Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [SPAM] Re: Re: I will be awaiting your immediate response.
From: Matt <smp.repicky () gmail com>
Date: Mon, 1 Nov 2004 15:10:57 -0500

I don't see how getting yourself a private email address that is spam
free is such a hard problem.  I probably have 8-10 email addresses on
different email providers.  3 of which are private and remain between
me and friends/family and don't receive any spam, except for the
accounts that belong to yahoo and hotmail and receive the regular BS
that those domains tends to send to their clients.  1 address is an
account that i have abandoned that i used to have through dialup
provider.  The others i use on varying degrees of what i want to
register for on the internet depending upon how much spam i think i'm
gonna take from the process.  The most trusted registration account
receives only one or two spam messages every few days, whereas the
least trusted account receives 40-50 daily.

This account I made for the purpose of receiving security mailing
lists.  That's all it does.  About 80+ messages daily, and not one of
them to be considered "spam" as i've requested to get them all.  I am
impressed with the job gmail has done.

If you track your actions, it is possible to keep accounts clean.  And
if you keep track of who has your email address you can find out where
leaks come from.  However, I must agree the best way to get away from
spam is to get away from a spammed account and find out where the leak
came from.  Otherwise put up with the 10-15 messages a day or whatever
you're getting.

--


On Sun, 31 Oct 2004 14:14:53 -0500, GuidoZ <uberguidoz () gmail com> wrote:
Changing email adresses is NOT the way to fight spam. It's not fool-proof,
it's folish. Your new one goes around after a while because someone in
your family/relatives/friends gets another worm/virus/... and the spammers
get your email address again.

It has certainly worked for me. I've had the same email address for
10+ years. I've had another for almost 8 years. Between the two of
them, which I do still check weekly, I receive roughly 6,000 spam per
day. (Lately, I've yet to see less then 30,000 spam between the two of
them upon checking them weekly.) I use them to scan and generate
proper filters for my various anti-spam fighting systems, both in
Windows and Linux.

I also created a new email address that I use just for business. It's
about 3 years old and only receives 10-15 spam a day. (Much of this I
suspect is from a registration that was performed without my knowledge
- I have a separate email for registrations just for such a reason.)
Finally, I have a personal email account as well that friends and
family have. It's roughly 4 years old and only sees 20-30 spam per
day. The difference in them all, besides the age, is that I haven't
ever posted the business/personal one to a public space. The original
two (6,000+ per day) were both posted. (Each one on a website.) One is
business, one is personal. I've checked the access logs - it's easy to
pick out the spam bots.

While worms and viruses are defanately a problem when it comes to
spamming (from zombie machines to spoofing your address), it's not the
#1 problem. The fact that it's so easy to spam and get away with it
is. Google "bulk emailing" and see just how easy it is to get started.
Go buy one of the CDs that contain 13 million address, all for about
$20. That's your #1 problem.

Securing every machine on the internet would be a good start. 95% of all
spam messages I have seen lately gets send from DSL or Cable IP addresses.
These are machine which run spamware without the user knowing (s)he is
sending out spam by the buckets untill their ISP shuts them down.

Securing every machine on the Internet would be a very good start
indeed. Would also help quite a few other things as well. I'm open to
ideas on how. =) (As are a billion other people.) It's obviously just
never going to happen, therefore it's best to do the "next best
thing". Education can go a long way, both towards securing machines
and stopping spam. Enforcement of laws (all over the world) would also
help... instead of just making new ones that people won't follow.
(More info: http://www.spamlaws.com/ )

No one is afriad of breaking a law. All they are worried about is
being caught and punished. (If the former were true, then no one would
break the law.) Enforcement of laws and severe punishment of spammers
would be a step in the right direction. I've tried to do my part by
applying the local laws where I live (Washington State, USA). I've
sued spammers under the law, and won. It's not difficult really - they
aren't setup to try and fight back. Check the link above then call a
lawyer in your local area that has some knowledge of the subject.

My wife was a victim of being blacklisted. Her business email/website
is on a shared server. (Virtual host.) Someone else who also signed up
for a web hosting packge evidently used the server to spam. So, we
come to find out that many spam lists now listed the mail server two
tiers up (the web host's mail server host) was blacklisted. Business
emails (sales receipts, replies to questions, etc) started being
returned as blacklisted. She's never done anything wrong in her life
in relation to spam/email, yet she is punished. Securing the system
wouldn't of done a thing to prevent that, though enforcement of laws
would. All that happened to this individual? They lost their hosting
account. (They still got their 13 million emails out...)

Appreciate the reply Hugo. Excellent points.

--
Peace. ~G

On Sun, 31 Oct 2004 10:38:36 +0100 (CET), Hugo van der Kooij


<hvdkooij () vanderkooij org> wrote:
On Sun, 31 Oct 2004, GuidoZ wrote:

I'm seeing quite a rise in spam as well. The reason is most likely
quite simple... Gmail was new before, hence it wasn't spammed. The
best way to get rid of spam in your inbox - get a new one! Only
fool-proof way there is. Now that it's been around for awhile, so has
your email address. (There goes their trump card.)

Changing email adresses is NOT the way to fight spam. It's not fool-proof,
it's folish. Your new one goes around after a while because someone in
your family/relatives/friends gets another worm/virus/... and the spammers
get your email address again.

Securing every machine on the internet would be a good start. 95% of all
spam messages I have seen lately gets send from DSL or Cable IP addresses.
These are machine which run spamware without the user knowing (s)he is
sending out spam by the buckets untill their ISP shuts them down.

Hugo.

--
        I hate duplicates. Just reply to the relevant mailinglist.
        hvdkooij () vanderkooij org                http://hvdkooij.xs4all.nl/
                Don't meddle in the affairs of magicians,
                for they are subtle and quick to anger.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • Re: [SPAM] Re: Re: I will be awaiting your immediate response. Matt (Nov 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault