Re: Anti-Spam ideas for usenet/list harvested email addresses

From: Paul Johnson (baloo_at_ursine.ca)
Date: 09/26/03

  • Next message: Paul Johnson: "Re: Anti-Spam ideas for usenet/list harvested email addresses" 
    Date: Fri, 26 Sep 2003 01:26:14 -0700
To: debian-user@lists.debian.org

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On Tue, Sep 23, 2003 at 01:16:38PM -0600, Jacob Anawalt wrote:
    > To me the big question is how do I avoid the spam in the first place,
    > besides avoiding email all together?

    Become an extremely hostile target. Report all mail and news abuse
    ASAP. http://spamcop.net/ and http://www.abuse.net/ are both
    excellent resources for getting ahold of admins.

    If you run your own mail server, exim has excellent controls for
    curbing spam. exim4 and sa-exim work beautifully together. I'd love
    to know how to get clamav to work, maybe this would be a good feature
    for sa-exim.

    > We've all done or seen people do this: jacob at cachevalley dot com,
    > jacob.nospam@cachevalley.com, jacob@cachevalley.nospam.com, etc.

    Munging considered harmful.
    http://www.interhack.net/pubs/munging-harmful

    > I've already mentioned the web authorization idea and the rotate your
    > email address on some schedule ideas in another thread.

    Challenge-response considered harmful, read the archives. Rotating
    your email address is another great way to lose legitimate email
    without affecting the problem itself.

    > I've even seen a web site go so far as to use a .js file function to
    > put together the email address from a bunch of fragments when you
    > click the mailto link. That would take more work to parse, but it is
    > still possible by having an email grabbing webbot that can run
    > javascript.

    Not to mention break the functionality for people who do not have JS
    capable browsers.

    > The mail server would need to have access to my personal list of
    > acceptable email addresses so it could give a 550 with the appropriate
    > extended SMTP code for unauthorized/security and an appropriate error
    > message after the HELO and MAIL FROM and RCPT TO: have been given. It
    > should only do this for mail accounts that have entries in the safe list.
    > If your list is empty, all email is valid. If you have one or more
    > entries, only those ones can send you email.

    spamassassin does something similar with sa-exim.

    > If you're sick of getting swamped (as a user or admin) wouldn't this setup
    > be usefull? An ISP could encourage users to use username.lists@isp.com for
    > email addresses that are going to be used on usenet or public mailing
    > lists. The new email address could just dump into the real address after
    > the mailing list rules were validated, or it could be it's own account and
    > mailbox.

    Variation on munging...

    > The sad part is that I've already squandered my username at this email
    > address by putting it where it can be harvested in mass by worm/virus and
    > UCE/UBE collection scripts, and I had already read an article cautioning
    > me against this. Oh well live and learn (someday I'll learn anyway.)

    I've had this email address for about a year, and before that, I had
    baloo@ursine.dyndns.org for about 6 years before a buddy bought me a
    Canadian domain name for me. Don't hide, *TAKE ACTION*.

    - --
     .''`. Paul Johnson <baloo@ursine.ca>
    : :' :
    `. `'` proud Debian admin and user
      `- Debian - when you have better things to do than fix a system
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)

    iD8DBQE/c/gmUzgNqloQMwcRApExAJ4xnFfHTu4F9M97qDL0Qqb5GCLQswCg2t2f
    HTubkUQtstseTVZBUR955dk=
    =r6Ev
    -----END PGP SIGNATURE----- 

    -- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Paul Johnson: "Re: Anti-Spam ideas for usenet/list harvested email addresses"

    Relevant Pages

    • Re: SORRY...forgot to add...
      ... for folks with large mailing lists it turns out to be inconvenient. ... I UNDERSTAND ABOUT THE SPAM, BUT AGAIN I SAY WHAT GOOD IS IT IF THEY ... BUT ALSO IT'S A BOTHER FOR THE RECIPIENTS WHO ... WOULD STOP MY MSGS FROM GETTING SENT OUT BECAUSE FO THE AMOUNT ...
      (microsoft.public.windows.inetexplorer.ie6.outlookexpress)
    • Re: spam avoidance (was Re: cpu speed problem)
      ... I get no more that 1 spam message a week out of maybe a 1000 messages. ... bringing up, the separation of public and private mail, in general. ... And some communication does not belong on a public list. ... I read messages from the public lists. ...
      (Fedora)
    • Re: cobol data format!!! urgent!!!
      ... >No. Monty Python did a song: Spam, Spam, Spam. ... "Take Jakob Nielsen, Internet Usability Guru. ... Lists used to announce talks, ...
      (comp.lang.cobol)
    • Re: [ISN] Majordomo Could Mean Major Spam
      ... I suppose I should disclaim this by saying that I don't get spam at this ... > of 80 subject related emails a day from the two lists on bugtraq I want. ... Perhaps Majordomo is partly to blame. ... > using a little-known but documented feature in the Majordomo server ...
      (Security-Basics)
    • Re: Non English Spam
      ... Subject: Non English Spam ... encoded in one of the above character sets, ... You know all too well that filtering based on "Received" header ... language specific lists - if their message is not simply ignored. ...
      (freebsd-questions)