[linux-elitists] polluting spammers databases

Andy Bastien lists@yuggoth.net
Tue May 22 10:34:29 PDT 2001


Of all the days, it was on Mon, May 21, 2001 at 04:48:55PM -0700 that Don Marti quoth:
> begin  Andy Bastien quotation of Mon, May 21, 2001 at 07:29:37PM -0400:
> 
> > I'm not sure I understand where free mail relates to this (except for
> > spammers using fake or bad free email addresses in their headers, but
> > I don't care about those).
> 
> Not free as in no monthly bill; free as in anybody can talk SMTP to 
> anybody else (right?)
> 
> Any automatic form-submitter script could be considered a denial of
> service attack. Running one more than once against a given target site
> could get you in trouble. 

That's the sort of thing that worries me.  But what level of
resistance is acceptable?  Do we limit ourselves to the 'Sierra Club'
level, do we accept the 'Earth Liberation Front' level, or maybe
compromise at the 'Greenpeace' level?  When is breaking the law and
accepting the punishment justifiable?

On the other hand, many of the spammers don't want their ISPs to look
to closely at their sites, and probably most don't want to start
getted involved in legal disputes.  I've seen one case where the form
is on one site and the submit address is on a server hosted by an
entirely different ISP, obscured through using a user and the IP
address as a integer in the URL, and encoded (with a simple
subtitution cipher) as a string in a Javascript function which decodes
it.  Clearly, this guy is trying to hide from at least one of his
ISPs and he won't go whining to them that he's being DoS-ed.

> And sites advertised by spam are not always responsible for the spam. A
> false-flag spam is a potent attack; I'm surprised there aren't more.
> Much as I dislike spam, I wouldn't allow my box to participate in a mass
> form submit.

That is a valid concern.

> 
> But it does seem like a good idea to dilute spam lists. (I do not agree
> that the world of "most people can send mail to most other people with
> a chance of it getting read" is gone; elitist mail filtering is only
> getting started.)
> 
> There are three kinds of addresses that it would be good to get onto
> spam lists:
> 
> 1. Seemingly valid addresses that silently discard mail (black holes)
> These are very easy to set up, even for a domain hosted by an ISP where
> you get your mail by IMAP.

But you still need a huge number of these to make them worthwhile, and
that's your bandwith that you still need to use to receive the spams
as you dump them.

> 
> 2. Addresses that feed into an early warning system or cooperative
> filtering list (hey spam crawlers! paul@vix.com)

That's a good idea.

> 
> 3. Addresses of people who (a) you don't like and (b) will not actually
> give the spammers any money.

This seems a little petty to me.  People that I don't like I ignore,
and if they get to be too annoying I tell them to get lost (although
generally not that politely).

> 
> I don't think it's worth the time to give spammers addresses that
> bounce.  They'll get removed from the list eventually.  Addresses that
> seem good will get pressed onto CDs and circulate forever.
> 

Bad address to hang around for a long time.  I was administrator at a
company where addresses that I know have never been good received
emails for over a year.  This could be an isolated case, and it could
be the case that the only verification done on the addresses was
whether the domain existed.  I would certainly be opposed to giving
out thousands of bad addresses from an arbitrary valid domain,
although if that domain were owned by a known spammer...hmm...




More information about the linux-elitists mailing list