Projects / spam.pl / Comments

Comments for spam.pl

26 Dec 2005 03:07 reflous

I've resumed development on this
Plan on some great new releases coming up! The war on spam can be best approached through a multi-faceted response. Some ISPs are willing to shutdown spammers if they learn they are on their network. Some domain name registrars are willing to shutdown spammer's websites. Some postmasters are willing to close their open relays. This script notifies all three that there is a problem!

26 Dec 2005 02:59 reflous

Re: Wrong approach


>

> If you'd bothered to read the post you'd

> replied to properly

> you'd see that the guy clearly indicated

> that he wanted to

> handle spam. What he complained about

> was the manner

> of reporting spam. If you're tired of

> spam, then it should be

> in your interest to report spam problems

> in a way that make

> it as easy as possible for abuse

> departments to prevent or

> close down spammers.

>

> You also failed to consider that a major

> point he made was

> that a lot of the people whose domains

> occur in a typical

> spam message are completely innocent and

> have nothing to do with the spam, and

> couldn't have done anything to prevent

> it. Speaking as someone who has

> administered a mail system with 1.7

> million users, I can tell you that the

> one largest abuse problem we had was not

> our own users spamming people, but

> people causing massive amounts of

> traffic to our system by using fake,

> non-existing addresses at our domains in

> the From: address of their spams.

>

> No changes we could have made could

> prevent that. No action on our end could

> prevent that. No message to our abuse

> department could stop that spamming, as

> it wasn't done by our users or from or

> through our servers.

>

> That's why just firing of e-mails to

> anyone listed in a spam

> message is a problem: abuse departments

> are overloaded

> enough as it is. Hindering their work by

> sending them complaints about spams they

> can do nothing about and are

> completely innocent of doesn't help.

>

This response is 4 years late, but your point still stands. Spam.pl does not use the From: line in the email as with true spam it is always a forgery.

There are still two complaints that a postmaster can make about this script:

(1) spam.pl treats forged Received: headers as if they are the real thing, and will email the postmasters of those forged headers. I plan on implementing some Received: checking and making emailing forged postmasters an option rather than the default.

(2) spam.pl grabs every domain from the body of the email and generates a complaint to each domain. With the rise of phishing, and the increased deviousness of these emails, often times legitimate domain names are stuck in the email, such as 'paypal' and 'ebay'. However, I am going to work under the assumption that if you are a postmaster at a domain that is being used in phishing scheme's, you'd like to know about it so you can warn your customers, etc.

11 Jan 2002 10:49 vidarh

Re: Wrong approach

> Well, it's your job to keep your mail
> servers properly configured, not ours.
> Our noticing is merely a convenience. If
> you don't like it, then be glad to join
> the real-time blackhole list, because
> you will.
>
> Thanks, from a person who has been
> spammed so much that now uses SpamCop
> religiously
>


If you'd bothered to read the post you'd replied to properly
you'd see that the guy clearly indicated that he wanted to
handle spam. What he complained about was the manner
of reporting spam. If you're tired of spam, then it should be
in your interest to report spam problems in a way that make
it as easy as possible for abuse departments to prevent or
close down spammers.

You also failed to consider that a major point he made was
that a lot of the people whose domains occur in a typical
spam message are completely innocent and have nothing to do with the spam, and couldn't have done anything to prevent
it. Speaking as someone who has administered a mail system with 1.7 million users, I can tell you that the one largest abuse problem we had was not our own users spamming people, but people causing massive amounts of traffic to our system by using fake, non-existing addresses at our domains in the From: address of their spams.

No changes we could have made could prevent that. No action on our end could prevent that. No message to our abuse department could stop that spamming, as it wasn't done by our users or from or through our servers.

That's why just firing of e-mails to anyone listed in a spam
message is a problem: abuse departments are overloaded
enough as it is. Hindering their work by sending them complaints about spams they can do nothing about and are
completely innocent of doesn't help.

20 Aug 2001 07:49 bagder

I'm abandoning this
Yes,

I don't feel I do much with this project and I have no intention of increasing my efforts. I will gladly hand over the baton to anyone else who feels up to the task of taking spam.pl into the future.

05 May 2001 23:58 claviola

Re: Wrong approach

> Speaking as a postmaster, I must say
> that all of the software products in
> this category, whether proprietary
> things like Spam Cop or Free ones like
> this, are just taking the wrong
> approach.
>
> Postmasters and abuse departments have
> too much to do and too little time to do
> it. The last thing they need is
> something else to read. In case of
> spam, all they need or want to see is
> the spam and the full headers, nothing
> else.
>
> If you're in the habit of reading
> headers, you'll also notice that most
> relays are located in countries where
> English is not the native language. In
> some of those countries (such as Japan,
> where I live) English is not widely
> understood at all, so anything you write
> to the sysadmins at the relay domain
> will probably not be understood anyway,
> unless you can write it in their
> language. So if you send a relay
> anything, just send the spam and the
> headers. Maybe they'll have a clue,
> maybe they won't. But editorializing
> wastes your time and theirs.
>
> You can most help postmasters help you
> by sending the spam to only the origin
> point and any relays along the way, with
> the full headers displayed. Please do
> not send it as an attachment, do not
> change the subject line, do not bounce
> it (please use forward), and especially
> do not add any commentary of your own -
> it will just get in the way.
>
> Also, especially please don't take the
> spew approach and send a copy to every
> domain named anywhere in the spam. The
> people whose domain names are used
> without their permission in forged
> headers or in bogus inline
> "unsubscribe" addresses
> neither need nor want to see it, but are
> usually inundated with dozens - even
> hundreds - of copies of the spam anyway.
> They are often also inundated with
> abusive language, just because some jerk
> spammer decided they were going to be
> the Domain of the Day. Please remember
> that they are not responsible for it and
> cannot do anything about it, so don't
> bother them.
>
> Give postmasters a break. Send them
> the facts and just the facts. Those
> consist solely of the spam, the headers,
> and nothing else.
>
> Thanks, from a postmaster.


Well, it's your job to keep your mail servers properly configured, not ours. Our noticing is merely a convenience. If you don't like it, then be glad to join the real-time blackhole list, because you will.

Thanks, from a person who has been spammed so much that now uses SpamCop religiously

24 Mar 2000 00:30 jbyrne

Wrong approach
Speaking as a postmaster, I must say that all of the software products in this category, whether proprietary things like Spam Cop or Free ones like this, are just taking the wrong approach.

Postmasters and abuse departments have too much to do and too little time to do it. The last thing they need is something else to read. In case of spam, all they need or want to see is the spam and the full headers, nothing else.

If you're in the habit of reading headers, you'll also notice that most relays are located in countries where English is not the native language. In some of those countries (such as Japan, where I live) English is not widely understood at all, so anything you write to the sysadmins at the relay domain will probably not be understood anyway, unless you can write it in their language. So if you send a relay anything, just send the spam and the headers. Maybe they'll have a clue, maybe they won't. But editorializing wastes your time and theirs.

You can most help postmasters help you by sending the spam to only the origin point and any relays along the way, with the full headers displayed. Please do not send it as an attachment, do not change the subject line, do not bounce it (please use forward), and especially do not add any commentary of your own - it will just get in the way.

Also, especially please don't take the spew approach and send a copy to every domain named anywhere in the spam. The people whose domain names are used without their permission in forged headers or in bogus inline "unsubscribe" addresses neither need nor want to see it, but are usually inundated with dozens - even hundreds - of copies of the spam anyway. They are often also inundated with abusive language, just because some jerk spammer decided they were going to be the Domain of the Day. Please remember that they are not responsible for it and cannot do anything about it, so don't bother them.

Give postmasters a break. Send them the facts and just the facts. Those consist solely of the spam, the headers, and nothing else.

Thanks, from a postmaster.

Screenshot

Project Spotlight

ReciJournal

An open, cross-platform journaling program.

Screenshot

Project Spotlight

Veusz

A scientific plotting package.