Author Topic: Dealing with spam  (Read 8191 times)

0 Members and 1 Guest are viewing this topic.

Offline Bob Horrocks

  • Opinions on everything
  • *****
  • Posts: 1555
  • Gender: Male
  • Expertises:
  • Green Belt
  • Parish Council
Dealing with spam
« on: November 25, 2003, 07:07:40 pm »
Don't you just love it!
The Spam companies are even using my E-mail addresses as the supposed senders.  This week I even got two supposedly sent by me.  The sender and receiver were identical but, honestly, I never send E-mails recommending porn sites.  What a cheek.

Can anyone recommend a good Spam blocker program?  I have tried using the 'block senders' and 'refuse E-mails with certain words in the title' which is part of Microsoft Explorer, but they still come through at over 30 a day, and I have three E-mail addresses.  I am truly fed up. 
« Last Edit: August 10, 2005, 01:59:43 pm by Editor »
 

Offline Editor

  • David Brewer
  • Administrator
  • Opinions on everything
  • *****
  • Posts: 8927
  • Thanked: 142 times
  • Gender: Male
    • Media Helping Media
  • Expertises:
  • Walking
  • Real ale
Re: SPAM
« Reply #1 on: November 25, 2003, 07:13:22 pm »
Hi Bob,
Part of your problem might be that you have your e-mail address on the Greenbelt Society site. This means that it will be picked up by spammers and used by them. You can get round this with forms, or by using code that hides the address, but still allows people to mail you. Give me a ring and I will give you the code to cut and paste into your site so that you don't display your e-mail address for the spammers to pick up.
Dave
The Brookmans Park Newsletter has been supporting the village and our local community since 1998 by providing free, interactive tools for all to use.
 

amg51

  • Guest
Re: SPAM
« Reply #2 on: January 08, 2004, 11:33:04 am »
Try Spamfighter - it's a Danish product and is free.
It seems to do a very good job - not 100% but more than acceptable. This puts Spam in a Separate folder which you can easily delete

There are other products e.g. Spam Sleuth and Mail Washer which look at  the Mail before downloading -
they cost $29.95 after a month's free trial. Spam Sleuth looks quite impressive  
 

Offline Largey

  • Opinions on many things
  • ***
  • Posts: 102
Re: SPAM
« Reply #3 on: January 08, 2004, 01:37:32 pm »
Bob,
You should also speak with your ISP. Most ISP's should have the ability to add SPAM checking at the mailserver end. It may involve a small charge annually but its worth it.
That way the majority of known SPAM sources are blocked before they even reach you. We have employed this with lots of our customers and their SPAM content has reduced dramatically.
Give them a call first.

Paul
 

Offline trinity

  • Opinions on many things
  • ***
  • Posts: 150
Re: SPAM
« Reply #4 on: January 08, 2004, 10:26:35 pm »
Quote
Try Spamfighter - it's a Danish product and is free.
It seems to do a very good job - not 100% but more than acceptable. This puts Spam in a Separate folder which you can easily delete
[/quit]
Anybody who is using a unix variant, and is interested in something
like this, can mail me and I'll send a perl script for filtering.

This is called from procmail (which you'll have to source separately) and uses a configuration file to hold scoring patterns. Scores can be positive (more = worse) or negative (more = better), so that you can
reject spam about things like "Lower your debts" whilst accepting mail from, say FT or Economist that might genuinely contain the pattern "debt".

Quote

There are other products e.g. Spam Sleuth and Mail Washer which look at  the Mail before downloading -
they cost $29.95 after a month's free trial. Spam Sleuth looks quite impressive  


It is free, too.
:-)

Incidentally, when we got back from our xmas/new year trawl round the family there were 1316 emails waiting for me. 4 were real, the rest spam. The filter rejected 1304 of them correctly, passed 8 incorrectly, and passed all the real ones.
 

Offline Editor

  • David Brewer
  • Administrator
  • Opinions on everything
  • *****
  • Posts: 8927
  • Thanked: 142 times
  • Gender: Male
    • Media Helping Media
  • Expertises:
  • Walking
  • Real ale
Re: SPAM
« Reply #5 on: January 08, 2004, 11:08:56 pm »
Spamfighter, recommended by Trinity and amg51, looks good. Click here for the Spamfighter site.

Thanks for the tip.
The Brookmans Park Newsletter has been supporting the village and our local community since 1998 by providing free, interactive tools for all to use.
 

amg51

  • Guest
Re: SPAM
« Reply #6 on: January 09, 2004, 08:41:27 am »
I would agree with Paul that it is preferable if your ISP blocks SPAM for you.  You are not wasting time or money downloading. Btinternet ( yahoo) does a very good job - but not all ISPs offer such a service - and there is always the downside that the filter they use may block valid Emails - without you being aware.
 

Offline trinity

  • Opinions on many things
  • ***
  • Posts: 150
Re: SPAM
« Reply #7 on: January 11, 2004, 02:57:00 am »
Quote
I would agree with Paul that it is preferable if your ISP blocks SPAM for you.  You are not wasting time or money downloading. Btinternet ( yahoo) does a very good job - but not all ISPs offer such a service - and there is always the downside that the filter they use may block valid Emails - without you being aware.


Any spam filter that does this is fundamentally broken. What they should do is to place any rejects in a "spam trap" mailbox so that you can quickly scan for any false positives. What to look for in a spam filter is:

1. A block on non-returnable mail ("From", "Sender" and "Reply-to" headers don't resolve an MX record)

2. A negative block on originating domains known to be rogue.

3. A positive block on those originators from whom you always want to accept.

4. A negative block on a "scored" set of matching expressions. Making this sort of thing work cleverly requires some knowledge of things like perl regular expressions. But it is worth it - bacause you can easily make the filter handle things like the various versions of the name "viagra" that are used to try to defeat simplistic matching.

5. A positive scoring block on the same sort of thing. For example, you want to negatively block on the pattern " debt " in the body of messages - because that kills off all the American credit company spam. But that pattern will legitimately appear in mail from, say, a
mail from a work colleague (who postst from hotmail or something that you don't want to block in-toto). So you put a large positive score on something else that appears in the message text to counteract the negative score of the " debt " pattern.

This is straightforward to achieve in perl, which is fine for a low-volume end-user node like most household networks. But it can also be written in C or C++ which would optimise the performance on the machines ISPs use to their mail systems.

The nice thing about a system like this is that you have a variety of ways to implement it. Not only in terms of language and platform, but also in the architecture - there are a number of points at which you can apply the tests. You can accept all the mail, disconnect, and  process it in a "staging" mail queue. You can (in principle) modify the software that accepts the mail (though in practice you could only really do this for an open source mailer such as those you get for that various unix variants). You can accept the mail, but filter it in in the local delivery software (this is the easiest to do server-side - again on unix platforms).

Bobcatuk is correct in his assessment that protection against spam is a personal responsibility. Our legislatures won't protect us from it. But mail filtering software is only part of the answer:

1. *Never* give out your real mail address if you can help it. Don't fill in the "email" box when you configure web broswers. When you post to newsgroups, mask your return email address (make it available in a form a human reader would be able to deipher). It is appaling having to do this, but with the amount of spam around these days there is little choice.

2. *Never* click on the "unsubscribe" link. It just confirms your address.

3. If you can, get into and encourage the habit of regular legitimate correspondents PGP-signing email. And do it yourself.

4. Share your discoveries. There are a few spammers, and a lot of people who have to put up with it all. Anything you find that helps you, will also help someone else.

 

Offline Largey

  • Opinions on many things
  • ***
  • Posts: 102
Re: SPAM
« Reply #8 on: January 11, 2004, 07:32:36 pm »
Trinity,
An interesting post but.......

There is nothing broken about ISP's blocking SPAM. I am not sure what experience you have with ISP SPAM blocking but there are those who do exactly what you state. They will send you the spam headed ---SPAM--- so that you can monitor it for a while. Once you are happy that you are not loosing regular mail misidentified then you choose to automatically delete the stuff from the ISP end.
You are free to specify the domains you do want to receive mail from as well as those you don't. You can also specify any particular e-mail addresses which bother you most.
Perl and C ++ will probably confuse the majority of people reading this forum so it pays to keep things in laymans terms...:-)
 

Offline trinity

  • Opinions on many things
  • ***
  • Posts: 150
Re: SPAM
« Reply #9 on: January 12, 2004, 01:23:43 am »
Quote
Trinity,
An interesting post but.......

There is nothing broken about ISP's blocking SPAM. I am not sure what experience you have with ISP SPAM blocking but there are those who do exactly what you state. They will send you the spam headed ---SPAM--- so that you can monitor it for a while. Once you are happy that you are not loosing regular mail misidentified then you choose to automatically delete the stuff from the ISP end.
You are free to specify the domains you do want to receive mail from as well as those you don't. You can also specify any particular e-mail addresses which bother you most.
Perl and C ++ will probably confuse the majority of people reading this forum so it pays to keep things in laymans terms...:-)


I didn't say there was anything wrong with it - it is a good idea. What I said was that a filter that blocks without letting you know what it blocks, is broken. I'm not aware of any ISP that does this.

I take your point, though, about the language.

The thing is, that even if your ISP does offer filtering inbound to yourself, it is still a good idea to run your own - just like you would a virus checker. The principal reason for this is that the ISP will typically have to run their filter across a far greater amount of mail than a home - or even most company - network will see. This places some constraints on how it can work. For example, those spammers who think we all have problems keeping it up tend to turn the letters "viagra" into something that reads identifyably but will evade a simplistic filter because it is written as "V | 4 G R A". Stripping out the spaces and the | makes it easier to find - but this adds to the complexity of the filter's task and so such an approach is less suitable for a high-volume email system such as that run by an ISP.

I do disagree, though, with the notions of filtering on domain (mostly) and on an explicit email address (entirely). Spammers got wise to that one a long time ago (the last simplistic spammer I remember was "savetrees" in 1996/97). It is a reasonable assumption that the headers are forged (even, as has been pointed out here, to the extent of putting the recipient email address in as the sender). This is partly to mask their origins, and partly to get round the "no returnable address" filter. Even where they do have a return address that could be replied to, you can bet that the "user" parts of those addresses are fake.

Incidentally, I do have an interest in pattern recognition expressions for spam filtering. As such I'll always welcome ideas. In particular, I'm interested in something that could act as a "random letter" predictor. The reason is that a typical spam "Subject" might be:

"Re: Cut price meds adjhjsf"

Visual inspection of a lot of these things indicates that there ought to be some way of identifying the random stuff at the end. Low consonant count might work, and is something I'll get round to trying. But if any readers here know about linguistic anaysis I'd be happy to hear from them.
 

Offline trinity

  • Opinions on many things
  • ***
  • Posts: 150
Re: SPAM
« Reply #10 on: January 15, 2004, 11:01:18 pm »
There seems to be a new spammer around (or an old one with a new spambot). They're sending using the usual forged headers. These are, though, fairly easy to filter. In the "Subject" look for:

Re:\s[A-Z]+\,\s

That is, "Re:" followed by a single space, followed by one or more of the letters A-Z (upper case), followed by a comma and a single space. If your ISP or local spam filter lets you do this sort of configuration it would be a handy thing to add.

It would be far better to put spammers up against the wall and shoot them, rather than having to resort to this sort of filter.
 

John_fraser

  • Guest
Re: SPAM
« Reply #11 on: January 15, 2004, 11:57:10 pm »
Ways to avoid spam.

- Never post your e-mail in a news group. These guys use bots to trawl them of addresses and this is the best source. It is very easy to post anonymously and there is no reason not to. I would also advise against the trick of writing it as “john.fraser@<REMOVETHIS>mydomain.com or any variation. These guys get wise to every trick and will eventually get their bots to trawl googel’s archive for these.
- Never put you e-mail on a web site as their bots trawl these too. Which is why mine is hidden here
- As said before, never try to deregister yourself from the e-mail.
- Never even preview a HTML e-mail. These can contain image tags that can be used to confirm yours is a live e-mail address
- Never give your email to anything or anyone who you feel might pass it on. When you have to give an e-mail address to register, use a throw away one. This could be a hotmail account set up just to register, or you could buy a domain and e-mail service. The latter action can be very useful as you can give everyone a different mail address (e.g. dodgycompany@mydomain.com) and thereby see who passes you address on. It also makes killing the spam very easy.

My old e-mail address was getting 30-40 spans per day, but so far my current has stayed clean and I have avoided having to use a spam filter. Although I have no illusions: Sooner or latter I will have to invest in one or change e-mails addresses again.
 

Offline trinity

  • Opinions on many things
  • ***
  • Posts: 150
Re: SPAM
« Reply #12 on: January 17, 2004, 12:42:13 am »
Quote
Ways to avoid spam.

My old e-mail address was getting 30-40 spans per day, but so far my current has stayed clean and I have avoided having to use a spam filter. Although I have no illusions: Sooner or latter I will have to invest in one or change e-mails addresses again.


Your advice is good. But read in the part I quoted, an acknowledgement that spam filters (any sort of filters, really) are a non-ideal solution. They're inconvenient apart from anything else because they require administration. Now, I'm not that bothered about a little administration - a lot of it can be automated anyway if you're prepared to figure out how. But I am bothered by the inconvenience of changing email addresses. People's address books to get updated. PGP public keys need administering or revoking (they typically carry your address), you need to manage the changeover and so on.

That is a lot more of a pain, and is the reason why my current address (which has been the same since I registered my domain in 1996) is still valid (as is the address before that). I get anything between 100 and 300 spam emails a day. Of this, half-a-dozen at the most get through the filters, and maybe two are incorrectly routed to the spamtrap.

So whilst your behavioural advice holds good, I'd put a decent spam filter in place before I'd move email address. Besides, I don't see why I *should* have to change email address.
 

Offline Bob Horrocks

  • Opinions on everything
  • *****
  • Posts: 1555
  • Gender: Male
  • Expertises:
  • Green Belt
  • Parish Council
Re: SPAM
« Reply #13 on: February 22, 2004, 02:24:08 pm »
Don’t know how effective it will be but I have just signed up with a free America ‘Preference service EMPS opt out’ website which claims to reduce spam –-
presumably spam originating from the USA.  If you have more than one E-mail address you can sign up to three of them on the same screen.
It is www.e-mps.org/en/.  

Just for completeness, UK postal junk mail can be reduced through the Mail Preference Service on 0845 703 4599 and www.mpsonline.org.uk

The telephone equivalent is 0845 070 0707 and www.tpsonline.org.uk.

The latter two have worked for me.  On receipt of the occasional junk mail I now write back to the company demanding to be removed from their mailing list having signed up to the MPS and that they will be reported if I get any more junk from them.  The very occasional phone call gets the same earful.  I have been polite too long.  Does this mean that I am turning into Victor Meldrew?

Offline sasquartch

  • Forum Moderator
  • Opinions on everything
  • *****
  • Posts: 1416
  • Thanked: 23 times
  • Brookmans Park Forum Member
Re: SPAM
« Reply #14 on: February 23, 2004, 12:17:35 pm »
Just signed up to the TPS - hopefully this will eliminate the frequent calls we get just as we sit down to dinner.
 

Offline Susan

  • Opinions on many things
  • ***
  • Posts: 104
  • Thanked: 1 times
  • Forum Member
Re: SPAM
« Reply #15 on: February 23, 2004, 01:59:45 pm »
We’ve had our phone number for three years, but still get calls asking for the previous people (who even lived at a different address/town). I signed up with the TPS last year. It has reduced the number of calls, but not eliminated them.

In fact, last week I got yet another cold call. I explained we’d joined the TPS, and asked for their address – which was High Street, St Albans. I put the phone down, and almost immediately got another call from a different person, from a similarly (but not identically) named company.

I said, “You’re not based at High Street, St Albans, are you?”

The cheery reply was “Oh, yes, are we already doing you a quote?”  

Grrrr!
 

Offline Bob Horrocks

  • Opinions on everything
  • *****
  • Posts: 1555
  • Gender: Male
  • Expertises:
  • Green Belt
  • Parish Council
Re: SPAM
« Reply #16 on: February 23, 2004, 02:55:52 pm »
If you have a fax machine and want to reduce unwanted faxes, sign up to www.fpsonline.org.uk or phone 0845 070 0702

Sorry but I missed this one off my previous list.

Offline Swan

  • Opinions on some things
  • **
  • Posts: 76
  • Forum Member
Re: SPAM
« Reply #17 on: March 08, 2004, 01:02:42 pm »
A good site here for all your spam related questions,
http://spam.abuse.net

and also links and Faq in the overview section
http://spam.abuse.net/overview/
Godwin's Law:

As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one.
 

Offline Editor

  • David Brewer
  • Administrator
  • Opinions on everything
  • *****
  • Posts: 8927
  • Thanked: 142 times
  • Gender: Male
    • Media Helping Media
  • Expertises:
  • Walking
  • Real ale
Re: SPAM
« Reply #18 on: August 10, 2005, 01:53:20 pm »
BBC News Online is reporting just one small step against the spammers. Hopefully more will follow and we can look forward to the day when we no longer get bulk, unsolicited email. Click here to read the story 'Microsoft in $7m spam settlement'.
The Brookmans Park Newsletter has been supporting the village and our local community since 1998 by providing free, interactive tools for all to use.
 

Offline jet

  • Opinions on everything
  • *****
  • Posts: 1285
  • Gender: Male
Re: Dealing with spam
« Reply #19 on: August 10, 2005, 04:55:12 pm »
Spam must work or surely people would not send it?
Perhaps the answer is to never buy anything that is unsolicited?
Pity we cannot get damages against the providers for letting through trojans and dialers etc.
What a pity the internet is abused to all our costs in both time and cash.
regards,
jet
 

Tags: