[SGVLUG] fyi - excellent discussion re spam on LAMP SIG

matti mathew_2000 at yahoo.com
Fri Apr 25 16:52:52 PDT 2008


From:	brewthatistrue at gmail.com  Add Mobile Alert
To:	"LAMP-SIG General User Mailing List"
<lamp-user at maillist.lampsig.org>
Subject:	Re: [Lamp-user] Spam killing sites


Good points by Brad.

Unless tied to some kind of honeypot, this tactic is largely useless
 against
modern spammers that uses thousands of zombie PCs to send spam from
botnets of hijacked computers.

Here's my 2 cents on anti-spam philosophy.

Filtering isn't disincentivizing spammers, as they are sending more
spam than ever.
It's time for those interested in stopping spam to find new approaches
(such as participating in a honeypot project).

Some newer initiatives target web hosts and registrars whose services
are being abused by spammers.
The ultimate goal is to make business harder for spammers, through
reporting, shut-downs, and as many arrests as possible.

For more info on a few of these methods, see:
http://spamtrackers.eu/wiki/index.php?title=Reporting_Spam
http://wiki.castlecops.com/Anti-Spam_Services_Overview
http://wiki.castlecops.com/Bulk_Spam_Reporting

On 4/25/08, Brad Knowles <brad at shub-internet.org> wrote:
> Rez wrote:
>
> > http://www.eqcity.com/files/spam2h13.zip
> > spam2html.EXE v1.30 This DOS program reads a text file "spam.cfg",
 which
> > has a single e-mail address on each line, and creates a web page
 full of
> > e-mail links. External configuration file for show or hide e-mail
> > addresses, decide how many e-mail addresses per page, test for
> > incomplete addresses. Written in PowerBasic (DOS). Last revised
> 11/09/2002.
>
> IME, wpoison was one of the best implementations of this kind of
 tool, since
> it had a wide array of various types of bogus addresses it would
 generate,
> and try to lead the spam-spider down an endless series of pages
 designed to
> exploit various known weaknesses in the spider code.
>
> It was also tied into a honeypot system, so that if you sent spam to
 any of
> the generated addresses, it could then tie that spam back to a
 specific
> spam-spider incident, and give you the date & time, IP address,
 etc... of
> the particular crawler which was given that particular address.
>
> > However... I'm wondering how this does anything to discourage
 spammers,
> > or does anything but waste everyone's bandwidth -- since most use
 some
> > unwitting person's zombied PC to send spam, and don't care how many
 of
> > the email addresses on their mailing list are good or bad; it's all
> > automated anyway. It only makes a difference if a spammer is
 offering
> > differential prices on "known good" vs "shotgun to the whole world"
> > mailing lists.
>
> The honeypot part of the system is an effective tool against
 spammers, since
> it causes them to identify themselves to the defenders, and you can
 quickly
> black list them and prevent them from sending out more spam to you.
  This is
> one of the key tools behind distributed reputation monitoring
 systems, such
> as used as a component of calculating IronPort SenderBase scores.
>
> If you're not tying it into a honeypot and recording all the
 information
> associated with the random garbage e-mail addresses you're
 generating, then
> you're just wasting your bandwidth.
>
> --
> Brad Knowles <brad at shub-internet.org>
> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
>
> _______________________________________________
> Lamp-user mailing list
> Lamp-user at maillist.lampsig.org
>
 http://maillist.lampsig.org/mailman/listinfo/lamp-user_maillist.lampsig.org


      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ


More information about the SGVLUG mailing list