|
Grex > Oldcoop > #376: The problems with Grex, e-mail and spam | |
|
| Author |
Message |
| 25 new of 480 responses total. |
maus
|
|
response 121 of 480:
| 
Nov 29 16:36 UTC 2006 |
Probably not, but who would turn down such a warm greeting?
I am not the small, cute rodent from Mnet or The Well. I am not the grad
student with huge boobs. I am, however, the small, cute rodent who has
been inhabiting cyberspace.org for a fair number of years, but who was
too introverted to participate in the discussions until recently.
|
keesan
|
|
response 122 of 480:
|
Nov 29 16:54 UTC 2006 |
I wrote up a small easy filter that you can just copy from my home directory
to yours, along with my .forward file. cp ~keesan/procmail.simple
./.procmailrc. Then change 'keesan' to your own login, and change the
'jdeigert' in my whitelist to the name of someone you want to get mail from.
This filters on anything assigned five points by spamassassin but I would
change it to three points (*/*/* instead of */*/*/*/*) because I never got
a false positive that way. Someone else copied this but did not let me know
yet if it worked. A slightly more complicated sample is procmail.sample .
I think I set this to send */*/* to /dev/null and */* to a spam folder.
Today I got no spam in any folder, after adding a few more filters on such
things as Windows character sets, embedded images, From: debora .
I don't recall if my sample filter keeps a log of what went where, but I have
my own filter set up to keep a short version, which is running 20 pages a day
of mostly spam (at 3 lines per entry).
|
gull
|
|
response 123 of 480:
|
Nov 29 22:34 UTC 2006 |
With spamc the main concern, load wise, is to make sure you're not
running excessively large messages through it. On systems I configure
I generally bypass spamc for messages larger than 1 megabyte. Its
memory and CPU usage goes up rapidly with message size.
|
remmers
|
|
response 124 of 480:
|
Nov 29 22:41 UTC 2006 |
Using the method I described, it's easy to incorporate that.
|
keesan
|
|
response 125 of 480:
|
Nov 29 23:16 UTC 2006 |
I used to dump any message over 100K and now I forward them somewhere else
before running spamc. remmers, are you working on some way to let people set
up a filter without knowing how to copy and edit a file?
|
remmers
|
|
response 126 of 480:
|
Nov 30 13:36 UTC 2006 |
Yes.
|
tsty
|
|
response 127 of 480:
|
Dec 1 09:00 UTC 2006 |
glad i started something progressive ... keep it up - thank you.
,.
|
naftee
|
|
response 128 of 480:
|
Dec 2 19:37 UTC 2006 |
tajnxxxxxxxxx tws
|
remmers
|
|
response 129 of 480:
|
Dec 6 15:55 UTC 2006 |
There's an article in today's New York Times about the recent upsurge in
spam and why methods of dealing with it that were reasonably effective a
few months ago are now failing.
http://www.nytimes.com/2006/12/06/technology/06spam.html
According to the article, spam volume has doubled in the last year, 90%
of internet email messages are spam, and spammers have developed new
techniques that are very effective in getting past existing spam
filters. The article has interesting details on how spammers are
foiling the filters and why they remain motivated -- there are still
enough suckers who fall for their scams to make them money, often a 5%
or 6% return in just two days.
Anti-spam companies are scrambling to develop techniques to filter the
new breed of spam, but they have a way to go to catch up. If and when
they do, spammers will invent new techniques to get around the new
filters, judging from past patterns.
My own experiments with spam control on Grex tend to bear out what the
article is saying. A few months ago, SpamAssassin filtered over 90% of
the spam coming to my mailbox. I reactivated the filter yesterday, and
it was catching less than half of it. In fact, the spam score of most
of the junk messages was 0.0, meaning that SpamAssassin didn't think the
message was suspicious at all.
SpamAssassin has a "learning" feature (the "sa-learn" command; you can
tell it that messages it let through are in fact spam, and that's
supposed to make it smarter about filtering in the future); I've been
playing around with that and will see if it really improves things. But
it's somewhat cumbersome to use. I'm sure users want a spam solution
that "just works" rather than something that requires constant care and
feeding.
The trouble is, nobody has such a solution. Given that companies that
specialize in spam filtering and actually pay their programmers are
having such poor success nowadays, I'm pessimistic about Grex's
prospects of effectively controlling spam, at least in the near term.
Giving users the option of turning off inbound mail entirely seems more
and more desirable.
|
rcurl
|
|
response 130 of 480:
|
Dec 6 17:33 UTC 2006 |
Spam might be thought of as an infection, and spam blocking is equivalent to
antibiotics. However is there any potential for *immunization*? I imagine an
"anti-spam bot" that infects people's computers with a spam-bot killer
application. I can see an ethical question in this - immunizing users'
computers without their knowledge - but that is till better than the
infection, especially as the "anti-spam bot" could be made to have no side
effects.
|
remmers
|
|
response 131 of 480:
|
Dec 6 17:52 UTC 2006 |
Interesting idea. I can see various problems with it but won't discuss
them here, as this item is supposed to be about what measures might be
feasible for Grex to take regarding the spam problem.
|
keesan
|
|
response 132 of 480:
|
Dec 6 18:00 UTC 2006 |
I change my filter every day or two when the subject line of the stock spams
changes. Today it is 'check this' with a name, some days just a name, some
days 'name here' etc. Labor-intensive but I get less than 10 spams a day,
most of them in the spam folder (anything on the spamcop or sorbs list which
slips through spamassassin goes there). I am also dumping inline images,
javascript, 3DContent, and all Windows charsets, and whitelisting any friends
who use that junk, if I find their mail in my log file.
I dump anything mailed by The Bat!
|
mcnally
|
|
response 133 of 480:
|
Dec 6 18:14 UTC 2006 |
Sindi is using what could probably be thought of as the Howard Hughes
method of spam immunization.
|
rcurl
|
|
response 134 of 480:
|
Dec 6 18:50 UTC 2006 |
That takes probably more time than just deleting it.
|
nharmon
|
|
response 135 of 480:
|
Dec 6 20:42 UTC 2006 |
Re: Anti-spam immunization, there are groups that do something like
this except for exploit botnets not necessary spambots. I think its
called the Honeynet project.
|
keesan
|
|
response 136 of 480:
|
Dec 6 21:23 UTC 2006 |
I consider it fun to tune the spam filter, but unpleasant to have to delete
spams. And it only takes a few minutes a day to analyze what is slipping
through. I seem to be missing a lot of the Windows-1252 stuff, it gets
through the beginning of my filter, don't know why.
|
void
|
|
response 137 of 480:
|
Dec 7 02:32 UTC 2006 |
I rather liked the Alan Ralsky method of deterring spam...people found
out his home address and signed him up for every kind of junk snail mail
they could think of. Too bad other sapmmers' home addresses are not so
easily found.
|
gull
|
|
response 138 of 480:
|
Dec 7 04:05 UTC 2006 |
Re resp:130: The idea of retaliating against spam bots surfaces every
so often. It's been tried, but there have always been problems with
mis-targeting, collateral damage, and legal liability.
|
rcurl
|
|
response 139 of 480:
|
Dec 7 06:37 UTC 2006 |
It would have to be done in the same spirit of the spammers - undercover.
Is there a discussion somewhere of mistargeting and collateral damage?
|
krj
|
|
response 140 of 480:
|
Dec 7 19:26 UTC 2006 |
Just as a personal whiny datapoint: I had 180 spam e-mails in my
work e-mail this morning, which had all arrived since I left
work the previous day. This extrapolates out to close to 300 per
day; this would mean that my spam load has tripled since early
November, when I was getting about 100 per day.
If it triples again, my work e-mail account will get close to 1000
per day.
There is no reason to assume this growth curve will stop short of
the collapse of the e-mail infrastructure.
On Grex, /var/mail is full again.
|
keesan
|
|
response 141 of 480:
|
Dec 7 19:51 UTC 2006 |
I think we should bring back the 100K mail limit, 1MB mailbox limit, and
delete mailboxes of anyone who has not read their mail in 1 month except for
members.
|
rcurl
|
|
response 142 of 480:
|
Dec 7 20:04 UTC 2006 |
Given the spam load, a 1MB mailbox limit could be reached in one day - the
limit should be big enough to allow a week's worth of mail since not everone
can log in daily (like I usually do - but then, I will be away and possibly
out of touch over the holidays). What happens to mail when the limit is
reached?
This is another reason for a general Grex filter for the spam-of-the-day
variety.
|
cross
|
|
response 143 of 480:
|
Dec 7 21:00 UTC 2006 |
This is yet another reason for grex to adopt an ``opt-in'' email strategy.
The fact of the matter is that most grex users don't use grex email (and by
users, I'm referring to the vast, vast majority who never touch the BBS or
party). So their mailboxes just get full and sit on the disk, taking up
space, but full of useless spam.
A far better solution is to, by default, not to premit users to send *or
receive* email unless they specifically request it. Then set up an automatic,
and verifiable, way to determine who gets access (or allow some group of
people to ``sponsor'' email access).
The model could be this:
You login via newuser, create an account, and have no network or email access.
Say you want email access. You run some program that tells you to submit a
$1 one-time donation via PayPal; then you get access. If you cannot do that,
you can be told to ask a member to sponsor email access somewhow. E.g., send
a write message, run another program to request access that sends a message
on your behalf, etc.
There should be a program called ``sponsor'' that allows members to set up
accounts and email access for new users. So when Sindi donates some obsolete
computer to some random person, she can beforehand create that person an
account on grex. Then, once they get said computer, they can just dial in
as normal and be shown how to use, e.g., mutt for email access. *They* don't
need a PayPal account since we trust Sindi to vouch for them.
International users are by and large looking for Unix access, not email. They
can either use PayPal to verify their identity, or use ask someone to sponsor
them.
For that handful of users who *do* actually use email, a mixture of an
aggressive spam and virus filter coupled with subscribing to the various spam
detection services and blacklists would greatly reduce the amount of incoming
spam. Anyone who wanted to go further could do something like use Sindi's
filter.
|
edina
|
|
response 144 of 480:
|
Dec 7 21:07 UTC 2006 |
If someone wants to eliminate my email account, consider this
permission to do so.
|
keesan
|
|
response 145 of 480:
|
Dec 7 21:33 UTC 2006 |
How about emailing everyone asking if they want to keep their email account,
and if they don't reply and have not accessed the account for amonth, delete
it except for the 40 paying members. Limit everyone to 1MB and they can
forward mail some place else if they go on vacation away from a computer.
Make the spam filter optional, for people who like 1MB of spam in their box.
|