Spam Discussion/Analysis
Declan,
Saw this (anonymized) exchange on an org’s internal IT list, thought the commentary was interesting and informational and opinionated, and touches upon a (unfounded, in my opinion) suspicion (ISPs selling email addresses) that I think a lot of people share.
Thomas
>I don’t know if you can do anything about it more than you already are,
>but I thought it was worth mentioning.
Believe it or not, [deleted] rejects between four and twelve messages
per minute due to source IP being known spammy. Most of it
is consumers with unmaintained Microsoft boxes on DSL or cable.
They’re all over the world. Half are in the US.
Most of the rest is dedicated spam servers in China that the
backbones refuse to shut down. For some reason most of the
phishing comes out of compromised servers at big lowball Web farms
like Peer1, everyone.net, and theplanet.com. I mostly block them one
at a time instead of in blocks, because they’re densely packed next to
legitimate senders. When you get a spam from an SBC or Verizon
DSL user, it’s safe to block his 255 neighbors, and it’s a good bet
you can block 65,535 of them and nobody will mind. But
Joe Ebay Phisher’s next door neighbor might be the South Bay
Mobilization to Stop the War or something.
>When I changed hosting providers a couple of months ago my spam went way
>down. I think the host company I was using before was selling e-mail
>addresses.
I wouldn’t jump to that conclusion without evidence.
The list traders long ago harvested all the addresses that could
be found on the Web or Usenet. Since then, they’ve been banging away
on the big consumer domains with dictionary and random string attacks.
If you’re
spammers just guessed it by brute force.
But the biggest source of new addresses appears to be trojan
sniffers. Your next door neighbor if you’re on most cable modem
services or dormitory LANs, who’s got 45 viruses and trojans,
is scarfing up every email address that goes in or out of every
PC on your network segment. Your aunt Nellie Dialup, who’s only got
three adwares and five trojans, contributes every email address
that appears in any email or Web page she looks at, to the global
spamming address stock. Your address doesn’t have to be exposed to
the *public* any more. It just has to be exposed to a trojan
compromised machine.
There’s even been some evidence that now and then a spammer’s PC
gets compromised, and the lucky trojan broadcasts his secret
address stash to other spam gangs. Or a compromised consumer PC that’s
busy pumping out its quota of fifty thousand spams gets hit
by another trojan, that steals those 50K addresses from the first guy.
> But now it is on the way back up again. If I am out of the
>office for a few days on a photo shoot they really build up and it is a
>pain when I have to check web mail on the road.
That’s just a sign that Web mail isn’t good enough for serious work
any more.
Do you have a Freeshell.org account yet? Does the [deleted] service
come with a shell on the server (or at least the LAN) where your
mailbox is? Can [deleted] forward your mail to your Freeshell
account while you’re traveling? Do they offer IMAP or just POP3?
There’s a reason IMAP costs more, it’s worth more. Don’t assume
Web mail is the only way to deal with email on the road.
Spam is a social problem, not a technological problem. The corporations
responsible could clean it up in a month, under existing law,
if they really wanted to, but they’re under no pressure to do so.
Spam exists because the media refuse to tell the consumers who’s responsible.
It will continue until either the story breaks out and the consumers
storm the corporate gates demanding a cleanup, or the public email
system is so unusable that people accept a centrally controlled alternative.
Sometimes I suspect there are luddites among us rooting for the
spammers. They knew all along it was a mistake for us to depend for
so much on email, and they’ll be proven right when email fails.
