Spammy Harvesting
On a recent post by David over on Geeky Ramblings, I’d have to say I agree.
Spammers don’t get the bounced messages, so what do they care? How do I know they don’t get them? I’m a mailing list admin for SquirrelMail, in particular the security list, gets several hundred bounced messages a day… on a quiet day. So spammers would probably only care if they received the bounced messages. It doesn’t cost them anything to send, they abuse other peoples’ systems (viruses and what not, or from phishing1 ).
As David said, those working on poisoning spammers list need to find another activity, or method, to combat it. What they’re doing now is not helping. Spammers don’t follow the rules, if they did, when my mail server told them to go away (RBLs for example), they’d go away, instead they keep the transaction going.
There are definitely better ways to handle spam, RBLs, dial-up black lists, the not quite so effective content filtering2. There was an idea once of using SPF records, but it turns out that the majority of people using those are spammers anyway.
It’d probably be a whole lot better if service providers started taking actions against those that are infected, and sending the spam out. I know I’ve had a service provider (SpeakEasy), that caught a client machine on my work network sending spam out, and notified us about it. It would be good if service providers would step up to the plate, and take some initiative. I know some providers now don’t allow relaying mail out directly unless you go through them, that’s certainly a step in the right direction, but I think more needs to be done. Start removing peoples’ access to the internet if they get infected for example, most service providers terms of conditions allow for it.
Find better solutions to battle the spam, poisoning just doesn’t cut it.
I tried multiple anti-spam approaches before KNUJON which I now love. I forward all my spam to them. They sort it along with spam from many other people, according to the nature of the criminal activity (phishing, identity theft, conterfeiting, piracy, whatever) and report the troublemakers to the relevant e-police (US Secret Service (protect nation’s currency), FBI, SEC (goes after people with fraudulent stock swindles), whatever agency fights whatever crime it is).
This has led to tens of thousands of spam perpetrators being apprehended by law enforcement & brought to justice. I suggest you check out KNUJON, consider contributing to their effort. For example, about a month ago they mapped out that 90% of cyber crime was supported by about 20 domain registrars that deliberately violate ICANN rules on whosis etc. so they started a campaign to get ICANN to enforce its own rules, and close down the criminal registrars.
More info http://www.knujon.com/news.html http://packetfocus.com/proactive/index.php
I found you because of a mutual contact on Linked In
Al, Whilst the goals of KNUJON are interesting, I cannot see how it’d fix the issue of stopping spam. Seeing as a majority of spam ends up coming from spam bots that are installed on infected clients, forwarding messages usually only results in the client sending being identified. Even worse, most of the control for those botnets are outside, making it difficult to prosecute those involved. As David mentioned on his follow-up to your comment over there, not many cases have been successfully prosecuted.