I've simply built a couple of spam/virus filters (Linux boxen) built on the
instructions here:
http://www.freespamfilter.org
The Debian by Mr88Talent is particularly good.
Joe
----- Original Message -----
From: "Rich Kulawiec" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Wednesday, March 26, 2008 11:35 AM
Subject: Re: [UM-LINUX] [OT] Keyserves and Spam
On Mon, Mar 24, 2008 at 11:01:49PM -0400, Nick Cummings wrote:
but it looks to me like that puts your email address out there where it
can easily be picked up by spammers.
I just wrote about this the other day, so let me take the lazy way
out and quote myself. I was responding to the suggestion that people
should remove their addresses from mailing list and newsgroup traffic,
and I covered obfuscation tactics while I was at it.
--- quoting ---
This is a futile tactic that will do nothing to stop competent spammers.
The only people it will have any meaningful effect on are those who
are trying to communicate with posters to mailing lists/newsgroups,
and possibly some of the newer, more amateurish spammers -- who will
learn, soon enough. The same can be said for the attempts at obfuscation
that are often claimed to have similar non-existent benefits.
Here's why:
First, spammers wrote the trivial bits of perl/awk/python/whatever
to unmunge obfuscated forms many years ago. So things like
[EMAIL PROTECTED] or rsk (at) gsp.org are pointless.
Second, spammers have also long since done the requisite RFC 2142 and
statistical analysis to know that hostmaster@ is reasonably likely
to exist, as is webmaster@, john@, mary@, john.smith@, john.jones@,
aaa@, aab@, aac@, etc. So if your address matches any of the millions
of common patterns like that, then they'll have it soon, if they don't
already. (And given some of their methods: they don't really need
to have it anyway in order to spam it.)
Third, unmunged addresses appear with regularity in message headers
*because they have to* in order for mail to work. I trust it's obvious
why obfuscating or eliding them elsewhere does nothing about this.
Fourth, there are an enormous number of fully-compromised systems
worldwide. (Any estimate under 100 million is badly outdated. Recent
estimates have been in the 250-300 million range, and even that may be
too low.) Among the many uses that the new owners of those system have
for them is mass harvesting of email addresses -- which means that they
have long since gone through every address book, all stored mail,
and perhaps all stored documents as well. Note that some of those
compromised systems are mail servers, in which case the harvesting is
likely to be especially fruitful.
Fifth, spammers have many other methods of acquiring addresses,
including but not limited to:
querying mail servers (especially those with VRFY and EXPN on)
subscribing to mailing lists and harvesting everything
acquiring corporate directories (sometimes from their web sites)
insecure LDAP servers
insecure AD servers
spidering web sites
Usenet news feed
reverse engineering names to things like firstname.lastname
use of backscatter/outscatter
use of auto-responders
gaming of mailing list mechanisms
use of abusive "callback" mechanisms
use of abusive e-pending mechanisms
use of abusive challenge/response mechanisms
dictionary attacks
purchase of addresses in bulk on the open market.
purchase of addresses from vendors, web sites, etc.
purchase of addresses from registrars, ISPs, web hosts, etc.
It's therefore probably best to assume at this point that ANY email
address is either (a) in the hands of spammers or (b) will be soon,
and to plan defenses accordingly. Pretending that it's otherwise,
that it's actually possible to keep most addresses out of their hands
indefinitely, is a head-in-the-sand strategy.
(Yes, special-purpose addresses insulated from all this, only used
in isolated cases, extant only on highly secure mail servers that are
meticulously maintained, and sufficiently obscure as to avoid guesswork
may be exceptions. But clearly, given that spammers have escalated
from selling single CDs of compressed address lists to sets of multiple
DVDs, only a tiny, tiny fraction of all valid email addresses worldwide
fall into this category.)
Moreover, it's impolite to send messages to a public mailing list or
newsgroup without providing a valid address for reply. Those who don't
want to participate in two-way communication are certainly not required
to; they're not, however, free to unilaterally attempt to make those
two-way channels one-way-only to suit their personal preference or
convenience. This is the online equivalent of shouting while sticking
your fingers in your ears so as not to hear replies.
--- end quoting ---
Let me just toss this extra tidbit in:
Companies and universities and so on that use firstname.lastname or
first-initial.lastname or similar patterns are making things even
easier for spammers. I see spam attempts for richard.kulawiec and
rkulawiec and rich.kulawiec and so on all the time on my mail servers
even though those addresses have never existed here. Ironically, from
time to time over the years, I've read comments from some of the people
running mail operations that do this wondering out loud how spammers
came up with so many valid addresses so quickly.
But...given all the other methods now available to spammers, this
probably isn't nearly as big a factor as it was 10 years ago. That
still doesn't make it a good idea (it's really not, for a myriad
of other reasons) but at least it means that it's not as comparatively
damaging as it once was.
---Rsk
