From: owner-alloy-digest@smoe.org (alloy-digest) To: alloy-digest@smoe.org Subject: alloy-digest V9 #112 Reply-To: alloy@smoe.org Sender: owner-alloy-digest@smoe.org Errors-To: owner-alloy-digest@smoe.org Precedence: bulk X-To-Unsubscribe: Send mail to "alloy-digest-request@smoe.org" X-To-Unsubscribe: with "unsubscribe" as the body. alloy-digest Wednesday, December 1 2004 Volume 09 : Number 112 Today's Subjects: ----------------- Re: Alloy: Spam & Alloy (wee bit OT) [Paul Baily ] ---------------------------------------------------------------------- Date: Wed, 1 Dec 2004 13:41:49 +1000 From: Paul Baily Subject: Re: Alloy: Spam & Alloy (wee bit OT) Hi all, Sorry Bryan, meant to write on this back then. Waaay back on 09/11/2004, at 6:15 AM, Brian Clayton wrote: > I have reached the point that I believe I need to abandon my ages-old > email address in order to sidestep the flood of spam that now plagues > my > mailbox. Yep, they're the first people that should be put up against a wall and shot in a revolution. Well, them and telemarketers. Oh, and RIAA. You get the picture. > Filtering alone doesn't seem to be a good enough solution > anymore, as the spammers are fighting back by adding random words, > misspellings, etc, to counteract the filters. Besides, filtering the > spam > still means I have to *accept* the spam to test it; better that it > bounces > altogether and not waste my time/space/energy. Do you/Late Night Software run your own email server? If so, I'd highly recommend whacking a LAMP box with MailScanner and SpamAssassin betwixt it and the rest of the world. I built one for my current work gig several months ago and the results are quite something. But then if it's for a single account, as you say it may not be worth time/energy. > Anyway, I would like to change my address... however, as some of you > may > know, postings to this list are archived at smoe.org > (http://www.smoe.org/lists/alloy/) where the list maintainers make NO > effort to remove or obfuscate the email addresses from the > archives--ripe > pickings for a spammer's webcrawling software to harvest. Yeh, this is something I'm a little er- surprised is still the case. The address I use here I use /nowhere/ else except one-on-one chats and it's slowly starting to get spammed so I'm getting close to churning it. > Since I see no point in changing my address only to have it again > publicly > revealed to the internet-at-large, I'm left with a problem. Either the > folks at smoe.org need to be convinced to correct this problem with > their > archives, or I'll have to remember to use a fake address each time I > post > to Alloy to maintain my privacy against the spammers. Just had a look at smoe's pages, looks like Jeff is working on migrating the lists over to Majordomo 2 and that looks like it'll make it more difficult for spiders to harvest archives for addresses. No idea what the timeframe would be but maybe it's worth holding off changing addresses until then? > I figure everyone here must suffer from spam to some degree, so I > thought > I'd float these ideas on the list. What would *you* do? I set up list addresses for the various lists I'm on, e.g. mglists@... genlists@... etc. Alloy is the only exception to this, but maybe that'll have to change. List addies are much more easily churned, and with my webhost I can keep the wildcard address but add recipes e.g. if I were to switch genlists to genlists2 (and change all my subscriptions accordingly) I could leave a recipe that bounces every message addressed to genlist with a nice specific 5xx error like "Die Spammer DIE!" or something. The target has moved so you're no longer having to accept the message, it's stopped at the MTA's RCPT TO command. As you say, with archives being harvestable, that only moves the target and the new addresses would start accumulating spam slowly from the moment you post, but with list addresses at least you don't have to send change of address messages to all & sundry every 12 months, just to a couple of list servers. And before anyone mentions it, challenge/response (PYLM) systems are (IMHO) evil and should be avoided. Doubly so Plaxo. Just sayin'. :-) > And, in a last-ditch effort to stay on-topic, What Would Thomas Do? Thomas surely would deal with the problem by sending back (he's always in the future y'see) beatnik-powered cyborgs that will hunt spammers down before they even do their first spam run. Any minute now servers all over the world will breathe a sigh of relief as 90% of traffic suddenly never existed, and pwned Windows machines will start crashing of their own accord rather than someone else's. Seriously, I think the only way the problem is going to go away is if international law starts treating it seriously, and makes the practice illegal. Laughing? Well understandable without clarification. You don't just hunt down the spammer. You also hunt down and penalise the supplier of whatever it is the spammer is trying to pedal. No matter how obfuscated the sending address may be, there's got to be a valid place to buy the . Go after them - and I mean seriously go after them - and suddenly spamming starts becoming less profitable. In fact, MailScanner (and I'm sure other spam filters) use this to great effect by not only checking the sender's IP address against blacklists, but URI checking, ie. check the 'click here to buy' links inside the message against blacklists. As Uhura once said "the thing's gotta have a tailpipe." Sorry folks, didn't mean to go on quite that much! cheers, Paul. [note to self: don't watch STVI for a while] ------------------------------ End of alloy-digest V9 #112 ***************************