Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Elian (119)

Elian
  (email not shown publicly)
http://www.sidhe.org/~dan/
AOL IM: DanSugalski (Add Buddy, Send Message)

Perl 6/Parrot internals ex-design team lead.

Journal of Elian (119)

Tuesday December 17, 2002
12:07 PM

On being part of the problem...

[ #9509 ]

A while ago I was musing on spam, and the increase in volume I've seen recently.

Well, I admit it. I think I'm part of the problem. But, then, I think that everyone running silent anti-spam software is too. While on the one hand SpamAssassin keeps spam out of my mailbox, running it doesn't keep that spam out of anyone else's mailbox, and neither does it do anything to keep the spam off my machine in the first place. IP blocking, though, does do that.

I think it's time to build a widget to help automate the generation of the "you suck, get lost" IP list from the spam that SpamAssassin identifies.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • Catherine Hampton religiously updates spammer's network whereabouts so SpamBouncer [spambouncer.org] can send email to all of the right abuse addresses. I have been using it for years in COMPLAIN mode.

    It is all procmail, but the information is there.
  • Complaining hasn't worked. Period.

    Bouncing hasn't worked. Period.

    Now we're trying to remove the economy of spam, by making sure the user never sees the spam. I think hitting the Spammers in the wallet is the only place they're going to take any notice.
    • The problem with blacklists is "how not to block valid emails?"...

      grinder [perl.org] had a very good idea to hit spammers where it hurts [perl.org]. Quote:

      And what I'm toying with is something a little more radical. Sure I'll probably sign up with an RBL or two, but what I'm going to do is I'm still going to accept everything. But. When I come acrosss mail that comes from a suspected spammer, I'm going to put sleep(120) or so between each step in the transfer dialog.

      If enough people start doing this (and maybe people d

    • Now we're trying to remove the economy of spam, by making sure the user never sees the spam. I think hitting the Spammers in the wallet is the only place they're going to take any notice.

      I think Dan is making a different point. We're not significantly increasing the cost for the spammer. The cost to send spam is not directly related to the volume of spam sent. Therefore, savvy users are reducing the effectiveness of current spamming techniques, so the next step in the arms race is to increase the am

      • It's not the cost of sending spam I'm talking about. It's the return cost of spam. What the spammer's client gets out of spamming. If we can reduce that to zero (or as close to zero as possible) then the spammers exist no longer.

        Of course what we really need is a secure email protocol that validates the sender. Unfortunately SMTP is just too pandemic now to get that to happen.
        • It's not the cost of sending spam I'm talking about. It's the return cost of spam. What the spammer's client gets out of spamming. If we can reduce that to zero (or as close to zero as possible) then the spammers exist no longer.

          Yes, and what I think Dan has noticed is that when a few savvy users use spam-blockers, the return-on-spam cost decreases, but doesn't become zero (or near-zero). Therefore, the next result is to send more spam, since the incremental cost of sending out a few hundred or a few

          • I disagree.

            It takes expensive hardware to send a lot of spam. Diminishing returns means that they're going to either have to spend more on hardware and bandwidth to get out more spam, or they're going to go bust.

            Besides, I'm not sure I want to eliminate spam - I'd be out of a job ;-) Oh the internal conflicts!
    • I know complaining and bouncing haven't worked--the first are ignored, the second spoofed to bother some poor sucker somewhere else in the world. But making spam silently disappear on the end-user's machine doesn't help much either. The spammers don't give a damn if some of their spam gets filtered, as they expect almost all of it to be ignored anyway.

      The problem with the anti-spam software is it's actually taken away some of the disincentives that mail admins used to use. When AOL blacklists your IP addr

      • What I recommend is modifying qpsmtpd's spamassassin capabilities to reject rather than filter if you see a high scoring spam.

        I don't recommend this to everyone, as some people have mail that SpamAssassin scores rather highly, but for regular geeks it's probably a good idea.

        I do feel sympathy though. I know exactly what you mean. But I don't really have a solution yet. :-/