Sections
Advertising
Information
IRC Introduction
Introduction
What
is IRC?
IRC
Software
Installing
IRC Software
IRC
Tutorial
mIRC
Basics Article
Connecting
to an IRC Network
Making
Smileys :)
Etiquette
Internet Based
Internet Safety
Safety
Kids
Safety'
Handling
Abusers
Meeting
in Person
Relocating
"Posers"
Safety Articles
Internet
Scams AskMSN
Online
and Real Life Relationships by Caryl
Safety Software
News
Find out the latest in chat related issues.
Jun 26 2004 Posted originally in NANAE.First, let me state that I firmly believe that Terry Gilsenan is the
founder-administrator-owner of SPEWS.That being said, and rather than getting into a prolonged response to all of your emails and postings, I have a proposal for Terry. We all know that the idea of blocklisting IP's makes sense, but not
blocking IP's that are not in themselves spamming, yet are in the same netblocks as spammers.The general trend lately is for spammers to use compromised boxes, rather than what they were doing when SPEWS came into existence, that is, using their own boxes to send spams. Two years ago, I could read the full headers of a spam email, and see it coming from a relatively few places, mostly Florida or Alabama. Now, the originating IP's are all over the spectrum, leading me to believe that they are coming from compromised boxes that someone has installed a SMTP server on, without the box owners knowledge or consent. If you've been following the news lately, you've read that some ISP's are discussing cutting these boxes off from Internet access. And, some ISP's have blocked Port 25 in an effort to stop spammers.
It's those compromised IP's that need to be blocked, not an entire
range of IP's. What happens is that there is an initial spam run from
a compromised box, and, with spam traps, they show up on the radar as a spam IP. They make one large run from that IP, and stop, going on to another compromised box. When they have exausted their supply of compromised boxes, they start over, with another spam run from that original IP a week or two later. Also, spammers have been selling IP's of compromised boxes to other spammers, in either case, there is a one day run, then a lag time. It's during this lag that the box IP should be put onto a blocklist, preventing runs #2, etc.What role does SPEWS play in this? Presently, SPEWS is not used by very many ISP's and other email servers, primarily for two reasons; no real contact, and the mass blocking of IP's. Change that. Set up a contact point, other than NANAE. Set up a webform to be filled out, or a discussion board within spews.org or an email contact.
Sign your work. Terry, you had a great idea, why not take the credit.
Simply posting on your FAQ as the owner/admin/operator will suffice. You'll find that more admins would be willing to use SPEWS if a real point of contact is available.Stop the mass blocking of IP's. SPEWS can be set up to block the
compromised box IP's, which is a more efficient use of your limited
server resources, and zero's into the problem of spamming. If you
provide a blocklist of compromised IP's, you'll find more people
willing to use SPEWS, which in the long run will benefit all of us, by
cutting off the spammers ability to send.As to the compromised IP's. As reports of spam from an IP come in,
place them in the blocklist, for one year. Why one year? Check most of your spam emails that have an URL to a web site. Most of them are of the "amsnbzxw.com" or other randomly selected letter/type URL's. And, doing a whois shows most all of them are registered for one year only, hence the one year block. (That particular URL was on a Vicodin spam, do a whois on it, you see what I mean). Blocklist the IP that the email came from (which shows as a box in Russia, figures), and you deny that box sending any more spam. But, a lot more people have to use SPEWS than they do now in order to be effective against spam. Thats why the change in tactics. Think "surgical strike" rather than "nuke the world".Have an arbitration process so that alledged spam can refute the
charge of spamming. In reality, looking at most of the spam I get, and I get hundreds a day, none of the spammers will enter into an
arbitration, they know they done wrong. But, give that as an option.
I've monitored NANAE for a long time, and I can think of a few
regulars here I would recommend to join an arbitration board.
(AndroidCat, Detox, Rich Clark, to name a few).You could set it up as part of a discussion board, with a section
devoted to removal requests. But remember at this point, you're mostly blocking compromised boxes, so you won't see a lot of requests. Other sections of the discussion board could be for spam fighting discussions, etc. I've been a member of IRC/Unity (comprised of IRCop's and Admins from the various IRC networks) since it's inception, and in their closed list, we discuss many ways to fight attacks and other security issues on IRC. You could take a lesson from IRC/Unity and have a "members only" section for sensitive discussions that you don't want spammers to see.What part does Chatmag or myself play in this? If you set it up as
I've suggested, I'll remove the article regarding yourself and SPEWS, and also delete the reference in our News section. If you are willing
to create a discussion board, and your web host does not give you that capability, I'll host it on my servers, setting you as Admin.I'll also to the best of our ability promote SPEWS as a viable
resource in the fight against spam, by including special articles in
our Safety Section, News, and linking SPEWS in the various topics
within the directory that would best target newbies. A lot of
Chatmag's traffic is newbies to chat and the Internet, so you'd be
targeting people that NEED good information regarding spam.Whatever else we can do, we'll do. It's all up to you now.
[HOME] [TOPICS INDEX] [CONTACT] [ADD A LISTING]
[LET CHATMAG HOST YOUR WEB SITE]
10% of the advertising revenue from this page will be donated to:
For More Information
on Our Contributions to Charities, Click
Here
copyright 1998-2005
chatmag.com