TELECOM Digest OnLine - Sorted: Re: Trial Shows How Spammers Operate

Re: Trial Shows How Spammers Operate

jdj (
Sun, 21 Nov 2004 21:16:58 -0800

On Sun, 21 Nov 2004 00:22:44 -0500, Dan Lanciani wrote:

> (jdj) wrote:

>> On Wed, 17 Nov 2004 03:12:34 -0500, Dan Lanciani wrote:

>>> Interesting. I didn't realize that this was considered a bad thing.

>> There are a lot of people who equate receiving spam to stepping in what
>> the cat leaves on the lawn.

> This makes no sense. How exactly can you avoid "receiving spam"?

Huh? I don't find mention of avoiding spam here. This was relating the
emotional aspect of stepping in the cat's donation to one's lawn to
spam. Can't really avoid that, either -- unless there's no lawn.

>> It makes them all kinds of upset when someone suggests doing something
>> other than killing received spam.

> Tell me how to kill received spam without also killing legitimate mail
> and I'll do it.


OK, now I _am_ confused.

Moving on ...

>>> My filters respond to every (seemingly) spam message with a note
>>> indicating how to bypass the filter if in fact the mail is not spam.
>>> (Actually they do this only once per sender per some months, but you
>>> get the idea.) I really can't just dump (seeming) spam in the bucket
>>> since there are a few false positives. But I get 1500+ spams per day
>>> and I can't look at them all.

That's not too many... :)

>> Chances are that your filters are sending responses to forged
>> addresses.

> Obviously. But why should I care? The point of the response is to tell
> people who were neither sending spam nor forging their address that
> their mail has been incorrectly identified as spam.

Not a good idea for someone in business. Not a few people will not bother
trying again. So I presume you're not in business.

>> Occasionally I see messages like that and they are treated like spam,
>> since they have nothing to do with me and responding to them is
>> useless. They go to /dev/null. Until it's full.

> That works only if you have time to look at all the messages. I don't.

Not even such messages that make it through the filters?

>> I should have made it clear that I was not talking about replying to
>> mail.

> Yes, that would have been helpful ...

Well, it is a rare spammer, if any, that requests a mail response. I
really thought that was fairly common knowledge and would not need to be
put in such pedantic detail.

>> I meant responding by using the url's in the mail body.

> Only a small minority of the spam emails that I've examined bother to
> encode a destination address tracking cookie in the URLs. Thus your
> comment about tainting the database doesn't make a lot of sense in the
> context of accessing the URLs rather than responding by mail.

Well, not all are so encoded. There are other ways, quite trivial. No, I
will not go into them as they are already discussed to death elsewhere.

You know, there are things you can do to cut back on the connections from
spammers, such as throttling, blocking multiple connections, etc.

>> Since spammers never use a real From: address replying by mail is
>> useless.

> It is extremely useful for my purposes; it just may not happen to also
> do what you (said you) want. :)


>> Spammers hit every machine with an open smtp port. If your mail server
>> accepts connections and even looks like it relays, it will be on
>> spammer lists as a good relay. They don't care if nothing is actually
>> delivered.

> My machine doesn't look like a relay and they are not trying to use it
> as a relay. They are sending to long lists of (invalid) *local*
> addresses.

I wonder what makes your mailer so special that they keep trying
invalid addresses?

I rarely see such traffic. They nearly always are looking for relays.

>> A SYN would do nothing and with multiple SYNs being sent from all over
>> the place it would probably be regarded as a dDOS attack.

> That's quite a stretch, given that each SYN would be in response to
> something the spammer had actually sent, i.e., there would be no third
> party initiating the attack. Of course, you would have to be careful
> not to build a distributed machine that *could* be used by a third party
> for such an attack.

What would you think if you were getting thousands of SYNs from all over
the world all the time? And what would a laywer think?

>> To be charged for a hit a page must be requested. So sending a SYN
>> would cost the spammer nothing.

> So you are saying that spam hosters do not charge their clients for IP
> traffic? Even if that is true, they might change their policy in the
> face of such a response.

As I said, they charge for hits. SYNs are not hits. Wishes are not

> Unfortunately, I can't afford to waste the bandwidth by actually
> requesting the pages.

Then the trick is not for you.

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Lisa Hancock: "Re: SBC Wants its Cut of VoIP Revenue"
Go to Previous message: Dan Lanciani: "Re: Trial Shows How Spammers Operate"
May be in reply to: Monty Solomon: "Trial Shows How Spammers Operate"
Next in thread: Scott Dorsey: "Re: Trial Shows How Spammers Operate"
TELECOM Digest: Home Page