In article <email@example.com>,
<firstname.lastname@example.org> wrote: >
> No, she and we are trying to dictate what people can talk about on OUR
> phones. Big difference. My paying for a phone does not give someone
> else license to unlimited use of it for THEIR purposes.
> John Meissen email@example.com
>[TELECOM Digest Editor's Note: That would also be true regarding
>_your_ computer accounts would it not?
> But finding the _legitimate, bonadide_ guilty party and chopping off
> his fingers would not be so futile, would it?
If you could find them, and if it were legal to do so. Maybe you could
do that in Saudi Arabia, but the last time I checked, chopping off
fingers was illegal here in the US.
> But I have many readers here who consider me to be an imbicile and
> unable to correctly idenfity spammers; apparently they do not know
> how to geographically locate and match up IP numbers, and no, you do
> _NOT_ rely upon what the "From:" has to say; you begin much further
> up in the envelope.
And you don't rely on the IP addresses, either. As has been repeatedly
pointed out 90% or more of the spam we're subjected to is proxied
through virus-infected home computers and compromised servers. The
owners of those systems are no more responsible for sending spam than
you would be of making phone calls to Columbia that came from someone
tapping your line outside your house.
You could TRY to make a claim about the websites the spam refers to,
but those also are extremely short-lived, unauthorized servers often
running on the same compromised systems.
> Start with the "from " at the very top and carefully examine the
> first two or three lines as well as paying close attention to the
> path lines showing how the message got to you. Some of that stuff up
> there is much harder (but not impossible!) to forge. Now, 'tis true
> that dial-up IPs tend to be quite dynamic and almost useless, but
> really serious spammers have a solid line all the time don't they?
Yes, you can tell where the system is that the spam was sent through.
But that doesn't tell you WHO sent the spam, only which compromised
zombie system they used to relay it through.
It won't tell you how to track down the sender, but you can use it to
block further attempts. For instance, my system blocks based on sender
IP address and hostname. I block anything that resolves to a hostname
that looks like it came from a home system.. basically any hostname
whose left-most portion contains 4 sets of numbers separated by '-',
or contains any of the strings "client", "dhcp", "dsl", "pool", "ppp"
and "user". I also block on a rather large list of IP ranges.
> Please go look at http://telecom-digest.org/td-extra/AP.html
> to see an example of something I am working on in cooperation with the
> geobytes.com database. Testing the accuracy of my 'welcome to visitors'
> line has thus far shown a high degree of positive results. Just go
> look at those lines on that page. I don't care if you bother to listen
> to the audio or read the AP newswire. Some of you are probably too
> smart to bother with that anyway. If the 'welcome to visitors from'
> line produces really gross inaccuracies in your instance, I would like
> to know about it. In a day or three, I am going to present here an
> HTML 'form' in which you can cut and paste the top half dozen or so
> lines from your favorite spam. I hope you will give it an honest
> review, and report your results to the Tin Hat imbicile. PAT]
Yes, I'm sure it works. But there's a HUGE difference between
legitimate web surfers and scum spammers. Web surfers don't tend to
hide their activities.
John Meissen firstname.lastname@example.org
[TELECOM Digest Editor's Note: What you say is true, however if the
top three or four(?) lines of the header -- let's call it the 'true
From line' points at you, then you have a problem. Either you are
the spammer or you are a spam-enabler (by virtue of proxies, open
relays, etc.) You would not be up there in the top lines if you were
neither a spammer nor an enabler, now would you? Either way, you need
to have your ass kicked hard. Kicked harder for the spammer than for
the enabler I guess, but kicked none the less. Anyone can be 'From:'
anyone else, just as I could write a perfectly awful letter to our
resident President Dubya and sign your name and address to it. But
if the letter was postmarked "Independence 67301 KS" and _you_
disavowed any knowlege of it, most simpletons and brain diseased old
Tin Hat fools would agree it _probably_ was not your doing. PAT]