TELECOM Digest OnLine - Sorted: Re: Trial Shows How Spammers Operate


Re: Trial Shows How Spammers Operate


jdj (jdj@now.here)
Fri, 19 Nov 2004 21:30:57 -0800

On Wed, 17 Nov 2004 03:12:34 -0500, Dan Lanciani wrote:

> Interesting. I didn't realize that this was considered a bad thing.

There are a lot of people who equate receiving spam to stepping in
what the cat leaves on the lawn. It makes them all kinds of upset when
someone suggests doing something other than killing received spam.

> My filters respond to every (seemingly) spam message with a note
> indicating how to bypass the filter if in fact the mail is not spam.
> (Actually they do this only once per sender per some months, but you
> get the idea.) I really can't just dump (seeming) spam in the bucket
> since there are a few false positives. But I get 1500+ spams per day
> and I can't look at them all.

Chances are that your filters are sending responses to forged
addresses. Occasionally I see messages like that and they are treated
like spam, since they have nothing to do with me and responding to
them is useless. They go to /dev/null. Until it's full.

>> There is an added benefit if spam to bad addresses were responded to:
>> the bad addresses are confirmed valid and permanently taint the
>> databases, which get sold around and the fun starts all over again.

> Because of the way my filters are integrated into sendmail they
> generate responses for spam sent to bad addresses. I always
> considered this a bug (though at least I fixed it to send only one
> response to envelopes with multiple bad to: addresses :) but I'm glad
> to hear it may do some good. I've noticed lately that spammers will
> make many simultaneous connections to my mail server and run through
> huge lists of bogus recipients. This was overwhelming my system until
> I added a semaphore for spamassassin use and queued most of the
> responses. Do they think I'm an ISP or such?

I should have made it clear that I was not talking about replying to
mail. I meant responding by using the url's in the mail body. Since
spammers never use a real From: address replying by mail is useless.

Spammers hit every machine with an open smtp port. If your mail server
accepts connections and even looks like it relays, it will be on
spammer lists as a good relay. They don't care if nothing is actually
delivered.

>> Should not be too difficult to set up a procmail script for servers to
>> send a few http requests to a spammer's website instead of bouncing
>> mail with bad addresses.

> Hmm. Maybe just send a SYN to each http:// address that can be
> extracted from the mail. Though I guess that might not count against
> the correct spammer if they are sharing IP addresses.

A SYN would do nothing and with multiple SYNs being sent from all over the
place it would probably be regarded as a dDOS attack.

To be charged for a hit a page must be requested. So sending a SYN
would cost the spammer nothing.

But perhaps it should not be done. Spammers might get a little upset
with all the responses and no one buying a thing. That might be
compared to calling a ScumCorp's 800 number just to say "hi" every few
minutes or trying an infinite number of times to send a fax or set up
a 66baud data connection to said 800 number.

Nevermind. It's a bad idea. Could get sued.

But it's fun as gedankenspielen.

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Danny Burstein: "Re: Should I Put Cell Phone on National do Not Call List?"
Go to Previous message: RobertPlattBell: "Last Laugh! Re: Texas Officials Wary of Plan to Hunt by Internet"
May be in reply to: Monty Solomon: "Trial Shows How Spammers Operate"
Next in thread: Dan Lanciani: "Re: Trial Shows How Spammers Operate"
TELECOM Digest: Home Page