SpamCon 2001
April 26, 2001 10:48 AM   Subscribe

SpamCon 2001 gets underway in one month. It's a meeting of the minds to crush spam and guys like this. But it's probably too late. Can legislation ever make a dent in spam? Are technical solutions possible (no open SMTP ports allowed)?
posted by mathowie (10 comments total)
 
I've found that, more often than not, the easiest way to eliminate spam from my life is to filter out all e-mail that doesn't contain any of my domain names in the To field. If it's not @foreword or @indigitum, it's not for me.

If you have the technical know-how/ability/connections, setting up a server side (i.e. Procmail) filter with this rule will eliminate 90% of your spam. The same could probably be said for client-side filtering.

Just make sure that, if you're on any notification or mailing lists, that rules to direct these messages (where your e-mail address is often not visible) are processed first.
posted by Danelope at 11:36 AM on April 26, 2001


Pretty much by definition, spam has no valid reply address - or at least, no one's reading the incoming flames and core dumps. The whole economic architecture of spam depends on the fact that sending out mail in volume is much cheaper than receiving and processing mail in volume.

So, there is a technical solution, one that works for me right now: accept lists. I have 'procmail' cache incoming messages from new senders until they reply to a confirmation request it sends out.

This works just about perfectly: new correspondents are only slightly inconvenienced, and only once (none have ever complained). And I see exactly none of the twenty or thirty pieces of spam that get cached but never delivered each day.

You may not have been on the Net long enough to remember e-mail before spam - when every chime from your mailtool signaled a real message from a friend or associate. It's nice.

The only downside: my mail server spends a lot of time handling NDNs and resending mail. Now, I have a lot of postfix and procmail to spare, and no time to deal with spam, but if everyone on the Net used this - until spam died away as the "direct e-mail marketers" went out of business - there'd be a big increase in mail traffic on the backbones.

On the other hand, though, e-mail can't be much of of the Net's traffic now that the Web and Napster are here. How about it? Build per-user or per-server accept lists into the mail server software, and end spam forever.
posted by nicwolff at 12:54 PM on April 26, 2001


(By "you" in "You may not have been on the Net long enough to remember..." above, I mean the average MeFi reader - not you in particular, Matthew, or you, Danelope. Sorry to condescend!)
posted by nicwolff at 12:57 PM on April 26, 2001


The single most useful measure I've found for filtering out spam is to only put in my Inbox messages that actually have my name as a recipient. If a human has replied to one of my Usenet messages, for instance, their message always carries my name. Even though I sometimes get spam with my e-mail address on the line, it almost never has my actual name.

A second good measure is to entity-encode all the mailto: links on your Web sites. Web browsers will be fine with such links, but they will stymie E-mail harvesting tools. If you post on Usenet, use a bogus From: address but provide a legitimate address in the Reply-To: header. Most news servers do not include the Reply-To header as part of the batch of headers spammers use to harvest E-mail addresses. So this allows humans who have actually read your message to reply, while foiling spammers.

Take these simple steps and you, too, can reduce your spamload by a significant amount.
posted by kindall at 2:25 PM on April 26, 2001


Do people still post on Usenet? The last time I checked, it was 90% pr0n ads and 10% flames. <grin>

Unforunately, kindall, I can never rely on my friends' and families' address books for accurately filtering out name-only posts. I'm Dan or Dan Engler or Danelope or dandan to a bunch of people, and I'm unsure whether you can send a full name-intact header via a mailto: link.

nicwolff's suggestion sounds interesting, and I'll look into it this weekend. It seems like somewhat of a deterrent for people (i.e. visitors to your site) to e-mail you off the cuff, but like you said, by the time they see it, the process is nearly over.
posted by Danelope at 2:35 PM on April 26, 2001


I use disposable e-mail address for my own spam/abuse filtering.

As for the conference... do people still go to conferences?
posted by silusGROK at 3:21 PM on April 26, 2001


I think you meant to say 'open relays' not open ports. Without port 25 there would be no mail.

Solutions on the client end like filtering, etc are pretty ineffective. I'm going to pitch two ways to stop spam effectively, for free.

1. Legitimize it. Pass a law not forbidding spam but forcing them to use ADV or something in the subject line with a link to instantaneously unsubscribe. Allow ISPs to provide spammers with spam accounts that reflect the true cost of mailing bulk email - processor time, bandwidth, etc. Now run your filters. Eventually businesses you'd like to deal with will be willing to bulk email after the stigma has been removed and you just might go through your 'spam' folder looking for legitimate deals.

2. Why hasn't anyone written a program that scans a range of IPs at a time, finds open relays by trying each mailserver and seeing if the server allows you to send mail back to yourself and auto-mail the admin to close the relay. Imagine 20,000 people running this on their PC 24/7. At least it would make it harder for spammers to find open relays. There would still be spam, just less. I'm sure this hasnt happened on the grand scale because of fear of lawsuits or whatever after the program is considered a DOS 'hacker' tool.

Naww those make too much sense. How about we collect the private email addresses of legislators, their friends, family, etc and spam the crap out of them with fake ads. I little twist on the cant beat em, join em mentality.
posted by skallas at 4:45 PM on April 26, 2001


I think “pretty ineffective” is a broad overgeneralization and primarily untrue when it comes to my personal experience and others that posted on this thread earlier...
posted by Danelope at 4:53 PM on April 26, 2001


Do people still post on Usenet?

Yes, actually. The Mac newsgroups have decent signal-to-noise, and the misc.writing newsgroup has grown a community that is in some ways very similar to MetaFilter. There are other pockets of usefulness still in Usenet.

Unforunately, kindall, I can never rely on my friends' and families' address books for accurately filtering out name-only posts.

I should have mentioned that the first step is of course to never mark as spam mail from anyone who's in your address book, e.g., your friends and family. Those are easy to weed out. The other rules are to winnow out further legitimate messages from people who might not already be in your address book.

My basic strategy is to assume every message is spam and then look for reasons it might be legitimate. "Sender is in address book" is one such reason, "To contains my name" is another, "Subject begins with Re: and a Newsgroups or In-Reply-To header exsists" is another.

I'm unsure whether you can send a full name-intact header via a mailto: link.

I believe you're right about that, but I generally use a different e-mail address for my Web sites' mailto links. And the links are obfuscated by entity-encoding, so I hardly get spam on those addresses.
posted by kindall at 5:17 PM on April 26, 2001


skallas, I introduce you to ORBS: the Open Relay Behavior-modification System, plus pointers to how to close 'em. There was a political fall-out a couple of years back on the question of actively scanning for open relays, as this was interpreted as a hacking attack by many ... uh ... recipients. ORBS no longer does so; it only takes reports from others and passively tests when told to.
posted by dhartung at 5:29 PM on April 26, 2001


« Older Pamela Anderson's plastic surgeon?   |   Did anyone else notice Babelfish now translates... Newer »


This thread has been archived and is closed to new comments