[Hidden-tech] An Idea about Email

Peabo Throckmorton pizzachest at hotmail.com
Tue Aug 26 17:16:56 EDT 2008


An actual (albeit small) success story:

A few years ago one of my domains was being spoofed by a group of spammers,
and I was collecting all of their backscatter (1000's of emails / day)  from
the email addresses that didn't exist on their list.  Naively, I traced the
sources to several smtp-relay-enabled servers, determined the owners (only
two, one in Texas and another in California), and I sent cease-and-desist
emails to them.  No response, nothing changed.

I also noticed that in the spam-mails, I assumed, pirated software was being
sold (WinXp for $25, c'mon, ridiculous).  Fearing that I might be held
reponsible at some point for the spammers' criminality, I contacted a few of
the largest of these exploited corporations to let them know that I, in no
way, was connected to these emails, as I was being exploited myself and was
just looking for some help.  No response.

So, thru whois db searches I determined that the sites that these spam-mails
were advertising were physically located in Russia and China.  I contacted
ISP's and NOCs in Europe and Asia (AbuseEmail,...), with no response.

I'm a developer, so after a couple weeks of this, I couldn't stand by.  I
wrote a quick script that sent (using randomly generated names) 100000
emails (Subject: Spammers Suck, Body: Spammers Suck) once every two minutes
for half an hour with their domain as the return address (they receive the
backscatter for addresses that don't exist on their domain).  I looked up a
website that was on their domain, and it blacked out, initially, a few secs
every five minutes, up to full blackout after 25 mins.  Yes, I had performed
a denial of service(DOS) attack.

I'm not proud, and I DO NOT recommend that anyone do this, as I could be
prosecuted for this action, BUT, to this day, I receive zero spam on that
domain without any filters (by zero I mean maybe 5-10/week, kinda sad that
that's the defintion of zero nowadays).  So, its kind of like 'Apocalypse
Now', "Activity dropped off in that sector... He must have hit the right
people".

It's probably because I'm on some blacklist (not email) somewhere, and the
Russian mafia will, one day, even the score, but that's my paranoid
delusion.  I also have to assume that some ISP somewhere may have taken
notice after I performed this (less than savory) action.

I'm a mid-level network and sys admin, and it took me close to two weeks to
connect the dots, so I can't imagine everyday folks could attain this
"success".

The way I see it, cleaning up spam is, generally speaking, a twofold
operation; shutting down spammers at the root (the actual
spammers/criminals, impossible), and then cleanup (netbots).

Attaining a spam-free internet?  Doubtful.
Striving to make the internet better? Certainly.

PT



----- Original Message ----- 
From: "Chris Hoogendyk" <hoogendyk at bio.umass.edu>
To: <ussailis at shaysnet.com>
Cc: <hidden-discuss at lists.hidden-tech.net>
Sent: Tuesday, August 26, 2008 10:25 AM
Subject: Re: [Hidden-tech] An Idea about Email


   ** Be sure to fill out the survey/skills inventory in the member's area.
   ** If you did, we all thank you.




ussailis at shaysnet.com wrote:
> Here's an idea.
>
> Since I have become the owner of Shaysnet, I have had a chance to look at
a
> lot of spam. What I have observed is many of my users get the same stuff.
> So, couldn't there be a program that says "if X users (let X be some
> reasonable number like 4) get the same mail, it is spam, therefore deal
> with it"
>
> Of course my "deal with it" would be to collect all the spam for one day
> and send it all back to the first spammer of that day. If enough ISPs did
> this...

Not good.

That's called back scatter.

Spammers forge the headers. The from and return-to addresses have
probably been forged and are not going to be even the compromised
machine that sent the spam, let alone the spammer. Those addresses may
even be the target.

You probably get spam messages bounced back to you that you never sent.
You may not understand why you are getting the undeliverable message. It
is because of improperly programmed or mis-configured mail handlers that
use the from or reply-to addresses to send back undeliverable messages.
Some people are more likely to click on the links in such a case to try
to figure out what's up. Spammers take advantage of this situation by
identifying mail handlers that backscatter and sending mail to them with
the return address being the target. It's a different angle on the
targets that might work, and it hides the spammer behind one more level
of indirection.


-- 
---------------

Chris Hoogendyk

-
   O__  ---- Systems Administrator
  c/ /'_ --- Biology & Geology Departments
 (*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst

<hoogendyk at bio.umass.edu>

--------------- 

Erdös 4


_______________________________________________
Hidden-discuss mailing list - home page: http://www.hidden-tech.net
Hidden-discuss at lists.hidden-tech.net

You are receiving this because you are on the Hidden-Tech Discussion list.
If you would like to change your list preferences, Go to the Members
page on the Hidden Tech Web site.
http://www.hidden-tech.net/members



Google

More information about the Hidden-discuss mailing list