Politech mailing list archives

Previous By Date Next
Previous By Thread Next

FC: Spam and its defense: A system administrator's point of view

From: Declan McCullagh <declan () well com>
Date: Wed, 10 Jul 2002 11:45:16 -0400
Previous Politech message:

"David Scott Anderson: An unapologetic resume spammer, and a twist"
http://www.politechbot.com/p-03730.html

---

Date: Tue, 9 Jul 2002 10:38:52 +0800
From: Suresh Ramasubramanian <suresh () hserus net>
To: Declan McCullagh <declan () well com>
Subject: Re: FC: David Scott Anderson: An unapologetic resume spammer, and a twist 
In-Reply-To: <5.1.1.6.0.20020708212540.02db2ae0 () mail well com>

Declan McCullagh [08/07/02 21:35 -0400]:
> David Scott Anderson is not merely a resume spammer -- he's a singularly
> unapologetic one.

Hehehe.  He's better than Bernie Shifman
(http://www.petemoss.com/spamflames/ShifmanIsAMoronSpammer.html)

> He confidently predicted that he's "not afraid of Yahoo warning me about
> spamming" and said "don't bother to respond, or if you do, respond to
> Yahoo's SPAM Bot, I am sure they will be greatly moved by your whining."

Yahoo does take a little time to respond - but they are overworked and
understaffed I expect ...

> OsriSoft.com, on the other hand, appears to have incorrectly listed my mail
> server as a spam-site for a few days, preventing some list subscribers from

osirusoft is a collection / catchall of several blocklists.  Which of them
listed you?  Any idea?

> >arg1=server1.cluebot.com, arg2=216.110.36.217, relay=server1.cluebot.com

This IP has been whitelisted since the past several weeks from our servers
here at outblaze (and we run the mail services for mail.com, email.com,
operamail.com etc - so that's 30 million people whom politechbot can
reach without any problems) :)

As a freemail service, we have to block using a wide variety of blocklists
though (see http://spamblock.outblaze.com/spamchk.html for more) so any list
that is legitimate gets whitelisted on our servers, to prevent it getting
accidentally blocked anywhere.  Politech was an obvious inclusion in our
whitelist, as several people at work read it :)

> The Politech mail server is no longer listed, but a policy of
> add-first-and-check-later raises troubling questions about how reliable
> blacklists can be. I like the concept in theory, but in practice they seem
> to be far more problematic than smart (perhaps eventually collaborative)
> end-user filtering. See:

This will, unfortunately not scale without a great deal of work (far more
than conventional blocklists).  Peer to peer bulkmail blockers like Vipul's
Razor and Vernon Schryver's DCC do exist.  However, they take far more effort
to implement, and scale far less than do blocklists (at least, initially).

> Since last week, Anderson has variously (a) threatened to sue me, (b)
> accused me of racism, and (c) announced that he had reported my server to
> uce () ftc gov, the U.S. Federal Trade Commission's report-spam-here address.

Heh heh.  Thanks for helping me start the day with a belly laugh.

> In other words, the current system isn't working. It's too user-hostile,
> and (in the typical refrain) arose as a successor to the
> postmaster@hostname system that, in turn, was developed when the Internet

It still exists, and I am postmaster@ my domain ... the internet is larger,
but can be just as friendly, as you know.

> One obvious minor solution is not to reply to spammers and send mail only
> to the abuse@ address. But in my experience, copying both addresses works
> better: Some abuse admins aren't quick to respond, while spammers seem to
> be more willing to delete you from their lists if they know they've already
> been reported.

I have not found all that much evidence of this, in my experience over the
past few years being an abuse / postmaster admin at various ISPs.  Spammers
don't really care what they send out and whether it bounces or not.  Nor have
I found them honoring remove requests.

For example, till recently, my CAUCE India mailbox (I happen to be one of the
founder-members of CAUCE India) gets a lot of spam from the same gent - who
does nothing but complain bitterly that I've got some kind of vendetta
against him, and that his spam is 100% legal under HR 1618 "US Cyberlaw" ...
when he happened to be in India :)

What has happened before and can potentially happen again and again is that
you run the risk of being DoS'd, mailbombed or joe jobbed (that is, have spam
sent out forging your name into the from address) for reporting spammers.

At work, we have a policy of reminding users not to reply to spammers, or try
to unsubscribe from a list they never subscribed to in the first place.

        -suresh


--
Suresh Ramasubramanian <<<--->>> suresh () hserus net
EMail Sturmbannfuhrer  Lower Middle Class Sysadmin

ps - those two tags in my .sig are both "titles" bestowed on me by spammers.

The first one was a spammer who showed up on comp.mail.sendmail crying that
sendmail admins were blocking him sending out his "legitimate business
offers" to the net at large.  Then posted another article claiming I was an
"Email Sturmbahnfuehrer" (sic) and that he'd reported me to the INS for
"stealing office supplies" :)  Nice, trying to deport me from India to
India...  See thread
<http://groups.google.com/groups?th=77636f9eb7ffc4da&seekm=977169654967295%40devnull.com>

The other was a spammer who asked me what she'd done wrong, that I was
reporting her to her ISP.  I gave her a standard set of links etc on why spam
is bad, and took time to explain this to her.  She then asked me what I did
for a living.  When I replied that I was a unix admin at an ISP, she blew up.
"I thought you were a successful businessman and marketer, but you are only a
lower middle class unix sysadmin.  Dont dare talk to me like this!!!".

Each time, once I stopped ROFLMAO, I added these titles to my .sig :)




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: