[TheForge] MORE OT - spamming, and such troubles (was Re: OT Al McClure)

Gabriel Cain [email protected]
Mon Jul 21 13:24:01 2003 

Comments inline...

<quote who="terry l. ridder">
> hello;
>
> with all due respect, this type of spam blocker is doing nothing to
> really stop spam.

Agreed.

> the spammer does not care if you read the spam or not,
> that is immaterial, what matters to the spammer is if it was delivered.

That's not necessarily true... The goal of a spammer is to generate
click-throughs to their customers so they gain reputation as a valueable
ally in advertising.  The more successful delivery *that are read*, the
better the spammer's rep. in that community.

> we have gone over to a complete whitelist for e-mail. everyone is
> blocked from even delivering e-mail. only those e-mail addresses
> explictly entered in the whitelist will be be accepted for delivery and
> only from the domain name service list 'mx' host. there are two e-mail
> addresses which are required by various 'rfc's to accept e-mail no
> matter what, those are 'abuse' and 'postmaster'. so now the spammers are
> spamming those. there are some good free spam delivery blocking services
> out there. in my opinion, spews.org is the best of the pack.
>
> http://www.spews.org.

I must disagree with regards to spews:
   1.  Spews does not account for the source of their complaints
   2.  Many valid providers are listed in spews.
   3.  Spews doesn't remove people.  Once you've been listed in spews, it's
       nearly impossible to get out.

> what is needed is a federally sponsored signup list. similar to the new
> 'do not call' list, except those e-mail addresses entered would accept
> spam.

That'd be nice to see...

> if the e-mail address is not in the list do not send spam. any
> federal action also needs to allow the end-user to seek civil
> penalties if someone does spam them. those penalties need to go after
> the isps which are harboring the spammers and issuing those 'pink'
> contracts.

Pink contract, for those not in the ISP game, is a contract wherein a
customer of an ISP is free to spam without reprisal.

> with the new 'do not call' list the amount of spam is just going to
> continue to increase. they may not be able to call you but they can sure
> spam you. the intent of the 'do not call' list is basically correct the
> follow through sucks. the feds are just moving the problem from the
> telephone to the mailbox.

Unfortunately so.

What I use, and it works quite well, is SpamAssassin
(http://www.spamassassin.org) - it tags messages based on how spammy they
appear to be.  This allows custom filtering based on the score of the
message.  Much more forgiving of legitimate mail.

HTH,
Gabriel (sysadmin for ~120k email accounts)

-- 
Gabriel Cain                Systems Administrator
(206) 522-8959              and Amatuer Blacksmith
[email protected]    Dreaming Crow Forge

http://www.dreamingcrowforge.com - Take a look =)