What is Digg?101 Comments
- inactive, on 10/12/2007, -3/+42And by using images they screw our connections even worse.
Spammers, burn in hell! - agent888, on 10/12/2007, -0/+28Yeah, this is the only spam thats making it into my gmail account. I'm getting a steady 1 to 3 a day. It could be worse, but I still think these spammers need a baseball bat to the knee caps.
- inactive, on 10/12/2007, -15/+42What does nationality have to do with this, you jingoistic moron?
- Pile, on 10/12/2007, -0/+22"don't give your e-mail address out.. solved"
What an ignorant response.
Aside from the fact that many spammers automatically send to random names @ random domains. You can be as careful as you want with your e-mail address, but you have to communicate with somebody, and they have you in their address book, and at some point, someone you know, who has your e-mail address in their stupid outlook.pst file will click on the wrong thing and *bam* you're compromised as well. It's not just whether you practice safe-computing. If you have any bone-headed friends who have info on you on their computers, their insecurity is your insecurity. - merreborn, on 10/12/2007, -3/+25http://www.theregister.co.uk/2004/12/10/spam_buyers_survey_bsa/
"More than one in five British consumers (22 per cent) has purchased software in response to spam email"
Go ahead though, single out the americans. It's cool, we're used to it. We're so fat. We're so warmongering. We're so stupid.
Thanks. Thanks a lot. - nawitus, on 10/12/2007, -15/+35"According to a Yahoo! Mail global survey of about 37,000 Internet users in 11 countries, 20 percent of U.S. residents admit buying products from spam purveyors"
- wayjer, on 10/12/2007, -4/+21I know, I spelled picturing wrong, sorry unable to edit now.
- shitthisfook, on 10/12/2007, -2/+18Baseball bat to the knee caps? That's far too gentle for these *****.
- zweben, on 10/12/2007, -3/+19Simple way to defeat this: Make a spam filter that deletes any email containing a Gif from someone who isn't in your address book. Works very well for me. If you want to lower the false positive rate, you can swap out the 'in the address book' paramater for 'previous recepiants'.
- rrrrob, on 10/12/2007, -2/+16That's just idiotic. It's analogous to saying if people stopped driving we'd end driving related accidents. Email addresses have to be given out, especially in business. You can't register for anything online anymore without a valid email address, so in reality your solution is really, stop using the Internet and you won't have spam...
In reality the solution is a many headed beast that includes companies not forcing email for registration and then turning around an selling your info to other companies that spam you, teaching people how email works and the best practices involved when using your email address online for everything from registration to simple contact swapping.
Not solved...managed - halikar, on 10/12/2007, -1/+15Gee, I wish it were that simple theprizefight. I own my own domain, and I've created email addresses against future use.I have never used them anywhere, never given them to anyone, never sent myself email to them. Yet, they get spam. Looks like the only way to not get spam, is to never use the Internet. And how many of us would be willing to do that?
- pbaehr, on 10/12/2007, -2/+15An email address is not much use if you don't give it to anyone...
- invader, on 10/12/2007, -1/+12wow, i'm surprised it has gotten all the way up to 21%... is it really that much more successful? i don't think one has ever gotten through to my gmail inbox
and yes, ted.. the poor intarweb tubes are getting clogged by special ham..... we should have an internet for major corporations, a slow one for everyone else, and now, we'll add a spamweb that's a pseudo network... you see, the spammers will send out their mail, and because it's not a real network, it'll never reach us :) spam problem solved!
/sarcasm - inactive, on 10/12/2007, -1/+10While violence is never, or at least seldom, the answer. It might be the only thing that will get them to stop!
- AndrewJC, on 10/12/2007, -0/+9Apparently, this isn't enough to prevent spam from getting to your inbox, though. I don't give out my work address to anybody that doesn't personally need to send me mail (as in, I don't put it on any websites or sign up for anything with it), and it's a complex address (myfirstname.mymiddleinitial.mylastname@domain.com) and yet it still managed to start getting spam. I have to wonder how somebody got ahold of it, but somebody did, and that's that. Now I get several per day and even though they're stopped at the corporate spam filter and never get loaded, they still get sent.
- Pile, on 10/12/2007, -2/+11This is why CONTENT-BASED-FILTERING IS USELESS. Many of us have been saying for the longest time that anti-spam efforts that involve scanning the contents of peoples' e-mail is invasive, resource-intensive, does not dissuade spammers, costs more, slows down mail service, and is otherwise ineffective. The only real solution is relay blacklisting. You refuse to accept mail from IP space that is occupied by zombie PCs or irresponsible ISPs. It's really simple. More than 70% of the traffic on the Internet now is spam. The government isn't doing jack ***** about all the illegal activity. Every zombied PC is a FELONY CRIMINAL OFFENSE. Where's the enforcement? The Feds seem more interested in locking on Tommy Chong for selling bongs than they do stopping millions of peoples' PCs from being broken into and compromised. The government needs to start putting these criminals IN JAIL. And us in the tech community will eventually gravitate towards SMTP whitelisting. There are sites like: http://relayblacklist.blogspot.com that are a good start at implementing relay blacklisting, which stops spammers dead in their tracks.
- inactive, on 10/12/2007, -1/+8Actually, you spelled it correctly.
- NikoKun, on 10/12/2007, -0/+7Actually, I'm seriously hopping Okopipi is going to start getting some serious developement done soon... because my spam is only getting worse, and Blue Frog was the only thing to help in a while...
- Steve95613, on 10/12/2007, -0/+6No wonder Im getting my internets late..The tubes are plugged with spam!
- NikoKun, on 10/12/2007, -0/+6I'm still baffled why my image blocker in Thunderbird blocks images from emails I want, and allows images from emails like this spam crap....
- r00td00d, on 10/12/2007, -0/+5IronPort should know - they sell their A60 machines and others TO spammers and help them get up and running so as to maximize their email throughput. I have first hand knowledge of this, BTW.
- FreeiPodGuy.com, on 10/12/2007, -0/+5It will also avoid confirming the validity of the e-mail address, since image URLs in spam sometimes contain ID markers unique to each recipient.
- kimos, on 10/12/2007, -0/+5My webhost got onto a blacklist somehow. It's just a couple guys I know who run a business, they've never spammed or had anyone spamming from them. But somehow my University had them on a blacklist. It took us weeks to figure out why email only sorta-worked since I was using the outgoing SMTP gateway at the university...
- ryguy, on 10/12/2007, -0/+5zeiche go to www.openspf.org and setup an SPF record for your domain name. It will nearly eliminate all NDR's for you :)
- merreborn, on 10/12/2007, -4/+8I read an article about six months ago that indicated that the British bought more via spam than anyone else in the world.
- JimV, on 10/12/2007, -1/+5nawitus
I think we can correct that Yahoo statistic by saying "20% of Yahoo Mail customers in the US" bought things advertised with spam. To say that 20% of the population of the US bought items advertised in spam emails is misleading. - m1abrams, on 10/12/2007, -0/+4i think blacklists cause as many problems as they solve. Some of the more anal lists block entire ip blocks around a bad ip and this blocks many good ips. Not all ip blocks are sold off in class C chunks. And then those same anal lists require a huge amount of butt kissing to be taking off of a list that you rightfully should not have ever been on in the first place.
- artman, on 10/12/2007, -5/+9So let me see here...
Before I had a high speed connection I set my mail program to not display images in emails. When I did get high speed I left it that way. So basically I am not affected by this since I don't see images in emails and have my spam settings pretty high.
So one solution would be to turn off images in your mail program?
/ I use a Mac - julienbh, on 10/12/2007, -0/+4Okay well. What I do instead is to create a spam address (ie: myspam@hotmail.com) and whenever a site requires me to register and I'm not sure it's safe I give this address instead. I still use this account for "activation of account" purposes, but else... naaaaaah...
- Raptor45, on 10/12/2007, -1/+5With a headline like that, I was expecting actual pictures.
- m1abrams, on 10/12/2007, -0/+4because thunderbird block links to images (i.e the image is not in the message attachement) These spam messages attach the image. Thunderbird can be told not to display these too, but that is not the default
- Kosterfield, on 10/12/2007, -1/+5Let's just contract it out to the IRA, they do it with a Black & Decker drill. I'm sure they'll reconsider their tactics after that point. As for spam, get an account and use that to sign up for sites and people you don't overly trust, and then keep a seperate personal one, with 2 seperate accounts the personal one nevers gets much spam. Well at least not the 1600 I get a day on the one used for sites.
- kimos, on 10/12/2007, -1/+5Right. They _should_ zip images. Just like people _should_ never buy anything from spammers. But you can't count on things like that. Blocking messages with mostly images is a bad solution. That's why this is an effective spamming technique.
- 3rdparty, on 10/12/2007, -0/+3not solved, what about malware/viruses that harvest address books for email addresses?
- portwojc, on 10/12/2007, -0/+3Ok so we have captcha's because spammers are smart enough to automate fill in forms. The captcha's had to have static added so they couldn't read the images with the automated programs. Can't we just read the messages in and run it through OCR like they did? Sure they could add static but it'll make it a lot less pretty for them.
Maybe MD5 attachmed image and add that to the DCC signatures too? Ok random static in seperate images would get around that but that'll annoy them too. - merreborn, on 10/12/2007, -0/+3Blacklisting gives the people in charge of the list too much power. There are numerous examples in the last decade of blacklist maintainers behaving badly.
Content based filtering sucks.
So does blacklisting.
If there was a single "Magic Bullet" solution, we'd be using it. - terminalpariah, on 10/12/2007, -1/+4What's weird is, this is the only type of spam I get, and Gmail always catches it. Isn't this article all about how it's almost impossible to filter them out?
- geofffox, on 10/12/2007, -0/+3I have said this before, with little positive response: The place to stop spam is where the spammer gets money. It seems to me, spam could be 'stung' with traceable orders. It's not very different than buying heroine to find out who the dealers are. Yes - these spams usually end in a country removed from the recipient. However, governments have still been successful in using the power of financial institutions to make this go away (Yesterday's NY Times Magazine tells of a Macao bank, suspected of laundering North Korean counterfeit bills, which was driven out of business). Though a local bank in a far off land might be beholden to the spammers, the banks are much more interested in still being a VISA or MasterCard processor. There are always carrots and sticks.
- zombieooo, on 10/12/2007, -1/+3Content based filtering DOES work for this type of attack. Filter for "cid:" which is the source for embedded images (usually ). Also I am blocking IP blocks for certain countries (China, Brazil, France, Poland, Russian Federation) from connecting to my mail server. This has stopped 70% of the spam I was receiving.
- NSResponder, on 10/12/2007, -0/+2This can only be solved by radically shifting the cost/benefit equation for the spammers. A few more of them have to get beaten to death like that asshat in Russia last year.
-jcr - TristanTee, on 10/12/2007, -0/+2Yeah I'm starting to get these spam containing just pictures with text in it. And Gmail doesn't pick it up as spam and it goes striaght into my inbox, thunderbird and my edu account pick it up as spam though
- Aculeus, on 10/12/2007, -1/+3Image spam is the easiest to block. The images either have to be linked to a specific location or attached. You can block the image host, you can block attachments with lots of images (a legitimate source should zip multiple images to one file or use an image sending medium which email shouldn't be). Also image based email usually has mostly images and no text. This is easy for a program to detect.
When I wrote a spam blocker for a company this was one of the easiest emails to block. However I just use gmail for laziness. I'm surprised they haven't figured out how to easily block these yet.
The spam blocker also allowed you to block email by county. This was great sense most spam does not originate in the US or the UK. If you have freinds in spam prone countries you can just whitelist them. - Valnar300, on 10/12/2007, -0/+2I acutally get Spam with random subjects and only images that dont even make sense. I have an RSS to my inbox, how can I not open an email with the title "Motorized Skim Milk"
- Pile, on 10/12/2007, -0/+2Ironport makes its living off of spam. They don't want to see it go away. They bought Spamcop crippled the service so that it's basically useless to stop spam now.
- Universal, on 10/12/2007, -0/+2You probably got a recycled email address
- ryguy, on 10/12/2007, -0/+2Image based spam isn't as hard to detect as the article describes. Our company used to receive a ton of these types of messages however since we subscribed to www.mailshine.com we haven't received any at all. We also haven't had any problems with false positives either.
It seems the messages with random quotes from books (lord of the rings) etc are the most difficult to detect. - r00td00d, on 10/12/2007, -2/+4Using blacklists and whitelists is nothing more than censorship at the most ridiculous level - I'm not for any technology that renders large swaths of the internet dark to me. This is akin to waving a BFG9000 at a fly. The best anti-spam technologies (the ones that limit false positives) take a small piece of this and that (RBL's included) and mash it all together into something that makes sense. Ciphertrust does a great job of mixing content filters, RBL's and other techniques together to make a great anti-spam box.
The only thing that will stop spammers dead in their tracks is not BUYING anything from them or their sites. If there is no cash flow, there is no money for servers/bandwidth to send the stuff. Funny thing is, that the bandwidth providers look the other way much of the time because spammers are a way for them to sell off excess bandwidth. The way to stop that is to tell ARIN to stop allocating huge blocks of IPs to ISPs that are returned to ARIN worthless because of dumbasses like you blacklisting them.
Think before you speak. - flake, on 10/12/2007, -1/+3LOL, I don't need evidence to know that Americans are quite a bit to blame. I just look right around me with my own two eyes and see moron after moron who's only into buying the latest crap fad. If it's *NEW* *DIFFERENT* *BETTER* *REALLY* *REALLY* *WORKS* *THIS* *TIME* then people will buy it.
***** them! That's what this other guy is saying. :)
ROFL! My own roomate buys viagra and cialis and ***** all the time online. I tried to talk to him about that once but he just wants to get off and could hardly give a good ***** whether he's causing more spam! :/
***** him too! - mikesherov, on 10/12/2007, -0/+2I think if you don't mind having your email scanned, do a combo of the following to image-spam emails:
1. OCR read them and apply the normal content filters to them as one way of flagging a bad image.
2. when users click that it's spam, flag the image as a bad image.
2. MD5 the flagged images so that the image signature can just be blocked instead of having to do an OCR scan to every image in the future.
In this manner, you can automatically eliminate the easy to read image span with the OCR technique, and manually eliminate the hard to read (non OCR-identifiable) in the same way as spam programs automatically eliminate clearly bad words (cialis, viagra) and manually have jumbled bad words (c1alis, as a stupid example) added to the list.
A community can collect a list of bad image signatures similar to the way they collect a list of bad text patterns. Seems that'll solve most of the problem.
Add "ask before showing images from unknown senders", and that'll will take care of the stuff that still manages to get through. But if it gets through, and you happen to see the spam, just click "mark as spam", and have the program send the MD5 hash of the image to the community. - flake, on 10/12/2007, -0/+2@PCDIRECT
There are two SMTP commands to do this, VRFY and EXPN. Quality mail server software lets you disable these commands. Exchange and many many others blindly let anyone connect and use these commands.
In reality, it doesn't matter, because the commands just enable the dictionary attack to work faster.
A good technique is to use the bogon list at the edge router to simply drop packets from those nether regions of the Internet. It's even more fun to tar pit the port 25 connections addresses on a Linux/BSD gateway. It's also a good idea to blackhole the known dialup/cable/DSL ranges from port 25. The every-once-in-a-while encountered poor geek that runs a mailserver at home can be whitelisted around the blackholes with not too much admin overhead. Greylisting also helps immensely -
Show 51 - 97 of 97 discussions
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is