What's in Your Spam-Fighting Arsenal? 56
Spamhunter asksL "Everyone has their favorite tools to stop spam at the inbox, whether it's using a scoring tool like SpamAssassin, bayesian filters, or something as extreme as challenge/response whitelists (which creates a few problems itself). What I'd like to know is, what are your tools for actively investigating and shutting down spammers? I've found information sites like SPEWS and Spamhaus to be invaluable in tracking down spam gangs and spam-friendly ISP's in order to put pressure where it belongs. Sometimes just chasing the chain of ownership in WHOIS is helpful. What tools, approaches, and resources do you find helpful?"
Just Mozilla (Score:2)
Re:Just Mozilla (Score:2)
Re:Just Mozilla (Score:2)
Generally, messages that leak through have bizarre subjects or contents are easily to identify. Mozilla does a remarkable job (for me at least) in getting rid of the spam that looks like generic mail.
Re:Just Mozilla (Score:2)
SpamAssassin (Score:2)
I've had the same setup for several months, and I only have about 1 to 2 mistakes a month. A mix of various techniques is really the only way to go.
Mozilla Thunderbird (Score:2)
Re:Mozilla Thunderbird (Score:1)
Thunderbird only does websites.
Re:Mozilla Thunderbird (Score:2)
Firebird does websites
Thunderbird does mail
Re:Mozilla Thunderbird (Score:1)
Good call!
Ehh... Sorry.
Outlook's Rules Wizard (Score:2)
Also, I have a few forwarders. If I register with Best Buy, for example, then I create a bestbuy@mydomain.com address for them and register with that. So if I get SPAM there, I just turn that forwarder off.
When somebody emails me and they're not on my list, they get a message back saying "Didn't get your message with human readable instru
Re:Outlook's Rules Wizard (Score:2)
Any "solution" that autoreplies to email based on who it purports to be from is broken and needs to be fixed. Sending autoreplies to spam just causes somebody's legitimate inbox to fill with garbage whenever the spammers use that innocent party's address in their spam. Naturally since you personally don't see any of these nasty side effects it must not b
Re:Outlook's Rules Wizard (Score:2)
If I were sending out a bunch of messages, I'd agree with you. But I'm not.
" Sending autoreplies to spam just causes somebody's legitimate inbox to fill with garbage whenever the spammers use that innocent party's address in their spam."
BzzT sorry.
1.) Outlook 2000 only sends one message to a recipient per session.
2.) The message that is sent back is pretty clear: Somebody sent me an email
Re:Outlook's Rules Wizard (Score:2)
Except when 10,000 other people do the same thing...
Please understand that what you are doing is being a poor netizen and not appropriate. I'm glad it makes *your* life easier but it makes others lives more difficult. Please reconsider your actions.
-davidu
Re:Outlook's Rules Wizard (Score:2)
That is the fault of the person who spoofed the address, not mine. They don't need me to use automated responses to get 10,000 mails, all they need is for people to respond with "don't spam me!". The problem is there whether or not people use automated responders. The victim is in trouble anyway.
"Please reconsider your actions."
I reconsidered, and no, I will not stop. If the other guy was using the system I dev
Re:Outlook's Rules Wizard (Score:2)
Although I hope it never happens to you, I guess the only way you'll understand is when you personally get joe-jobbed and your server starts to flail for a while as thousands of auto-ack's start /needlessly/ nailing your server in addition to the bounces.
I guess there are still a lot of selfish people out there...a shame really; didn't your mother teach you to 'share the `net?'
-davidu
Re:Outlook's Rules Wizard (Score:2)
It has happened to me. Happened with the Sobig virus. It wasn't a big deal either. Yeah, I got flooded with email. I wasn't mad at the people with responders (actually it was nice knowing I was spoofed), I was annoyed at the idiot worm writer. It was easy enough to filter them out anyway. You see, with my setup, though that happened, the important mail still got through.
"I guess there are still a lot of selfish people out there..."
Oh fuck off. You have
Re:Outlook's Rules Wizard (Score:2)
Sorry to step into the middle of your guys' flamewar, but I have to agree with davidu (not that I expect you to care, nanogator).
If a spam/joe-job campaign consists of 10,000,000 email addresses, and one tenth of one percent of all recipients had your software installed, the spoofed mailbox owner would receive 10,000 "notification" emails.
I trust that you ARE monitoring your own client and will shut it
Re:Outlook's Rules Wizard (Score:2)
It's not that I don't care, it's that I'm not being given any credit here. I'm being treated like I'm going to use my machine to bug other people, nobody's ever given thought that I've considered any of it.
" trust that you ARE monitoring your own client and will shut it off if you start sending more than "4000" emails per [some magical threshold],"
Dude, you notice when Outlook starts acting up. It's not some magic number, i
Re:Outlook's Rules Wizard (Score:1)
I'm not pushing any agenda other than "be polite".
I don't know you. I can't say whether or not you're a selfish person (and I didn't). I said "it _is_ selfish", and by that, I meant the action of responding
Re:Outlook's Rules Wizard (Score:2)
I reread what you said and what I said and I think I figured out what happened here. When you said I was being selfish, I jumped to the conclusion that you were backing up David's comment about 'my mommy not teaching me how to share'. From what I gather here, my assumption was in error. Sorry man. You can understand I'm a little frusrtrated, right?
However, I object to my actio
Re:Outlook's Rules Wizard (Score:2)
Re:Outlook's Rules Wizard (Score:2)
Sad, really.
S
Re:Outlook's Rules Wizard (Score:2)
Re:Outlook's Rules Wizard (Score:2)
Also, you didn't respond to the question. But if every email program came with good filtering, there would be no need to hunt em down because there wouldn't be any $$$ in the business.
Sad though it is, all the good blacklist sites are getting DDoSed out of existance. I don't thi
Re:Outlook's Rules Wizard (Score:2)
Nar, it's not that complicated. It took me a little bit (15-20 minutes maybe?) to build my initial contact list. After that, setting up the rules was simple. I guess you could say that setting up the email forwarders is 'complicated' as I have to go a couple of places on the site to get to that. However, I could just set up a global address and add new contacts to the rule.
Is it more complex than your suggestion (which I bookmarked and
Re:Outlook's Rules Wizard (Score:2)
Spambayes for filtering, Spamcop to whack'em (Score:1)
I subscribe to Spamcop (http://spamcop.net) too, which gives me a spam-filtered public email address, and they also do reporting. You send them your spam, they look up whatever complaint addresses they can for the source, relays, and even the URLs linked to in the spam; it just needs a few clicks to shotgun your complaints to all the ISP admins, keeping th
Yahoo (Score:1)
hmmm (Score:1, Funny)
Preferrably with a cell mate with a very very enlarged penis.
Oh yeah, and lots of Viagra.
Death Row would be too humane.
Nothing (Score:2)
Of course that's a job for another virus. While that might be seen as wor
hotmail account (Score:2)
Two services (Score:2)
Once spam has reached your inbox, you've lost.
Absolutley nothing! (Score:1)
My tools are simple (Score:3, Informative)
I generally stick with the basics, whois and traceroute getting the most use. I rarely whois the spamvertised domain itself, unless I'm trying to determine the registrar or its DNS provider... But whois gets a lot of masked use, thanks to the following aliases (bash2, freebsd): So, suppose I get spam with an originating IP of 1.2.3.4, I just grab a shell and type If ARIN refers me to RIPE or APNIC, I use the `arin` or `apnic` commands, respectively. Within a couple of seconds, I know which ISP was abused to send the spam, as well as (usually) some administrative contact for that provider. A few more seconds and I have the same information about whichever ISP is hosting the spamvertarget. If you find yourself constantly typing out... ...or the appropriate flags to your flavor of whois, setting aliases to point to ARIN/RIPE/APNIC's servers can be a huge timesaver.
A script I wrote some time ago, called ANAL - get your mind outta the gutter, it stands for Auto NANAS and Lart - takes care of the rest. I paste in the spam, headers and all; then if I'm bothering to report it, I'll also enter in some abuse contacts for the origin/target ISPs. I post the form, the script posts a copy of the spam to the Usenet newsgroup news.admin.net-abuse.sightings, and also sends abuse reports to any email addresses I specified.
Not necessarily trying to plug myself, but if you've got PHP installed, check out ANAL [shat.net]. You can report spam to the ISP, and also archive a copy in Google Groups (which can help in future spam cases against the same spammer or spam-friendly ISP) at the same time.
Yes, I actually named one of my machines candletruq.
Re:My tools are simple (Score:1)
My (quite effective) approach (Score:2)
Procmail [procmail.org] is your friend. Use it. In conjunction with SpamAssassin [spamassassin.org], you can filter it off to a folder to go send to SpamCop [spamcop.net] at your earliest convienence. While SpamCop officially discourages doing so, setting your mail server to reject based on the RBL bl.spamcop.net [spamcop.net] will save
Re:My (quite effective) approach (Score:2)
I'm sure there is, but why bother? Spammers don't care about the law. Creating viruses to make open relays pretty much says it all. Then add in DDOS's, false advertising, illegal products, etc., and I think you get the idea. Spammers don't care about the law, except when it benefits them.
Suspicious (Score:2)
My toolset (Score:1)
Several layers of paranoia (Score:2, Interesting)
Then I use Mailwasher [mailwasher.net] mainly to preview the messages on the server before downloading them. Mailwasher has its own filters to tag and bag spam, and they're pretty good. Do NOT use Mailwasher's fake bounce feature, it only contributes to the problem. I get the full source of the messages before downloading and
Apple Mail.app (Score:2)
Just my 2 cents.
Personal Spamassassin 2.60 (Score:2)
drift. It uses different rules when it classifies your mail from what it uses when it trains its database.
The solution is to write a script that applies spamassassin. If it classifies your mail as spam, have your script pipe it to "sa-learn --spam"; if
it classifies your mail as ham, pipe it to "sa-learn --ham". You also have to make sure to correct it when it
ASSP (Score:1)
MimeDefang and SpamAssassin (Score:1)
A Layered Approach... (Score:1)
On the server:
rblsmtpd (DNS-based block lists) in front of qmail
DSPAM [nuclearelephant.com] filtering pre-delivery
SpamCop [spamcop.net] for the ones who make it through.
I'm planning to add SpamCop reporting for the messages that DSPAM catches and there is also ongoing development in the project that will log IP addresses of machines delivering SPAM for local RBL use.
Simple... I invoice the spammers for $500 a pop (Score:2)
Home grown tools (Score:1)