[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Spamido - The art of using a spammers strength against them.
- Subject: [cobalt-users] Spamido - The art of using a spammers strength against them.
- From: Colin Smith <colin@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue Jun 20 14:49:42 2000
Here's a short article that I wrote on reducing spam. It is supposed to go on a web page so please excuse the text formatting.
BTW. No warranty etc but it works for me on my Qube.
Spam, scourge of the Internet.
You get spam don't you? You know, that unanted email from someone
you've never heard of before promising to give you the bargain of a lifetime.
It is more properly called Unsolicited Commercial Email (UCE). The term
'spam' related specifically to usenet news groups but has been expanded by
the unwashed masses to include email.
To most people, spam is an inevitable fact of life with the Internet but it
doesn't have to be so.
How spammers work
A spammer needs email addresses. The can get them from a number of
sources:
They can buy them from each other.
They can harvest them from news posts.
They can harvest them from web pages.
Harvest software scans news articles and web pages for anything that looks
like an email address and stores it in a database or file which can then be used
as an enormous mailing list. Every time you post an article in a news group or
put your email on a web page you are opening yourself up to receiving spam.
This is is the spammers strength, but, it is also their greatest weakness.
Spamido theory
Spammers need email addresses, they'll grab anything that looks like a valid
email address and send spam to it. We can use this to our advantage. If we
create a mail account where the sole purpose is to catch spammers we can
extract the address of the spammer and bounce all mail from that address.
Spamido in practice
This is very easy with Unix and Linux. If you use MS Exchange you may as
well get used to receiving spam or spending sums of money on commercial
anti spam solutions:
#Create a spam trap account on the mail server. I use 'spamprobe'.
#Add some procmail recipes to the spamprobe acccount's .procmailrc
file. These are the secret sauce. These recipes do two things. The first
extracts the From: address from every mail sent to the account and
stores it in a spammer list. The second recipe checks the From: address
against the spammer list and stores all subsequent mail from matching
addresses in a spamfile.
# Spamprobe account procmailrc.
# LOGFILE=logfile
# VERBOSE=yes
# LOGABSTRACT=all
FROM="`formail -xFrom:`"
SPAMMERFILE=/home/users/spamprobe/spammerlist
PROBABLESPAM=/home/users/spamprobe/spam
SPAMMER=`grep "$FROM" ${SPAMMERFILE} > /dev/null 2>&1 ; echo $?`
YES=0
:0:
* ? test "$SPAMMER" -eq "$YES"
${PROBABLESPAM}
:0:
| (>> ${PROBABLESPAM} ; echo "$FROM" >> ${SPAMMERFILE})
#Add a global recipe to the system /etc/procmailrc file which checks
every incoming mail to every account against the spammer list and
re-routes spam to the spam file if it's from a spammer.
# Spamprobe account procmailrc.
# LOGFILE=logfile
# VERBOSE=yes
# LOGABSTRACT=all
FROM="`formail -xFrom:`"
SPAMMERFILE=/home/users/spamprobe/spammerlist
PROBABLESPAM=/home/users/spamprobe/spam
SPAMMER=`grep "$FROM" ${SPAMMERFILE} > /dev/null 2>&1 ; echo $?`
YES=0
:0:
* ? test "$SPAMMER" -eq "$YES"
${PROBABLESPAM}
#Add couple of aliases to the spam trap account so that it isn't
immediately obvious that the account is a spamtrap account. It's worth
using aliases which sort alphabetically to the beginning and end of the
alphabet Aaron and Zebediah are good. Spammers often sort their mail
lists alphabetically so that they can remove duplicate mail entries. If they
then use this sorted list then you will be better protected if the spamtrap
account receives the mail early in the spammer's mail run.
#Publish the spamtrap aliased mail addresss on web sites you use and in
posts in newsgroups that you frequent but make sure that it is obvious
to any reader that the addresses are spamtraps. This is the important bit.
You have to convince the spammers to pick up the spamtrap email
addresses, it does not work otherwise.
I have a signature file which includes the spamtrap addresses. My
signature files are chosen randomly by a script every time an email is
sent or a news article posted so the spamtrap addresses are regularly
posted.
By posting different addresses in different locations you can easily find
out where the spammers get the mail addresses and how the addresses
are spread among them.
Keeping it running
The scripts above will cause the spammer list and the file with probable spam
to grow forever. This will cause the mail system to slow down so some
mainenance is required on the files. A couple of cron jobs can be used to trim
the files.
The spammers never use the same from address twice so the spammer list
can have the oldest entries trimmed every month or so with the tail utility.
The spam itself can be zipped weekly and deleted after a month.
In conclusion
That's it. The system does the rest. It can take a while to get started (few weeks) and for the spamtrap email addresses to be picked up by the spammers but once they
have them, then you should see a significant drop in the amount of spam you
receive. The more you use the spamtrap addresses, the faster they'll be
picked up.
A nice addition to the technique would be to forward all spam to the abuse
and postmaster aliases at the spammers address. This might encourage the
administrators to stop spammers themselves. Another might be to form a groupwho share the spammer list via LDAP. This would greatly improve the effectiveness and protection.
The spammers put themselves out of business simply by employing spammer
tactics. I like the irony.
_____________________________________________________________________
FSmail - Get your free web-based email from Freeserve: www.fsmail.net