digg

Facebook Connect Join Digg About

Using Statistics to Cause Spammers Pain

martiansoftware.com "we all want to cause spammers pain. None of the current classifiers are capable of causing the spammers any pain because the spammer is long gone by the time the classifier has the opportunity to process the message. What we need is a way to use the classifier against the spammer while the spammer is still connected." read on for more...

Who dugg this? Made popular Sep 4, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

37 Comments

show profanity settings
expand all
  • EXreaction, on 10/12/2007, -3/+23No way.

    You can't do much worse than trying something like that. You ever think of all the people you are mass spamming that are really innocent? Most spam comes from "zombies" which are just infected machines constantly sending out spam mail.

    Just think if you have 1 person that does not like you and knows your email. All he has to do is submit your email address to the spam database and you have a completely unusable email account.
  • lukasm, on 10/12/2007, -0/+12from the website:

    "Update 10/28/04: I'm sorry to say that TarProxy development is currently on hold. There are simply not enough hours in the day to dedicate the time required to do it it right, and as an unpaid endeavor, TarProxy lands fairly far down my list. If you would like to help move TarProxy forward, please contact me."

    this project seems to have stalled almost 2 years ago, there's very little on its sourceforge page.
  • Urusai, on 10/12/2007, -2/+11What the heck, I thought writing Free Open Source Software made you rich and attractive to the ladies.
  • Pile, on 10/12/2007, -4/+13The article is stupid and pointless.

    ANY content-based filtering is a waste. You only cause spammers pain when you refuse to accept their content in the first place. All the filter algorhythms cost the users and the administrators more money and resources; money and resources that spammers effectively "steal".

    Relay blacklisting is THE way to hurt spammers. When you identify the source of spam and refuse to accept smtp traffic from that IP block, you force the spammer to move, pay more money, waste time and resources, and engage in other activities to find "clean" IP space from which to operate. To date, relay blacklisting is the single most effective tactic that is actually elevating the cost of doing business as a spammer. All other methods are ineffective by comparison. Plus, relay blacklisting has the added advantage of nullifying the effectiveness of 99% of most zombie PCs in propagating worms and viruses. RBLs work. Content-based filtering does not.
  • borchard76, on 10/12/2007, -0/+6I have four statistics courses so far, and they have all caused me pain--this should work!
  • PaulRay, on 10/12/2007, -0/+3Possibly notifying them that there's a problem leading to them calling their nephew to come and fix it, wherein he finds that the problem lay in the fact that granny has a Trojan, thus eliminating it.

    Run-on sentence intentional.
    Gender specific for convenience. Feel free to change the familial references to suit your taste.
  • weissed, on 10/12/2007, -0/+3I think this could be very effective (if actually build).
  • Junto, on 10/12/2007, -0/+3@ hodyoaten. Spot on there. I totally agree.

    The first point of call is user education. Spammers only send spam because it is financially beneficial for them to do so. We need to educate the general web user (monkey) that opening, clicking on a link, unsubscribing and buying from spam emails all equal more spam in the future. If people are now scared of phishing and viruses in their inbox then there is no reason why we can't scare them about spam in the same way. The basic argument is as follows. "Spammers are criminals, so would you give your credit card details to a bunch of crooks? No. Then stop f$%king clicking on their links and buying their products then!"

    Secondly, all SMTP needs to be upgraded with some kind of Sender ID/Domain Key type schemes as DEFAULT. That stops people relaying on your (domain's) behalf without permission. No more Joe Jobs, which sadly one of my domains is being slammed by (even with an SPF record).

    Thirdly, Microsoft have a lot to answer for, because trojaned zombie PCs running relaying proxies are predominantly their fault. The Linux crowd can quit smiling too, because misconfigured PHP / Sendmail scripts are pretty ubiquitously abused too.

    Fourthly, we should have a system that ties the spammer's target selling domain, to DNS blocking. The system should be distributed like DNS and whenever enough people click "report as spam" the domain is blocked. This could be done at an ISP level. No access to the web monkey means no sale from the web monkey = no benefit to spammers.

    Finally, if you run Outlook, try Spambayes, Bayesian filtering that works, and more importantly is FREE.
  • lordcutter, on 10/12/2007, -0/+2I'm sorry to say I don't think this will work that well... Spammers now for the most part use tojaned computers to send their mail instead of "off the wire" so as to avoid pesky calls from their isps. Think of all the grandmas that will all of a sudden have slow Internet connections because of this! :-P
  • dacheetah, on 10/12/2007, -0/+2I don't mind the idea of flooding the online forms that they link to with counter-spam, but don't ever send emails as a response. If the email does ever get back to the original spammer, which is unlikely, it will probably just get seen by a script that will add your address to a database of people who actually pays enough attention to the spam to do something about it, which implies you do more than just block or ignore it, which for them means you are more likely to read it, and as such more likely to buy something. Worse yet is the fact that most of the email addresses are not owned by spammers. I own a domain name, as do many other people, and at some point my domain name ended up on some list, and ever since then I've been getting mail in the form of returned mail, where the "from" address has been faked as a bunch of random characters, or random names, followed by @mydomain.com (
  • portwojc, on 10/12/2007, -0/+2It's a shame it would be illegal.

    http://www.hackbusters.net/#software

  • hodyoaten, on 10/12/2007, -0/+2Ho hum, 10 years later and spam is just as bad as ever. Evidently the only thing left to do is DDOS all merchants whose way of doing business is contracting out spam. And tie up their 1-800 lines for good measure. Going after spammers is like trying to clean out maggots... it's best to take away the big game that feeds them, like those stupid Xanax and Viagra sites.
  • PaulRay, on 10/12/2007, -0/+2Well, let's digg this up and see if we can't get it re-started. If I were a programmer, I'd sure work on it... Alas, my skills lie elsewhere.
  • wilf_brim, on 10/12/2007, -0/+2I guess I'm an idiot, cause I get way more than that. Hell, I get spam on my work email account, which doesn't go anywhere, and isn't on anybody's list.

    I guess you are Dvorak use the same ISP and spam filtering.
  • crex, on 10/12/2007, -0/+2The big problem I see here is open relays (as people have mentioned above). Every general smtp server out there that is designed to be open and unmonitored (you know free flow of information, no logs kept so the govt can't get files, etc, all happy, fuzzy EFF feeling thingie) would get bitch slapped by the tar pit idea.

    Attacking the infrastructure of spam is kind of stupid. Spammers can spoof IPs, change smtps, use a botnet, whatever it takes to send spam. We need to attack the companies that send the spam. Perhaps something in OpenDNS that just deletes their hostnames out, so they can spam all they want but no one can ever reach their web store?
  • M2Ys4U, on 10/12/2007, -0/+2Projects like Blue Frog and Okopipi are the only methods that can stop spam, IMO. The former no longer existing.
  • seleste, on 10/12/2007, -0/+2Interesting... But as the author mentioned, open relays are a dime a dozen and pretty much all spammers use some such to mask their identities and whatnot.

    Just give me my device to slap people over the internet. ;o
  • mv36, on 10/12/2007, -0/+2No digg the project died out in 2004.
  • seleste, on 10/12/2007, -0/+1March 2004, no less ;)

    http://www.martiansoftware.com/tarproxy/index.html
  • inactive, on 10/12/2007, -0/+1"Most spam comes from "zombies" which are just infected machines constantly sending out spam mail."

    No *****. So why wasn't the first priority of Windows XP service pack 2 an alert system that warns unwitting users that their computers are launching a ***** of outgoing mail?

    This is just so baffling. Is there some technical reason that a monitor can't be installed that provides warnings of excessive traffic?
  • dacheetah, on 10/12/2007, -0/+1Note to self, never use greater than or less than signs in digg.
    Continued...
    (* points left * not actually MY Domain, duh). I know for a fact that none of my computers are responsible, and when checking the header of the original email (which most returned mail has as an attachment) you can easily tell that the IP address of the SMTP server it came from is NOT one of the servers used for any of my domains services. So not only am I getting waves of "returned" mail (I have a "catchall" so mail sent to random addresses at my domain are forwarded to one account) that can at times get as high as hundreds a day, but I can also end up getting the responses of people who reply to the spam, thinking foolishly that I sent it.

    Also, if I had my way, there would be an international law requiring anyone caught knowingly sending spam, in any country, to hand write an apology to every person they spammed, while sitting naked in a pit of snakes, and once they are finished, they can be shot in the head. Cruel, yes, but what can I say, I hate spam...
  • icky, on 10/12/2007, -0/+1This sort of dynamic tarpitting has actually worked its way into many spam solutions. Postini, for instance, can do dynamic slowdowns and also just dynamic 4.x.x errors which places a higher burden on the spammer.

    There are several posts above that say outlandish things like, "the ONLY way to block spam is..." and they are all wrong. There is no one way to block or stop spam. There are a number of techniques that have proven useful and the best systems rely on many of them at the same time. If you use a good system, you can block almost all of it and do it at the system level so every user doesn't have to run some extra software. It is more efficient and doesn't require your users to become spam experts.
  • Aculeus, on 10/12/2007, -0/+1That's the reason why most spam filtering is done after the email is received. If you put too much processing time on the connection then your connections would fill up fast, thus blocking legitimate connections. It's better to either accept the mail right away or drop the connection right away. Unfortunately you have a limited amount of time to determine if you should accept or drop.
  • HonoredMule, on 10/12/2007, -0/+1It's connection-based, not address-based. Grandma's email client will continue to have the majority of the bandwidth because the spamming service's connections are getting throttled at the recieving end (assuming all recieving ends use such software).
  • EochaidRiata, on 10/12/2007, -0/+1http://www.craphound.com/spamsolutions.txt

    It fails several criteria, notably that spam is sent from zombies, not spammer-owned servers.



  • noGoodNamesLeft, on 10/12/2007, -0/+1@Urusai; that's exactly what happened here. He's too busy spending his money and sleeping with beautiful women to develop TarProxy further.
  • aselvan, on 10/12/2007, -0/+1This may not work as most people here suggested. Postfix does something similar with "qmqpd_error_delay" that I use in my postfix configuration but I have no clue if it does anything. http://www.postfix.org/postconf.5.html#qmqpd_error_delay

    You can't stop spammers or cause pain with this even if it works, the best thing to do is consult RBL services like spamcop.net,spamhaus.org which pretty much gets all the spam for me except a few handful gets in once in a while and a few false positives I can live with.
  • geocar, on 10/12/2007, -0/+1This is lame and it won't work. Spammers can parallelize their workload. Result: recipient spends even more resources, and sees no reduction in junk.
  • inactive, on 10/12/2007, -0/+0way too old

    "An alpha release of TarProxy is expected to be available soon - probably in the third week of March."
  • gmontag, on 10/12/2007, -0/+0I'm not sure this would work. It sounds nice in principal, but it sounds like you would be setting up a DOS attack target unless you set a limit on the number of throttled connections as in goal 8, which sounds easily defeatable; just send an extra 100 spam messages to that domain and kill the connections after say 30 seconds.

    Plus, if you're going to do write new mail software which has to be installed in a lot of places why not just rewrite SMTP as a secure app?
  • EXreaction, on 10/12/2007, -2/+2Ah crap, I was supposed to reply to aak4 with that...
  • pepo1, on 10/12/2007, -0/+0How about using decent financial incentives to get people to blow the whistle on people they know to be spammers.
  • angusm, on 10/12/2007, -0/+0I get close to a thousand spams a day. And no, I don't sign up for get-rich-quick schemes and porn offers.

    I get so much spam because (a) I used to use a real mail address to post to Usenet, (b) I had - and still have - the same address on my web pages, (c) my mail address shows up in public mailing list archives, and (d) I own a bunch of domains, thus getting me spam from every spammer who sends to the registered contact address or to 'info@', 'sales@', 'webmaster@' etc. for each domain.

    If your mail address is or ever has been publicly visible, you will get spam. And as time goes by and the spammers merge and resell their mailing lists, you will get more spam. That's all there is to it.
  • signal15, on 10/12/2007, -0/+0I set up postgrey on my mailserver, and went from 80+ spams a day to 3. Postgrey returns an error that says the mailserver is currently unavailable when someone who hasn't sent to it before tries to send email. A real mailserver will retry in a few minutes, and postgrey will accept the retry. But most spam is sent from zombies without a mail spool, and they just give up.

    I think the best way to put spammers out of business is to cause the people advertising through them pain. Flood their phone numbers, flood their sites with connections to make them unavailable. Yeah, it's probably immoral, but so is sending spam. If someone is going to commit an immoral/illegal act against you, you sometimes have the right to thwart that act by doing something which would under any other circumstance be considered immoral/illegal. Having strict laws which prevent people from doing things that would otherwise be illegal from defending themselves simply allows criminals to run wild over the helpless population.

    Anyway, if having a spammer advertise your product/service was a guarantee that you would be DDoS'd, no one would do it. You'l still get pump and dump stock spams, but the majority of spam would stop. Who was it that recently released a screensaver that would scan your spams for URL's and flood them? It hurt the spammers bigtime, until it was pulled down.

    The software mentioned in this article is a great idea. If it was widely used, it would seriously put the hurt on all of the spammer's zombie machines, slowing them to a crawl. But, I question the use of Java for this. Unless you are running Tomcat on your server, there really isn't a reason to have Java, and few admins are going to be willing to install it. Something written in C that could interface with postfix/sendmail would be the way to go.

    SMTP has either outlived its welcome, or needs a serious redesign. There have been schemes that came out which make it harder for spammers to send mail because it would be computationally intensive for them, but that only works for so long. Computers are getting faster, and having an army of zombies renders this method pretty much useless. I like the approach of Spam Arrest (http://www.spamarrest.com) as it requires user interaction to send a mail to someone the first time to get on their whitelist. If they provide an invalid from address, there's no way for them to get on it. If they do provide a valid from address and use a script to click the authorization link, you could modify it to something where you presented several photos of different things and ask the user to click the photo of the hippo or something. This would be nearly impossible for the spammer to write something that could do image recognition and do it automatically, unlike Captcha.
  • EXreaction, on 10/12/2007, -4/+3No digg.

    You can't do much worse than trying something like this. You ever think of all the people you are mass spamming that are really innocent? Most spam comes from "zombies" which are just infected machines constantly sending out spam mail.

    And if anyone is seriously getting 500 spam emails every day it is probably because you have been trying to sign up for a bunch of crap like "free" porn. I have 10 email accounts(not all on the same host, and most do not have any spam blocking) I use regularly and I get maybe 1 spam email every 2 days.
  • aak4, on 10/12/2007, -18/+10Get revenge against the spammers: http://www.spamitback.com. The more people who use it, the more effective it is. (It's running on my computer now). This causes spammers a lot of pain.
  • foolfromhell, on 10/12/2007, -9/+1DigitalGopher.... You spam Digg.....with stories
    STATISTICS! I CHOOSE YOU!
    I dot understand a word of that article..... I did RTFA, but I dont understand it

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.