Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] giving up on email



>>>>> "Niels" == Niels Kobschaetzki <niels.k@example.com> writes:

    Niels> one question about the whole spam-thing: how do people get
    Niels> so much spam ("my inbox still gets more spam than
    Niels> interresting mails").  my mail-address is published on
    Niels> several sites in the net and it seems

Well, it matters which ones.  I never see webmaster@example.com
among spammed addresses, and I bet that's because there's very little
of interest to spammers on our website (ie, email addresses).  I get
tons and tons to turnbull@example.com (note the "shako."),
although that address hasn't been published anywhere in 7 years.  I
assume it's because I used to post under that address to several DOS
lists (mainly Ghostscript and DJGPP).  Those list archives are public
and Googlable, and therefore open to the spammers for harvesting.
Another thing that clearly has happened with that address is that it
has been propagated to viruses.

    Niels> that my spamfilters work great (the first one is from my
    Niels> domain/mail-provider which is spam assassin (deletes spam
    Niels> immediateley, the second one is the filter of mail -
    Niels> standard mail prog of mac os x (this is my productive
    Niels> system and on an ibook g4 linux is a nice toy but because
    Niels> of airport extreme and the unstable x-solution it doesn't
    Niels> make sense to use it at time as a productive system) and it
    Niels> filters succesful the rest of the mails (it seems that it
    Niels> is also a bayese filter))

I would guess that at XEmacs spamassassin gets about 70-80% of the
spam (with essentially no false positives), with the trend being
definitely downward (it was getting 90% in October).  I think the
spamassassin people have gotten tired of trying to keep up with the
spammers, because they don't seem to be releasing anywhere near as
often as the spammers come up with ways to avoid spamassassin.  With
the addition of nearly 1000 lines of procmail filter, the XEmacs lists
are currently catching about 99.8% of the spam, with total false
positives running about 0.5% of the genuine posts.

I think at this point we need to go to a more AI-like approach, even
the Nigerian scammers are getting past spamassassin.

    Niels> in my normal inbox i get ca. 1 spam-mail per month an in my
    Niels> junk-mail-box are 1 - 2 mails per every 2 days...  does i
    Niels> only have luck or

It all depends on your usage patterns.  If you mail only to private
people, then you'll be OK until one of your Winblows correspondents
exchanges bodily fluids with somebody infected, then it'll start to
propagate through the net.  If you post regularly to a publically
archived mailing list, you're dead---I bet you'll see an increase
because you posted here despite the password protected archive, as
spammers now pay people to look for passwords on sites that advertise
mailing lists.  If you post to Usenet, you're dead---the spammers grep
the newsspool, it's a very cheap way of harvesting addresses even
though about half the people on Usenet seem to be going under spoofed
mail addresses or munged ones.

    Niels> does other people do something terribly wrong?

That, too.  For example, the U of Tsukuba packet filcher makes it
impossible to use RBL in your MTA, because they spoof on port 25 and
redirect all incoming SMTP to a virus scammer (which typically lags
introduction of viruses by 12-72 hours, with resulting mayhem since
there is no virus filtering internally).  So you have to go on the
header rather than the incoming connection, which is much less
reliable.  Many virus scammers act as spam multipliers (eg, U of
Tsukuba's) as they not only remove the viral content and pass the
message on as spam, but then they proceed to send notifications to at
least the sender and the local recipient (X3), and sometimes to other
addresses in the header.



-- 
Institute of Policy and Planning Sciences     http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links