To bounce or not to bounce?
Cunning Artificer
Joined: Jun 2001
Posts: 3,125
Likes: 7
From: The spiritual home of DeHavilland
In the end its the ISPs that have the solution in their hands. They could easily detect spamming and stop it - after all, its their bandwidth thats being wasted. Charging 1 Cent for ten messages and waiving all charges below $10 would work well enough I'd imagine. The two hundred and fifteen Spams I just deleted must have come from somewhere. One day soon everyone with an internet account will be getting several hundred a day and even if they manage to direct them to 'dead' letter boxes they will still be gumming up the system.
Most Spam is for products that people wouldn't like to be seen buying in public - Anything for the weekend Sir? non-prescription Viagra, Loan sharking, Porno sites, Penis enlargement, University degrees without studying etc. I'm sure most of these activities are fraudulent scams that could be stopped by backtracking to the advertised service, closing them down and prosecuting the fraudsters. Nothing is done because it isn't seen as a problem by our authorities, but it is a problem - and a growing one. We're already back to using Faxes for important business.
**************************
Through difficulties to the cinema
Most Spam is for products that people wouldn't like to be seen buying in public - Anything for the weekend Sir? non-prescription Viagra, Loan sharking, Porno sites, Penis enlargement, University degrees without studying etc. I'm sure most of these activities are fraudulent scams that could be stopped by backtracking to the advertised service, closing them down and prosecuting the fraudsters. Nothing is done because it isn't seen as a problem by our authorities, but it is a problem - and a growing one. We're already back to using Faxes for important business.
**************************
Through difficulties to the cinema
The Oracle
Joined: Aug 2001
Posts: 2,902
Likes: 0
From: Naples, Florida U.S.A.
Blacksheep,
All the spammers would do is hack into someone else's system and send them from there.
Take Care,
Richard
Charging 1 Cent for ten messages and waiving all charges below $10 would work well enough I'd imagine.
Take Care,
Richard
'nough said
Joined: Sep 2002
Posts: 1,025
Likes: 0
From: Raynes Park
Anybody got any experience of spamassassin? My server gives me the option of switching it on - I'm not sure whether to do so or not at this stage as I'm reasonably green on the Linux front..
tks in antic
tks in antic
Joined: Mar 2002
Posts: 448
Likes: 0
From: London, UK
Apologies for not yet posting my reply on the big spam issue -- hopefully later today 
However, on the issue of Spamassassin, it 's a very good piece of software, however, it does require quite a lot of "grunt" if you recieive a lot of email. Does your hosting provider indicate how it's integrated into the mail delivery process on your system ? There are a number of ways of doing this, which have their own pros and cons.
HTH,
RTFM
However, on the issue of Spamassassin, it 's a very good piece of software, however, it does require quite a lot of "grunt" if you recieive a lot of email. Does your hosting provider indicate how it's integrated into the mail delivery process on your system ? There are a number of ways of doing this, which have their own pros and cons.
HTH,
RTFM
Official PPRuNe Chaplain
Joined: Apr 2001
Posts: 3,498
Likes: 0
From: Witnesham, Suffolk
I'm amazed nobody has mentioned Spamcop. I've been using it for years, and am very pleased with it.
It does several things: first, all mail to my "published" address gets forwarded to my Spamcop address. That checks it against the Spamcop and several other "blacklists" plus my own blacklist and whitelist. Mail that passes that is forwarded to my "secret" address and comes in with the incoming mail.
Everything that fails is held on Spamcop, and once a day or so I check the list - just read the sender name and subject - and usually click "Select All" and "Report". That analyses the headers and sends a formal complaint back to the originating ISP. Most originating ISPs are in the USA (particularly prolific spamsources are Attbi.com, Bell.ca, RR.com and Verizon) or in China/Japan/Korea/Brazil. Most of those completely ignore Spamcop reports, but at least something is done.
I don't download the offending Spam at all so save my connect charges.
I get the occasional false "positive" such as when AOL or Compusmurf gets blacklisted, and the very very occasional Spam gets through. That's rare.
Spamcop can also be configured to collect your mail from POP mailboxes if your ISP doesn't allow forwarding.
I've never tried the other methods suggested here, because Spamcop does it for me.
There is one snag - Spamcop's "header parsing" is very aggressive, and will pick your ISP as the Spam source if the ISP's reverse DNS is misconfigured. I've had to do some nagging to get that fixed at a certain ISP that shall be nameless...
It does several things: first, all mail to my "published" address gets forwarded to my Spamcop address. That checks it against the Spamcop and several other "blacklists" plus my own blacklist and whitelist. Mail that passes that is forwarded to my "secret" address and comes in with the incoming mail.
Everything that fails is held on Spamcop, and once a day or so I check the list - just read the sender name and subject - and usually click "Select All" and "Report". That analyses the headers and sends a formal complaint back to the originating ISP. Most originating ISPs are in the USA (particularly prolific spamsources are Attbi.com, Bell.ca, RR.com and Verizon) or in China/Japan/Korea/Brazil. Most of those completely ignore Spamcop reports, but at least something is done.
I don't download the offending Spam at all so save my connect charges.
I get the occasional false "positive" such as when AOL or Compusmurf gets blacklisted, and the very very occasional Spam gets through. That's rare.
Spamcop can also be configured to collect your mail from POP mailboxes if your ISP doesn't allow forwarding.
I've never tried the other methods suggested here, because Spamcop does it for me.
There is one snag - Spamcop's "header parsing" is very aggressive, and will pick your ISP as the Spam source if the ISP's reverse DNS is misconfigured. I've had to do some nagging to get that fixed at a certain ISP that shall be nameless...
Joined: Apr 2002
Posts: 23
Likes: 0
From: Not far from LPPT
Blacksheep
Most commercial users are charged for the e-mails they send.
Most Internet connection contracts are made on the basis of
bandwidth usage. The customer pays for all traffic, e-mail included.
So, if the spammers are already paying a small amount, increasing
the cost by 100% or 200% wouldn't be a deterrent to spammers, and
would also be unfair to those who are legitimate users.
As for the solution being in the hands of the ISPs, it isn't so.
E-mail traffic looks all the same.
Humans are capable of detecting SPAM, but to be able to do that
with a computer and software is a very complex problem (as it is
evident by the rates of false negatives and false positives you
get on anti-spam software).
The main problem is the e-mail infra-structure itself. It was
created when the Internet was a “gentleman's club”. Most of
these gentlemen (and ladies) where academics, and trusted
each-other.
This caused the e-mail system to be completely open as there
was no need to check the credentials of the users who sent
e-mail messages (and this wasn't exclusive to e-mails, some
other protocols were based on trust).
In order to get the spam problem under control I think it
would be necessary to re-think and re-implement the technical
infra-structure and policies that support e-mail traffic.
It would be necessary to implement technical and administrative
infra-structures for user-authentication (making sure the senders
are who they say they are), verification (in order to handle
requests of recipients who wish to verify that a certain e-mail
was sent by the sender) and some way to enforce rules in a
efficient and fair manner. (to deal with users and providers
who have abused their privileges and infringed on mail recipients'
rights)
Meanwhile, the burden is mostly on the user, as it is the user who
has the means to detect the spam that arrives on his inbox, and also
must exercise care as to whom and where the user supplies his e-mail
address.
Views, critique and discussion welcome.
Regards
CS-DNA
Most commercial users are charged for the e-mails they send.
Most Internet connection contracts are made on the basis of
bandwidth usage. The customer pays for all traffic, e-mail included.
So, if the spammers are already paying a small amount, increasing
the cost by 100% or 200% wouldn't be a deterrent to spammers, and
would also be unfair to those who are legitimate users.
As for the solution being in the hands of the ISPs, it isn't so.
E-mail traffic looks all the same.
Humans are capable of detecting SPAM, but to be able to do that
with a computer and software is a very complex problem (as it is
evident by the rates of false negatives and false positives you
get on anti-spam software).
The main problem is the e-mail infra-structure itself. It was
created when the Internet was a “gentleman's club”. Most of
these gentlemen (and ladies) where academics, and trusted
each-other.
This caused the e-mail system to be completely open as there
was no need to check the credentials of the users who sent
e-mail messages (and this wasn't exclusive to e-mails, some
other protocols were based on trust).
In order to get the spam problem under control I think it
would be necessary to re-think and re-implement the technical
infra-structure and policies that support e-mail traffic.
It would be necessary to implement technical and administrative
infra-structures for user-authentication (making sure the senders
are who they say they are), verification (in order to handle
requests of recipients who wish to verify that a certain e-mail
was sent by the sender) and some way to enforce rules in a
efficient and fair manner. (to deal with users and providers
who have abused their privileges and infringed on mail recipients'
rights)
Meanwhile, the burden is mostly on the user, as it is the user who
has the means to detect the spam that arrives on his inbox, and also
must exercise care as to whom and where the user supplies his e-mail
address.
Views, critique and discussion welcome.
Regards
CS-DNA
