Frustration with spam hits new high

[Philip OKeefe]

http://www.msnbc.msn.com/id/4549635/

 

Noticed an increase in the amount of spam you're getting lately?

 

Have a suggestion for a solution to the epidemic spam problem?

 

Know of a good spam blocker?

 

Discuss.

[Dan South]

Yeah, it's on the increase. I was getting about eighty message a day for some time. Now it's suddenly about 130 to 140 a day. Ridiculous! Yahoo channels the mail into a "Bulk" folder, but it still sucks up my available space. I wish they'd permit a "delete after one day" feature on the Bulk folder.

[Rog]

I never get spam, only people and organisations I 100% trust get my email address. The rest get hjdhdh@hfherh.com

[Jim Novak]

Look up "Popfile" on Google.

[nursers]

It's totally beyond me why ISP's don't strip .pif attachements straight from emails etc...

[Alndln]

Originally posted by Philip O'Keefe:

Have a suggestion for a solution to the epidemic spam problem?

Yes,a long time ago I figured out this solution.I kept my Hot mail Email for signing up for things only(forums ect.),knowing spam would follow that trail,so most of the time I'll visit it once in a while and just bulk delete everything.For my real Email,I found a service(free)that has no spam whatsoever,nothing.In fact,not one peice of spam in over 2 years.All the garbage goes to my Hotmail decoy.They don't call me a smartass for nothing!

[Base]

That's pretty much exactly what I do, have a few e-mails and the one I use most doesn't get used to sign up for ANYTHING!!!! Had a hotmail address that was rendered utterly useless by spam. My work address gets quite a bit after a colleague thought it would be amusing to sign me up for something with it (and consequently got set up on autoforward from my spam filter!!!), but the level of spam there is dropping for some reason?!?

[PBBPaul]

Originally posted by Alndlnbot:

Originally posted by Philip O'Keefe:

Have a suggestion for a solution to the epidemic spam problem?

Yes,a long time ago I figured out this solution.I kept my Hot mail Email for signing up for things only(forums ect.),knowing spam would follow that trail,so most of the time I'll visit it once in a while and just bulk delete everything.For my real Email,I found a service(free)that has no spam whatsoever,nothing.In fact,not one peice of spam in over 2 years.All the garbage goes to my Hotmail decoy.They don't call me a smartass for nothing!

That's exactly what I do. I had the same email for about 6 years and was getting 80-100 spams a day. I changed ISPs, set up a Netscape.net account for registrations and kept my other one for real emails only. No spams anymore.

[Philip OKeefe]

The second email account on something like Hotmail or Yahoo is a good idea. Unfortunately, you can no longer use either of those to register with this site (due to abuses by a few people). That's also true for some other sites on the Internet. In addition, some of us have our own businesses and need to be reachable by people we don't even know, so we have to publish our email addresses and can't just route them to a fake email account where we blindly delete them. I've got spam filtering, and it's certainly helps, but I do miss some messages I want, and some spam still gets through.

 

I'm not so sure I'm "for" governmental controls, or that they'd even work for that matter, but then again, a "do not call list" type solution for spam (with hefty fines for violations) couldn't hurt. But I think they'd just move "offshore" and spam from there.

 

IOW, I don't have any suggestions for a solution that would actually be effective for people such as myself.

[lakeside studios]

Spam has been made illegal in the European Community. All of my 100 or so daily spam e-mails in my studio mailbox originate from the USA. Most of them I find offensive. What could possibly be wrong with legislation banning unsolicited pornographic material (the titles of some of these mails make me shudder) from clogging up the bandwidth? If something isn't done, the whole system will grind to a halt. What price commercial freedom then?

[Philip OKeefe]

Well, if we implemented the same laws as the EU, the spammers would just shift the point of orign to China, or Russia, or Cuba, or Angola, or...

 

But I agree - something needs to be done. I'm sick of this crap.

[LiveMusic]

Mine has jumped four or five times increase in the past couple of months. It is a huge problem and getting worse. I mean, as in, email becoming worthless. I read a lot about it in marketing forums. Missing emails due to spam blockers is unacceptable. If you are in business, not returning phone calls won't work and not returning emails (that you never got due to spam folders) won't work. If email is to continue as a viable b2b communication method, a solution has to occur.

[Alndln]

Originally posted by Philip O'Keefe:

some of us have our own businesses and need to be reachable by people we don't even know, so we have to publish our email addresses and can't just route them to a fake email account where we blindly delete them.

Publishing your address on your site/buisness is not really the problem,but rather when you enter it in a sign up procesess or buy something.You can still have an Email address that this or other sites accept and only use that address when promted for any of the above,just don't use the same account for your buisness and you can still publish it.Of course there's no garantee that some other buisness won't get ahold of it,but in all likelyhood it won't get sold or generate the type of spam your getting in an all purpouse box.Also popular addressess like Yahoo and Hotmail ect. are prime targets,I chose an unkown company that no one seems to know.If your interested give me a PM( ) and I'll give you the address.I garantee though,if you use the company I'm using for your buisness and even advertise it on your site, you won't get what your getting now if anything.

[Franknputer]

Originally posted by Jim Novak:

Look up "Popfile" on Google.

I just put POPFile on my wife's PC last week. It looks like it's going to help.

 

It's a 'smart' filter, which means it gets trained along the way to spot spam. It starts out 'dumb', i.e. it knows nothing until you start telling it what is & isn't spam, but then it picks up pretty quickly. They say that by the time you process 500-1000 emails with it it gets very accurate. It integrates pretty nicely into Outlook (my wife's choice...).

 

Me, i use spamassassin under Linux, and it works well too. Also need training, but at work it does very well for me. Example: went in Monday, received 132 emails (of which 2 were legitimate) and SA correctly ID'd 122 and missed 8.

 

Spam sucks, though - and I think the only way it's really going to slow down is by rewriting the sendmail protocol, which goes back to the earliest days of the internet & was never designed with the kind of security needed today.

[phaeton]

It's totally beyond me why ISP's don't strip .pif attachements straight from emails etc...

 

Well, some do. The ISP i work at simply blackholes any attachments like:

 

*.pif

*.exe

*.vbs

*.scr

*.lnk

*.eml

 

Because of what they *may* contain. Recently we had to add *.zip to that because the latest run of internet worms transmit via zip files (and there are people dumb enough to unzip and run attachments from people they don't know).

 

Most of the time, this works out great, but then you've got businesses that are emailing plans for electronic circuit designs, or spreadsheets, or people sending loads of pictures of their grandkids, or (as Microsoft encourages) 7.4Gb files made with Microsoft MovieMaker.... So most people will zip these up and send them, but now the ban on *.zip files is a problem.

 

(aside from the fact that email was never designed for this)

 

In fact, just last night we had to create a rule for *.rar and *.PAR files. A company in mexico is emailing fuckware to our customers, claiming to be our support staff with a 'your account will be terminated if you don't run the attachment and verify your username and password in 3 days' crap.

 

It's a warzone out there, guys. If only you knew what your ISP deals with behind the scenes.

 

Certain places, ip ranges, or domain names you can blackhole, which means NO mail, spam or otherwise will ever get into your mail system. For example, we have all of SouthEast Asia (kiddie porn and viagra adverts) , and most of the Eastern Bloc countries in Europe blocked (beast porn and viagra). Works out pretty good. That cut the amount of spam by about 20%, but then when you get a customer like Ming, who wants to email back and forth with her grandmother in PhanRang, what do you do?

 

You could open the floodgates for everyone, or tell her "sorry, you'll hvae to get a yahoo or hotmail account".

 

This is how problems with spam cost you customers, folks. Sometimes people leave us to go to a different ISP. Often they find the same problem there, or they end up at an ISP that just doesn't give a crap, and they get an email account that is flooded to capacity within a day.

 

As far as the amount of spam we see here.. Our mailserver receives 35,000 messages a day. (this doesn't count the stuff that's blackholed).

 

20,000 of those are thrown away as spam. Out of the 15,000 left, about 10,000 are legit, and the 5,000 are new types of spam that need to have filters and rules written for them. Every day.

 

Oh and btw, network traffic costs an ISP money, no matter what type it is. We've calculated that spam costs us (in bandwidth and man-hours) about $7,000 a week.

 

So complaining to your ISP is preaching to the choir... but there *are* things you can do to help yourself (and them).

 

1) it has already been said that getting a separate email account for signing up for crap and junk and whathaveyou. Feel free to send all your shit to my blahbleh666@hotmail.com account.

 

2) Don't post your email account on your website, in its unaltered form in newsgroups, or forums, or anywhere that a bot can crawl the website looking for it. (you know, like i just did above) This is why you see stuff like:

 

blahbleh666@nospam.com

 

(replace "nospam" with "hotmail" to email me)

 

all over the place.

 

3) When you get junk mail, just delete it. Don't open it, because when you do, your mail client will request the embedded images. You must understand that spammers have a very low hit to miss ratio in the millions of emails they send out. The spammer's servers keep track of image requests v.s. email accounts, and this is how they verify that they've found a legitimate email account. Outlook Express is bad in that it "previews" the message even if you click on it to delete it.

 

4) Also when you get junk mail, don't participate in their "to be removed from this list, click here" or "send a message to..... with 'unsubscribe'". Once again, this is how they verify that they've found a legit email account.

 

5) STOP FSCKING FORWARDING JOKES!!! If i had a nickel for every time i've gotten a "FW:FW:FW:FW:RE:FW:RE:FUNNY!:FW:FWR:FW" in my inbox, i'd be able to buy a drunken horse. Aside from the annoyance of this, ever notice that these messages have about 300 email addresses in the header? 300 email addresses JUST RIPE FOR HARVESTING IF THEY GET IN THE WRONG HANDS?????

It's been said that the #4 source of lists of email addresses that spammers use comes from exactly this.

 

Well hell... i could write up some more, but i'm at work, and i have to go help someone with an email problem

 

If i get time, i'll write up some more tips.

 

(btw, i'm not getting on anyone's case, i'm trying to help. honest)

[Base]

I still don't get how spammers make any money?!? It must cost them to send all these mails (I know they do it because it is more cost effective than other methods, but it must still cost something), and yet who on EARTH ever buys anything from them, the sort of crap that they offer?!?!

 

BTW, if you want to send jokes, just blind copy everyone you send it too...

[phaeton]

I still don't get how spammers make any money?!? It must cost them to send all these mails (I know they do it because it is more cost effective than other methods, but it must still cost something), and yet who on EARTH ever buys anything from them, the sort of crap that they offer?!?!

 

1) people *do* send them money. Believe it or not. There's a sucker born every minute.

 

2) More and more lately, spammers send their junk mail using someone elses's resources. Typically they hijack a Microsoft Exchange Mailserver (because they are an open relay by default).

 

Essentially, it's a free ride for them, and someone else pays their costs.

[LiveMusic]

BTW, you can use an encryption script to hide the email address on your site. If anyone wants it, if you know to build a webpage, you can do it through various scripts. Or I can do it. I think my spam problems are yahoo related.

[Thomas Wilburn]

Since I have pretty good control over creating mailboxes for thomaswilburn.net, I just add a redirector as the main mail link. Anyone who uses the front page to send me a note is actually sending it to "maildub5@thomaswilburn.net," then the server internally routes it to my real address. Every now and then I change the redirect address, whenever I start getting too many letters from earnest Nigerian businessmen.

 

I mean, there's only so many of those guys I can send my money to.

[Groovepusher Sly]

OSX Mail is pretty good at filtering spam, the only thing that does get through are messages with proper names in the from field. Those I tag and bounce back.

Right now there's one spammer that keeps getting through using this method, but it seems like after awhile the program figures out what to do to block even these guys. So I'm satisfied.

 

Sly

[bassix]

Let's start by trying to keep spammers from getting our e-mail addresses, there's basically only three ways in which they acquire e-mail addresses:

 

1. They have programs scanning websites (including forums) for e-mail addresses. Avoid ever posting your e-mail address on any website (ie me typing santa@northpole.net in here will generate viagra offers to that address for sure).

 

2. Spyware. Comes in the form of cookies but also as programs that are installed without you knowing about it. Usually along with shareware/freeware/adware programs. Avoiding these little buggers is hard as it would mean you stop installing ANY programs. A solution for this comes in the shape of spyware killers. BEWARE THOUGH!!! there are a number of fake spyware killers which install spyware themselves. One product even installed a trojan (my norton antivirus intercepted it luckily).

 

Adaware used to be the best spyware killer but no longer is. I recommend the free Spybot Search & Destroy Which rids your harddrive of most spyware. A product named Webroot Spysweeper detects and removes even more then Spybot does.

 

3. Through e-mail based product/website registration. ALWAYS use a secondary (hot)mail address to register with websites, basically only use your business e-mail address for business contacts (clients etc.) you know. My personal e-mail address is still free of any spam so far. I have 3 hotmail addresses and a number of other extra ones I use for dodgy websites only.

 

There are a number of anti spam tools you can download but none of them work 100% and most require manual actions. Since the FROM field in e-mail can be freely changed to anything (why hasn't anyone bothered to change that ridiculous rule yet?) spam from certain addresses cannot be stopped, the only way to block spammers is by blocking the entire mail server which sent the spam. Don't be fooled into buying anti spam products, there's free ones. I use none but my own senses.

[Another Bob]

Recently I attended a meeting in which a government official wanted to put the attendees on a mailing list. Some of us objected because we know what happens to email accounts that make use of list servers. Then I get an email saying we were all put on and anyone who does not want to participate could remove their names. That did it. The email account that I had successfully protected for so long got totally screwed over by an idiot without a clue. List servers are the worst for spam. Within two weeks I started getting 100 spam emails a day and some rejected emails where spammers used my email address as the return. My solution was to delete the account and create a new address.

 

Bob

[John Sayers]

I use a free program called "Mailwasher"

 

http://www.mailwasher.net/

 

It allows me to preview my email on the server - I can then delete/bounce/blacklist the spam at the server.

 

I now only get around 10 a day.

 

cheers

john

[Salyphus]

Originally posted by Another Bob:

Recently I attended a meeting in which a government official wanted to put the attendees on a mailing list. Some of us objected because we know what happens to email accounts that make use of list servers. Then I get an email saying we were all put on and anyone who does not want to participate could remove their names. That did it. The email account that I had successfully protected for so long got totally screwed over by an idiot without a clue. List servers are the worst for spam. Within two weeks I started getting 100 spam emails a day and some rejected emails where spammers used my email address as the return. My solution was to delete the account and create a new address.

Just FYI, there's nothing inherent to mailing lists that cause this problem. The issue is when they make the membership roster and/or list archives available to the general public and therefore indexable by Google and the like. (Though that is probably the default setup if the admin doesn't know any better.) There are also ways to hide the email addresses.

 

Just saying, you can be safe being on a list, if the person administering it is careful and knows what they are doing. Of course, there is not any guarantee that this will be the case, so your concern is warranted. Safest bet is to use an email address specifically for that purpose.

[Rim]

Many great suggestions here, especially phaeton (please post more when you can).

 

There are organizations out there working on this problem. One of them is: Anti-Spam Research Group(ASRG)

 

One of the things ASRG is looking into is Sender Policy Framework(SPF) . As stated on their Executive Summary, SPF is not the only solution nor is it complete but it may help. The basic premise is, an organization that sends mail via their domain name, like @musicplayer.com, will register the IP addresses of their mail servers that are allowed to send as that domain name. A mail server receiving mail that is supposed to be from @musicplayer.com will then check the IP address that the mail is actually coming from with the registered IP addresses for @musicplayer.com. If they match then you can be fairly sure the mail is actually coming from @musicplayer.com. If not, it's most likely spam and the receiving mail server can be configured to act accordingly. As stated, there are loopholes to this and this won't solve all the spam problems. The attractive part of this is it can be fairly easily implemented.

[Salyphus]

Recently we had to add *.zip to that because the latest run of internet worms transmit via zip files (and there are people dumb enough to unzip and run attachments from people they don't know).

That's insane! I can understand filtering the other types of attachments, but you can't filter out .zip files! That's throwing the baby out with the bathwater! Anyone who is going to go to that much trouble to get a virus is beyond this kind of help, and needs education.

 

There's nothing stopping them from downloading anything from a URL in their email anyway, are you going to have to filter out URLs next?

[nursers]

Thanks for the in-depth info phaeton

[Base]

!&^$%£&^&% AND EVERY FRICKIN' CURSE YOU CAN IMAGINE!!!!!

 

After posting yesterday about how great the 'have a second e-mail account and never EVER sign up for anything with your primary one' method works, today I have a returned e-mail where some piece of pond-scum has used MY e-mail to send out spam!!!!

 

WHY?!?!? ARRRGGGGHHH

 

That's it, we need the death sentence for all spammers...

[Lee Flier]

I use Mozilla for email and it's got an awesome "smart" spam filter that learns as it goes. It has REALLY cut down on the number of spams that actually hit my inbox, and the other cool thing is that even if you have message preview turned on, anything that goes in your spam folder won't download images even if you click on the spam, unless you "un-mark" it as junk.

 

The spammers just keep getting more and more insidious, meanwhile. Lately I've been getting some that say "Your credit card has been charged..." saying that I placed an order for Viagra or whatever. Obviously they hope to trick you into writing back and inquiring. Then there's the "account-jackers" who send you email purporting to be from eBay, Earthlink or other popular services and say you need to "update your credit card information."

 

Then too, the telemarketers are also getting scummier. I'm on the Do Not Call list in my state, and between that in my caller ID it's worked great for the last several years. However lately, people have started calling from what looks like a residential number and shows up on the called ID as such (work at home telemarketers obviously). Then if you answer, they try to tell you that you called THEM to inquire about their business (businesses that you've called are done business with before are exempt from the Do Not Call laws). This is, of course, utter BS. Last week I even got a call from a woman whose name was exactly the same as our drummer's wife! So I saw the name on my Caller ID and thought it was her, but it was somebody from a mortgage company that "I had talked to" about refinancing. Yeah, right.

 

GRRRR.

 

(EDIT) I just got a piece of spam (an ad for an "enlargement" product, what else?) which I found pretty amusing. It was from a Mr. "Caves R. Overstocked" and it read "The man who has ceased to fear has ceased to care." Who comes UP with this stuff? Errhh, no pun intended.

[Rim]

America Online, Microsoft, EarthLink and Yahoo have teamed up to file the first major industry lawsuits under the new federal antispam law

 

Excerpts:

In the complaints, the companies claim that the accused spammers have sent deceptive solicitations for a variety of products...

 

They also claim that the defendants have used open proxies, which send spam through third-party computers to disguise their point of origin, and used false "from" e-mail addresses. They claim the e-mails were sent without physical addresses. And the messages failed to include an electronic unsubscribe option. Each allegation is a violation of the Can-Spam law.

"Todays filing proves that the days of spamming with impunity are finally over," Wyden said in a statement. "These suits will have to be settled in a court of law, but I believe this action marks the dawn of a new day for spammers--one in which they face real accountability."

I'm not as optistic as Senator Wyden, though.