[Home page](/) [Latest blog](../) # Spammers Hall of Shame ![photo](/mjr2002.jpg) This section is part of [something like a blog](../). To contact me or comment on this, [see my email page](/email.html). * * * Here's a new strand to the blog. Name and shame "nearby" spammers so their misdeeds will show up on search engines. I'm working on the theory that these are clueless more than malicious, they might wake up if LARTed and I'm ready to help them smell the coffee because they're part of my community. Comments about this idea welcome. Most kinds of [business email](http://www.intermedia.net/) services have a built in spam filter to help somewhat with your [business email](http://wccmail.wcc.vccs.edu/Etiquette.htm) not getting too much spam. Sadly most of the time a [ business email](http://www.intermedia.net/it- professionals/hosted-exchange/hosted-exchange.asp) address can't keep out all human spammers. [+](../2007/advertising "Advertising conditions" ) DebConf 2007 spammed me on 2 November 2006. They asked me to contact the sponsorship team if I want to give money or equipment. The address used is the one from the consultants listings. It got caught in a spam trap because it was a Bcc'd MIME Multipart begging letter. We read the debian announcement lists anyway. Please put it there instead of spamming. IBM Rational spammed me on 1 March 2006. They invited me to "get on board with open source" (a [forkinthehead](http://www.forkinthehead.com/) to the copywriter for that gem) by sleeping through a presentation at IBM Bedfont Lakes (wherever that may be: the invite didn't say). The address used gave consent once for certain types of marketing, but not this. The address has not been verified accurate for years, so the message is spam and that address now gives an Unknown User error. grange stores trading as "Splash Logo" of 1 High Street, King's Lynn, PE30 1BX spammed me on 8 December 2005. I replied and offered advice about ethical online business promotion. Mentorn television of Glasgow (who produce programs for the BBC) [spammed me in October 2005](http://mjr.towers.org.uk/blog/2005-2.html#bbcspam). I now have an Office of the Information Commissioner case number for the incident. * * * ## Chain Emails I've seen the Parcel Delivery Services email hoax twice in the last few weeks. [Premium telephone services regulator ICSTIS](http://www.icstis.org.uk/) issued [a press release debunking it](http://www.icstis.org.uk/consumers/latest_news/default.asp) on 1 November 2006: > "This is in fact an urban myth. It is not possible for a GBP 15 charge to be made on connection." I added [a new tip about telephone number warnings to my email page](http://mjr.towers.org.uk/email.html#phonehoax). * * * ## Alternative Approaches Wouter Verhelst has posted a [retaliation idea](http://www.grep.be/blog/2006/01/23/#retaliation) on his site: > start adding their "private" email addresses to some database and, rather than throwing away mails which are so obviously spam, start forwarding them to random addresses from that pool I think it would need doing very carefully, so that you don't put too much cost on your ISP - ultimately, you pay for your ISP's costs - or get yourself booted for sending tons of spam. If you do it, check your AUP, watch your network stats and good luck! A much dumber idea than Wouter's is charging senders for their emails, as [ a BBC report](http://news.bbc.co.uk/1/hi/technology/4684942.stm) says AOL and Yahoo will do. AOL and Yahoo want some of that lovely spam profit? Over at the Register, they think it's good to simply point and laugh [when spammers claim to be Tom Jones, son of a Python](http://www.theregister.co.uk/2006/04/20/tom_jones_419/). Yes, some of this spam is truly bizarre. Do spammers like ridicule? (Seen via [Drake.org.uk](http://www.drake.org.uk/)) ProBlogger had [some criticism of junk phone calls](http://www.problogger.net/archives/2006/06/17/cold-call-blogging-and- effective-selling-on-blogs/). The Amazingly Trigger-Happy Spamcop has listed lists.gnu.org again on 2006-10-04, thereby taking away all subscribers who stupidly use it to reject email. Darwin rules list subscriptions too. ### Under Seige At the start of this week, one of the mailservers I run came heavily under attack. As well as the continuing surge in the sheer volume of spam - which has been reported widely in articles like [ Spam up by 59 per cent [Spannerworks Search Marketing News]](http://www.spannerworks.com/seotoolkit /search-marketing-news/article/view/spam-up-by-59-per-cent/203/) \- there were dozens of clients opening connections and then just sitting there idle. Very strange. To bring things back under control, I added a mixture of new anti-spam methods, but some things will always be attractive enough for bad people to attack manually and defeat whatever anti-spam you put in place. The only anti- spam which can't be defeated is one that will defeat all real people - and that helps spammers to pollute the network, IMO, making everyone else waste yet more time as a result of their spamming. My main anti-spam at the moment is a mix of: * [ throttling and limit simultaneous connections](http://www.exim.org/exim-html-4.63/doc/html/spec_html/ch14.html#id2578203) \- make them speak slowly and clearly; * [ greylisting](http://raw.no/personal/blog/tech/Debian/2004-03-14-15-55_greylisting) but be careful not to put the block time too high, else yahoo's mail relay farms will give up; * [ tarpitting](http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20030505/msg00057.html) triggered by a DNSBL match - this is often enough to make spammers give up (too expensive) or violate the SMTP protocol; * moderate list mails by Content-Type - most lists prefer text/plain; * moderate by content string matching - rather fiddly to do this. I always argue against doing a hard reject for a dnsbl match. In general, dnsbls are way too trigger-happy and too prone to false positives, especially for things like new mailservers coming online. Just this month, one of my ISP mailservers ended up in sbl-xbl and I couldn't find out why. Once I had added the extra anti-spam, the spam volume dropped significantly. Total message volume reduced by about 20%. I can't tell reliably how many of the 20% (or the remaining 80%) are spam, of course. But then the network connection failed, which may have been the cause of the idle connections that turned this into a crisis in the first place. #### Updates: 1. The day after writing the above, I saw this piece by Simon Waters [about Sender Verification](http://www.debian-administration.org/users/simonw/weblog/110) linked during a discussion of spam. 2. [Spammers bypassing greylist filters? [Techblogging/Vitavonni]](http://blog.drinsama.de/erich/en/2006121701-spammers-bypassing-greylisting) [Comment form for non-frame browsers](../../comp/respond.pl). Comments are moderated (damn spammers) but almost anything sensible gets approved (albeit eventually). If you give a web address, I'll link it. I won't publish your email address unless you ask me to, but I'll email you a link when the comment is posted, or the reason why it's not posted. * * * [To index](../). This is copyright 2006 MJ Ray. See fuller notice on [front page](/).