ussailis at shaysnet.com wrote: > Here's an idea. > > Since I have become the owner of Shaysnet, I have had a chance to look at a > lot of spam. What I have observed is many of my users get the same stuff. > So, couldn't there be a program that says "if X users (let X be some > reasonable number like 4) get the same mail, it is spam, therefore deal > with it" > > Of course my "deal with it" would be to collect all the spam for one day > and send it all back to the first spammer of that day. If enough ISPs did > this... Not good. That's called back scatter. Spammers forge the headers. The from and return-to addresses have probably been forged and are not going to be even the compromised machine that sent the spam, let alone the spammer. Those addresses may even be the target. You probably get spam messages bounced back to you that you never sent. You may not understand why you are getting the undeliverable message. It is because of improperly programmed or mis-configured mail handlers that use the from or reply-to addresses to send back undeliverable messages. Some people are more likely to click on the links in such a case to try to figure out what's up. Spammers take advantage of this situation by identifying mail handlers that backscatter and sending mail to them with the return address being the target. It's a different angle on the targets that might work, and it hides the spammer behind one more level of indirection. -- --------------- Chris Hoogendyk - O__ ---- Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~~~~~~~~~ - University of Massachusetts, Amherst <hoogendyk at bio.umass.edu> --------------- Erdös 4