical threshold],"

                    Dude, you notice when Outlook starts acting up. It's not some magic number, i
                    • I purposely wrote my post in a respectful, non-insulting manner. I was not talking down to you. Just because I don't agree with you doesn't mean I think you're a "malicious moron". I meant nothing personal by my post, please don't take it so (just as your "lack of tact" compaint doesn't deeply hurt me).

                      I'm not pushing any agenda other than "be polite".

                      I don't know you. I can't say whether or not you're a selfish person (and I didn't). I said "it _is_ selfish", and by that, I meant the action of responding
                    • " I meant nothing personal by my post, please don't take it so (just as your "lack of tact" compaint doesn't deeply hurt me)."

                      I reread what you said and what I said and I think I figured out what happened here. When you said I was being selfish, I jumped to the conclusion that you were backing up David's comment about 'my mommy not teaching me how to share'. From what I gather here, my assumption was in error. Sorry man. You can understand I'm a little frusrtrated, right?

                      However, I object to my actio
                    • Hmm.. couldja let me know ya at least read what I said? I think you'd find at least the last bit of interest.
                    • I read your response. I see what you're saying. I don't totally disagree. The problem is that there IS NO GOOD SOLUTION.. )-:

                      Sad, really.

                      S
                    • Agreed. Cheers man.
    • That sounds way too complicated, when all you need is SpamBayes [sourceforge.net]. Honestly, I use Outlook at work, and SpamBayes has cut my spam down to 1-2 per week, with NO false possitives. You can get it as a truly elegant outlook plugin.

      Also, you didn't respond to the question. But if every email program came with good filtering, there would be no need to hunt em down because there wouldn't be any $$$ in the business.

      Sad though it is, all the good blacklist sites are getting DDoSed out of existance. I don't thi
      • "That sounds way too complicated, when all you need is SpamBayes."

        Nar, it's not that complicated. It took me a little bit (15-20 minutes maybe?) to build my initial contact list. After that, setting up the rules was simple. I guess you could say that setting up the email forwarders is 'complicated' as I have to go a couple of places on the site to get to that. However, I could just set up a global address and add new contacts to the rule.

        Is it more complex than your suggestion (which I bookmarked and
        • Well, ok, if you had other things in mind besides spam filtering, I can see going through that process. I would be afraid that people not on my white list wouldn't take the time to write me back when they got a message saying their email didn't go through. However, it all depends on what you use your email address for. In my case, enjoy many of my unsolicited (but non-commercial) emails from people I don't know.
  • As the subject says... Spambayes (with procmail) does my filtering, so it gets stashed in the training/garbage bin. Works great, with excellent accuracy.

    I subscribe to Spamcop (http://spamcop.net) too, which gives me a spam-filtered public email address, and they also do reporting. You send them your spam, they look up whatever complaint addresses they can for the source, relays, and even the URLs linked to in the spam; it just needs a few clicks to shotgun your complaints to all the ISP admins, keeping th
  • I've been using the paid Yahoo mail service. I have my ISP forward all my mail to my yahoo account. Their spam filters are great. Spam goes into the bulk folder and the rest goes into the inbox. I've been using this for a year and it's great. I can read different attechments without downloading them. What I download is scaned for viruses with norton.

  • hmmm (Score:1, Funny)

    by Anonymous Coward
    The only thing that will work or at least provide satisfaction is lots and lots of jail time.
    Preferrably with a cell mate with a very very enlarged penis.
    Oh yeah, and lots of Viagra.
    Death Row would be too humane.
  • Answering the original question -- about tools to help identify and shut down spammers -- nothing helps much. Now that spammers use viruses to hijack thousands of helpless newbies' MS boxes, and make them send the spam through normal channels, nothing much can be done except, perhaps, wiping out ("securing") all those hundreds of thousands of infected relays, along with any other vulnerable hosts yet to be exploited for the purpose.

    Of course that's a job for another virus. While that might be seen as wor

  • i have a hotmail account, and believe it or not, i get 0 spams a day. My email address is something like name number word and its not very guessable. I use it for family, and as you can see, dextr0us @ s p l . a t is my e-mail address for spam. It works quite well.
  • www.spamgourmet.com for email aliases, spamcop.net for spam filters. I get no spam to my personal address. When it starts arriving at work I'll turn on MailScanner's anti-spam filter (currently we only use it for anti-virus).

    Once spam has reached your inbox, you've lost.

  • I use a popular web mail service and a standard email client. I dont get spam becouse Im carefull about who and where I give my info out to and I certainly never post my email address on a newsgroup or web page and I never accept any of the email options if I must sign up for anything. Oh and both of my email addresses are, I hope, non guessable. Beyond that I use rules to sort what email I do get from NYTimes and the linux mailing list. I get about one spam a week from the web mail client provider, and ano

  • My tools are simple (Score:3, Informative)

    by Motherfucking Shit ( 636021 ) on Saturday October 11, 2003 @04:02AM (#7188624) Journal
    Looks like most responses so far aren't addressing the real question - what you use to seek and destroy - and instead are mentioning what they use to avoid spam in the first place. All well and good, but since there aren't many answers to the question at hand, I might as well post mine.

    I generally stick with the basics, whois and traceroute getting the most use. I rarely whois the spamvertised domain itself, unless I'm trying to determine the registrar or its DNS provider... But whois gets a lot of masked use, thanks to the following aliases (bash2, freebsd):
    alias apnic='whois -h whois.apnic.net'
    alias arin='whois -h whois.arin.net'
    alias ripe='whois -h whois.ripe.net'
    So, suppose I get spam with an originating IP of 1.2.3.4, I just grab a shell and type
    [speaker@candletruq]$ arin 1.2.3.4
    If ARIN refers me to RIPE or APNIC, I use the `arin` or `apnic` commands, respectively. Within a couple of seconds, I know which ISP was abused to send the spam, as well as (usually) some administrative contact for that provider. A few more seconds and I have the same information about whichever ISP is hosting the spamvertarget. If you find yourself constantly typing out...
    whois -h whois.arin.net 1.2.3.4
    ...or the appropriate flags to your flavor of whois, setting aliases to point to ARIN/RIPE/APNIC's servers can be a huge timesaver.

    A script I wrote some time ago, called ANAL - get your mind outta the gutter, it stands for Auto NANAS and Lart - takes care of the rest. I paste in the spam, headers and all; then if I'm bothering to report it, I'll also enter in some abuse contacts for the origin/target ISPs. I post the form, the script posts a copy of the spam to the Usenet newsgroup news.admin.net-abuse.sightings, and also sends abuse reports to any email addresses I specified.

    Not necessarily trying to plug myself, but if you've got PHP installed, check out ANAL [shat.net]. You can report spam to the ISP, and also archive a copy in Google Groups (which can help in future spam cases against the same spammer or spam-friendly ISP) at the same time.

    Yes, I actually named one of my machines candletruq.
  • First off, realise that treating the symptoms doesn't work. This means that C/R is considered harmful [netcom.com], as is address munging [interhack.net]. It is still possible in this day and age to stay sane with just one email address without spamtrapping.

    Procmail [procmail.org] is your friend. Use it. In conjunction with SpamAssassin [spamassassin.org], you can filter it off to a folder to go send to SpamCop [spamcop.net] at your earliest convienence. While SpamCop officially discourages doing so, setting your mail server to reject based on the RBL bl.spamcop.net [spamcop.net] will save

  • Translation: I am trying to bypass anti-spam measures and I want to know what my targets are.
  • I use a number of levels of filtering:
    1. Sendmail - Claus ABman has some suggested rules for eliminating bogus AOL addresses, bad message IDs, etc. I just use those, plus some of my own "Subject:" filters
    2. DCC [rhyolite.com] rejects spam based on how often myself and others have seen it, with a distributed database of hard and fuzzy checksums. It is part of Spam Assassin, and I plan to include that soon, too.
    3. Procmail is my third level of filtering.
    4. For the crap that gets through, I mark it as spam to levels 2 (automati
  • I use SpamAssassin to sort and tag the spam server-side, with my threshold set at 5. Or rather I should say the ISP hosting my domain uses SpamAssassin, I don't have full control over the mail server.

    Then I use Mailwasher [mailwasher.net] mainly to preview the messages on the server before downloading them. Mailwasher has its own filters to tag and bag spam, and they're pretty good. Do NOT use Mailwasher's fake bounce feature, it only contributes to the problem. I get the full source of the messages before downloading and
  • 3 months of tedious training (marking spam as Junk) has paid of quite well. Haven't had a single spam get through in 8 months. IIRC I think it uses some sort of Bayesian filtering. I highly recommend going through a few months of training at least, since at the beinging I would get a few false positives. Now however I don't know how I could ever live without it.

    Just my 2 cents.
  • Spamassin's Bayesian rules are much improved for version 2.60. Unfortunately their unsupervised learning method (that is applied globally) causes
    drift. It uses different rules when it classifies your mail from what it uses when it trains its database.

    The solution is to write a script that applies spamassassin. If it classifies your mail as spam, have your script pipe it to "sa-learn --spam"; if
    it classifies your mail as ham, pipe it to "sa-learn --ham". You also have to make sure to correct it when it
  • I have used blackhole/razor for quite some time but found it to be disappointing. I am totally in love with "ASSP" or Anti-Spam Server Proxy. The project page is at http://assp.sourceforge.net . As someone who gets 150-200 spams a DAY, this has cut it down to 3-4. It's a Bayesian filter with tons of cool features like auto-whitelist and web-based config. It can even run on the same server as your MTA, just change your SMTP service to use something other than port 25, then have ASSP run on port 25. I hi
  • I use a sendmail milter called MimeDefang, which works in conjuction with SpamAassassin. I have users info ( whitelists, thresholds, etc..) stored in a mysql backend. Seems to work great. Many thanks to the Folks and MimeDefang and SpamAssassin for providing such great products.

  • On the server:

    rblsmtpd (DNS-based block lists) in front of qmail

    DSPAM [nuclearelephant.com] filtering pre-delivery

    SpamCop [spamcop.net] for the ones who make it through.

    I'm planning to add SpamCop reporting for the messages that DSPAM catches and there is also ongoing development in the project that will log IP addresses of machines delivering SPAM for local RBL use.
  • I welcome spam with open arms. After all, I'd hate to cut off my easiest revenue source [packetvision.net]. If you find any Nigerian millionaires, be sure to send them my way [packetvision.net].

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close