Computer/Internet Issues & Troubleshooting Anyone with questions about the terribly complex world of computers or the internet should try here. NOT FOR REPORTING ISSUES WITH PPRuNe FORUMS! Please use the subforum "PPRuNe Problems or Queries."

spam spam spam

Old 3rd Jun 2007, 21:00
  #1 (permalink)  
Thread Starter
 
Join Date: Jun 2003
Location: EuroGA.org
Posts: 13,787
Likes: 0
Received 0 Likes on 0 Posts
spam spam spam

Just a few random observations...

Up to about a year or two ago, 99% of spam was addressed using BCC. This made it easy to get rid of it - just treak all email not addressed to you (i.e. whose To: header is not your email address) as spam, bulk mail, whatever you call it.

Now, virtually all of it is addressed To: the recipient directly.

The spammers are also scanning a given IP for multiple domains; this can yield group companies etc on a common www server. They then spam from one domain to the other. This probably works since most companies will whitelist inter-group emails.

They also scan your website and pull off keywords. They then stuff these within the random text in their emails. This again works because many companies will have whitelisted names of their products.

Spamcop is now a right royal pain in the a*se. That database blacklists just about every ISP some of the time, some more than others. Unfortunately, sysadmins have not yet woken up to this and many email systems summarily dump all incoming emails if they appear on the spamcop IP database, and this is responsible for vast numbers of "missing" emails.

On a random check of the ~ 10,000 spams we get per day at work, about 75% of them would be removed if we dumped by Spamcop IPs. This still leaves 2,500 spams per day - far too many - and also dumps a load of emails from real potential customers...

We have a very good system now, which uses a combination of features, but it took a lot of doing. It is virtually certain to not lose a genuine incoming email from somebody who has never been in contact with us before.
IO540 is offline  
Old 3rd Jun 2007, 23:01
  #2 (permalink)  
 
Join Date: Nov 2002
Location: 39N 77W
Posts: 1,630
Likes: 0
Received 0 Likes on 0 Posts
I have an email account at a very well know organization. About a year ago they installed P****p**** to examine incoming email. It reports the messages it catches so that one can examine them if desired. I have have never seen it make a mistake during this year. All the desired messages get through, all the spam gets caught. It works so well that I'm getting so lazy I no longer look at the "catch" reports.

I wish my main email server for personal mail did as well.

I wager the organization pays a handsome sum for this system. It's worth it.

seacue
seacue is offline  
Old 4th Jun 2007, 15:48
  #3 (permalink)  
 
Join Date: Jul 2001
Location: U.K.
Posts: 805
Likes: 0
Received 0 Likes on 0 Posts
My ISP, plus.com got hacked the other week and tons and tons of e-mail addresses got out to the spammers. Red faces at Plus - several apologetic e-mails and every day the job of deleting the spam from each of my e-mail boxes became a pain. They have now introdiced some excellent antispam software and the problem has stopped although all the e-mails I expect still get through. I only wish that my old ISP, Freeserve/Wannado/Orange could do the same as I still receive e-mails from my mailbox there. A few I need, but most are spam.

P.P.
P.Pilcher is offline  
Old 4th Jun 2007, 18:42
  #4 (permalink)  
Thread Starter
 
Join Date: Jun 2003
Location: EuroGA.org
Posts: 13,787
Likes: 0
Received 0 Likes on 0 Posts
What is "P****p**** " ?

There is no solid way to recognise junk. It's basically impossible to do. Nowadays, a lot of spam is some innocuous text (taken out of some story book) and attached to it is a GIF within which is the price list for the "medicines" or whatever.

We use a challenge device as the last barrier; this asks the sender to REPLY to a message. Spammers don't receive back anything so they don't reply. However, this system nearly got us kicked off the ISP because we got hit by a clever inter-domain attack which triggered so many challenges it made us look like a spammer...

So, the most recent tweak to our antispam system at work is dumping all "unknown" incoming emails (i.e. which don't appear on our whitelist, or don't match anything on the keyword list) if they have a GIF attached. That removed at least 90% of the required challenges. This will unfortunately dump any email from a previously unknown customer if it has a GIF attached, but this combination is extremely rare. Most normal people never use GIF; they use Jpegs etc for images.

If somebody has an email address that is unusual (not e.g. [email protected] which will always get hit, but which must be retained) then fighting spam is much easier.
IO540 is offline  
Old 4th Jun 2007, 20:15
  #5 (permalink)  
Spoon PPRuNerist & Mad Inistrator
 
Join Date: Sep 2003
Location: Twickenham, home of rugby
Posts: 7,374
Received 234 Likes on 152 Posts
Interesting UK launch of Goodmail's CertifiedEmail service - press release here.

It may be a way forward, in combination with tighter control on and by ISPs.

Time will tell.

SD
Saab Dastard is offline  
Old 4th Jun 2007, 21:28
  #6 (permalink)  
 
Join Date: Nov 1999
Location: A little world of my own - Planet Spandit
Posts: 510
Likes: 0
Received 0 Likes on 0 Posts
I feel sorry for the system adminstrators at null.com - I direct all my dodgy stuff there when I am trying to access dodgy sites

A great website if you are doing as I do is trashmail - you can create a temporary e-mail address for those sites that you wouldn't give your normal address to
Richard Spandit is offline  
Old 5th Jun 2007, 06:14
  #7 (permalink)  
Thread Starter
 
Join Date: Jun 2003
Location: EuroGA.org
Posts: 13,787
Likes: 0
Received 0 Likes on 0 Posts
The Google offering reminds me of Verisign.

Obviously it will cost money to get the certificate, which means most of the world will never sign up.

And all the time you might get emails from people who haven't signed up, you still have to implement the same antispam measures.

It may well help with legitimate bulk mail. I have a neighbour who does this for a living. He has a team of people who spend all day working out ways to get around customers' spam filters. This way, if a customer wants to receive bulk mailings from say Levi Jeans he can stick their certificate into his whitelist. But this is easily achieved right now, by giving Levi an unusual email address and putting that in your whitelist.
IO540 is offline  
Old 21st Sep 2007, 10:18
  #8 (permalink)  
 
Join Date: May 2003
Location: Gt. Yarmouth, Norfolk
Age: 68
Posts: 799
Likes: 0
Received 0 Likes on 0 Posts
So, which provider would you all recomend for a personal email account? My btinternet account now gets hit with huge amounts of spam. Alot is taken out by their filters but I cannot rely on it. Every so often it bins legitimate mail, often from sources it has previously let through. Are some email providers better than others? I have a flyer.co.uk address which I don't currently use much. I guess if I did it would start to receive spam.
Justiciar is offline  
Old 21st Sep 2007, 15:42
  #9 (permalink)  

Official PPRuNe Chaplain
 
Join Date: Apr 2001
Location: Witnesham, Suffolk
Age: 80
Posts: 3,498
Likes: 0
Received 0 Likes on 0 Posts
There's no easy answer, and some of the "solutions" on the market are a pain. When I send an e-mail and get back a message telling me "I really want to receive your e-mail but I'm not going to unless you answer this e-mail", I ask myself "how much do I really want to communicate with this rude person?"

I use Spamcop, with NO blacklists, just the SpamAssassin filter set to 3. That lets less than 1% of all spam through, and "blocks" about one genuine message a month (based on a fairly careful read through the held mail folder). I Spamcop-report all the stuff to my personal address that it traps. I have a separate Spamcop account for the "official" stuff.

Spamcop isn't perfect, but in my experience nor does it blacklist ISPs unless they have been sending Spam. It's just a pity that it won't blacklist the US ISPs that are the source of much of my spam - rr and verizon - and of course t-ipnet.de, telecomitalia.com, and tpnet.pl. I've blocked the countries .cn, .ru, .hk, .jp, .th, .ar, .mx, .ro and .br so I don't know how much is coming from there these days.
Keef is offline  
Old 21st Sep 2007, 15:55
  #10 (permalink)  

Official PPRuNe Chaplain
 
Join Date: Apr 2001
Location: Witnesham, Suffolk
Age: 80
Posts: 3,498
Likes: 0
Received 0 Likes on 0 Posts
Justiciar

Whichever ISP you use, or whichever "new" address you set up, sooner or later it will leak out and spam will start to arrive.

At that point, the question is "Run, or Filter?" If you change your e-mail address and dump the old one, that has problems of its own.

What I've done, and works fairly well, is to set up a different, totally secret e-mail address that receives filtered mail. That one's safe, and nobody knows it.

Then, I bought a couple of domains (well, more actually, but mostly for official purposes) each with e-mail forwarding and 20 addresses plus an "all other mail goes here". They cost just over £3 a year, which I reckon I can afford. (I use Fasthosts as registrar - easy to do online). I use one for close friends and family. For people and sites I don't trust fully, I create a specific address for that person/site - so, for example, I have [email protected] and [email protected]. Those addresses aren't specified on keefsspamtrap.org - the "all other mail" feature handles them.

keefsspamtrap forwards to Spamcop, which filters the mail and sends me the expurgated version. The family one forwards straight to the secret address.

If the problem gets too bad on a specific address, I just dump that address (or create a rule for it). The spam disappears into a black hole; genuine writers get their message back telling them that address is no longer in use.

That's a lot cheaper and a lot more flexible than changing ISP. I change ISP based on reliability and performance.
Keef is offline  
Old 21st Sep 2007, 20:08
  #11 (permalink)  
 
Join Date: May 1999
Location: Quite near 'An aerodrome somewhere in England'
Posts: 26,783
Received 257 Likes on 103 Posts
I must be very lucky - my ISP's spam filter kills most spam very quickly these days.

No need for that Godzilla thing either - just normal Outlook Express via IE6 and XP Pro.

On Thursdays and Fridays, there's usually some stupid 'big willy' or 'free medicine' crap - but that's all. The ISP seems to know what's what - and kills it stone dead.

I long to see a spammer sent to jail to do a few months as Big Ron's new girlfriend - with only prison soap to make the widening of his circle of friends slightly less painful....
BEagle is online now  
Old 21st Sep 2007, 20:56
  #12 (permalink)  

Official PPRuNe Chaplain
 
Join Date: Apr 2001
Location: Witnesham, Suffolk
Age: 80
Posts: 3,498
Likes: 0
Received 0 Likes on 0 Posts
My ISP's spam filter did a pretty hefty job too. Trouble is, it blocked a fair proportion of genuine e-mails. And, of course, I didn't know. That caused me a few problems, so I switched that off and rely totally on Spamcop.
Keef is offline  
Old 21st Sep 2007, 23:08
  #13 (permalink)  
Spoon PPRuNerist & Mad Inistrator
 
Join Date: Sep 2003
Location: Twickenham, home of rugby
Posts: 7,374
Received 234 Likes on 152 Posts
with only prison soap to make the widening of his circle of friends slightly less painful
You are too generous Beagle.

SD
Saab Dastard is offline  
Old 22nd Sep 2007, 05:19
  #14 (permalink)  

Plastic PPRuNer
 
Join Date: Sep 2000
Location: Cape Town
Posts: 1,898
Received 0 Likes on 0 Posts
My ISP filters spam and scans for malware - I hardly ever even see spam. If yours doesn't then push 'em to do so.

And on Windows, Mailwasher Pro - http://www.mailwasher.net/ - takes care of the few that creep through so I can auto/delete them before they even get to me.

Mac the Knife is offline  
Old 22nd Sep 2007, 10:11
  #15 (permalink)  
Thread Starter
 
Join Date: Jun 2003
Location: EuroGA.org
Posts: 13,787
Likes: 0
Received 0 Likes on 0 Posts
Unfortunately, what Keef describes as "rude" is necessary for a business which gets perhaps 10k spams per day and doesn't want to lose emails from real people who have NOT previously been in contact.

We run such a "challenge" based system at work, but to get challenged your email passes through some tests first and these dump at least 98% of spam without a challenge.

The challenge system is needed if one is to run addresses like [email protected] which will always get spammed, but they still have to work.

Spam FILTERING (keywords, IP etc) worked until about a year ago but not any more. Any attempt to use filters today will dump some real emails, especially those from people who are running their own SMTP servers (like me).

Many people don't care about losing emails, but I do.

We used to run Mailwasher but it doesn't work anymore. Somebody still had to read through the emails. In the end I had about 50 filters hooked up into it... all kinds of clever stuff like dumping emails which contained HTML font specifications in the Subject header Until you get a real live customer who decides to underline something in his Subject......

I have already written copious amounts here on how to get email working and avoid spam, so here's just a summary:

Assuming Justiciar is unable to run his own email server, I would suggest the following:

Buy yourself a domain e.g. justiciar.co.uk - you can get this from any of many outfits. Personally I use Virtualnames and they will do email and web redirection etc also. In fact I think they do complete email accounts now.

Then set up the control panel at VN to DUMP all emails sent to the justiciar.co.uk domain - EXCEPT those addressed to one real alias e.g. [email protected]

This will get rid of virtually all spam, permanently.

The only spam that will get through will be

(a) Spammers whose name-dictionary attacks happened to stumble upon the alias (most unlikely if you use fred23 but more likely if you use say steve, or john.smith).

(b) Spam resulting from your friends' address books which have been ripped off by Outlook address book harvesting trojans - typically these will be the "less computer literate" friends of yours This is getting less common, because the trojans in question are quite big executables and a lot of ISPs are checking for them.

But if you get too much spam, eventually, change to fred24 and tell your contacts...

Everybody should buy themselves a domain name. It's an "address for life", costs next to nothing, and you can then run a website (hosted by almost any ISP) on it i.e. www.justiciar.co.uk

Hope this helps - J. email me if you need any help (we have been in contact).
IO540 is offline  
Old 22nd Sep 2007, 13:12
  #16 (permalink)  

Official PPRuNe Chaplain
 
Join Date: Apr 2001
Location: Witnesham, Suffolk
Age: 80
Posts: 3,498
Likes: 0
Received 0 Likes on 0 Posts
What IO540 is suggesting is the "mirror image" of mine. I don't get 10,000 spams a day (more like around 500), and the spam-handling processes I have work flawlessly for me. None of the businesses I deal with send out those "reply to this so we can read your e-mail" - being a stroppy s-o-s underneath, I probably wouldn't do business with an outfit that did.

I have the "personal domains" thing, and have dumped a few "personalised" e-mail addresses, in that they now forward via Spamcop, which takes care of them. The problem was caused by a variety of lovely clergymen who are really not "with it" when it comes to Internet security, and had their machines thoroughly infected with harvester bots and all sorts of other nasties. When that got serious, I set up a second Spamcop address to handle "official" stuff, because I couldn't "dump" the official addresses.

It's a case of "what works best for you". Spamcop is fine, ISP filters tend to be a bit over-aggressive and might well zap the message from great-aunt Nellie. Mailwasher is not much help because you have to download the mail before it does its thing (or did when I last looked). That defeats the point, in my view.
Keef is offline  
Old 22nd Sep 2007, 17:55
  #17 (permalink)  
Thread Starter
 
Join Date: Jun 2003
Location: EuroGA.org
Posts: 13,787
Likes: 0
Received 0 Likes on 0 Posts
I am with you Keef of course, but I absolutely maintain that people should avoid any email system (which could mean avoiding a whole ISP) which does any kind of anti spam activity whatsoever.

It's more trouble than it is worth. I guarantee that my email sending is 100.000% secure and I never ever send out spam or anything infected. Yet, I estimate 1/3 of people I write to have my emails classified as spam, often with a "percentage probability" attached. The only basis on which this may be happening is (a) my IP or (b) my email address having been hijacked in the past, and neither of these are valid reasons for blacklisting me (basically, because they are innocent).

The passing of your emails via Spamcop, AIUI, does involve Spamcop doing some kind of filtering.

What I suggest is a decent futureproof solution which should always work, and is easy to manage.

One will never get ahead of spammers; that's impossible. All one can do is have a fairly unique address which they can't guess easily, and which one can change every few years or whatever.
IO540 is offline  

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service

Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.