An actual (albeit small) success story: A few years ago one of my domains was being spoofed by a group of spammers, and I was collecting all of their backscatter (1000's of emails / day) from the email addresses that didn't exist on their list. Naively, I traced the sources to several smtp-relay-enabled servers, determined the owners (only two, one in Texas and another in California), and I sent cease-and-desist emails to them. No response, nothing changed. I also noticed that in the spam-mails, I assumed, pirated software was being sold (WinXp for $25, c'mon, ridiculous). Fearing that I might be held reponsible at some point for the spammers' criminality, I contacted a few of the largest of these exploited corporations to let them know that I, in no way, was connected to these emails, as I was being exploited myself and was just looking for some help. No response. So, thru whois db searches I determined that the sites that these spam-mails were advertising were physically located in Russia and China. I contacted ISP's and NOCs in Europe and Asia (AbuseEmail,...), with no response. I'm a developer, so after a couple weeks of this, I couldn't stand by. I wrote a quick script that sent (using randomly generated names) 100000 emails (Subject: Spammers Suck, Body: Spammers Suck) once every two minutes for half an hour with their domain as the return address (they receive the backscatter for addresses that don't exist on their domain). I looked up a website that was on their domain, and it blacked out, initially, a few secs every five minutes, up to full blackout after 25 mins. Yes, I had performed a denial of service(DOS) attack. I'm not proud, and I DO NOT recommend that anyone do this, as I could be prosecuted for this action, BUT, to this day, I receive zero spam on that domain without any filters (by zero I mean maybe 5-10/week, kinda sad that that's the defintion of zero nowadays). So, its kind of like 'Apocalypse Now', "Activity dropped off in that sector... He must have hit the right people". It's probably because I'm on some blacklist (not email) somewhere, and the Russian mafia will, one day, even the score, but that's my paranoid delusion. I also have to assume that some ISP somewhere may have taken notice after I performed this (less than savory) action. I'm a mid-level network and sys admin, and it took me close to two weeks to connect the dots, so I can't imagine everyday folks could attain this "success". The way I see it, cleaning up spam is, generally speaking, a twofold operation; shutting down spammers at the root (the actual spammers/criminals, impossible), and then cleanup (netbots). Attaining a spam-free internet? Doubtful. Striving to make the internet better? Certainly. PT ----- Original Message ----- From: "Chris Hoogendyk" <hoogendyk at bio.umass.edu> To: <ussailis at shaysnet.com> Cc: <hidden-discuss at lists.hidden-tech.net> Sent: Tuesday, August 26, 2008 10:25 AM Subject: Re: [Hidden-tech] An Idea about Email ** Be sure to fill out the survey/skills inventory in the member's area. ** If you did, we all thank you. ussailis at shaysnet.com wrote: > Here's an idea. > > Since I have become the owner of Shaysnet, I have had a chance to look at a > lot of spam. What I have observed is many of my users get the same stuff. > So, couldn't there be a program that says "if X users (let X be some > reasonable number like 4) get the same mail, it is spam, therefore deal > with it" > > Of course my "deal with it" would be to collect all the spam for one day > and send it all back to the first spammer of that day. If enough ISPs did > this... Not good. That's called back scatter. Spammers forge the headers. The from and return-to addresses have probably been forged and are not going to be even the compromised machine that sent the spam, let alone the spammer. Those addresses may even be the target. You probably get spam messages bounced back to you that you never sent. You may not understand why you are getting the undeliverable message. It is because of improperly programmed or mis-configured mail handlers that use the from or reply-to addresses to send back undeliverable messages. Some people are more likely to click on the links in such a case to try to figure out what's up. Spammers take advantage of this situation by identifying mail handlers that backscatter and sending mail to them with the return address being the target. It's a different angle on the targets that might work, and it hides the spammer behind one more level of indirection. -- --------------- Chris Hoogendyk - O__ ---- Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~~~~~~~~~ - University of Massachusetts, Amherst <hoogendyk at bio.umass.edu> --------------- Erdös 4 _______________________________________________ Hidden-discuss mailing list - home page: http://www.hidden-tech.net Hidden-discuss at lists.hidden-tech.net You are receiving this because you are on the Hidden-Tech Discussion list. If you would like to change your list preferences, Go to the Members page on the Hidden Tech Web site. http://www.hidden-tech.net/members