The fight agains spam
-
I was thinking (I know I shouldn't but sometimes I just can't help it :-) ) The reason why we receive so much spam is partially because it works. Even though only 0.0025% of spam gets some sort of a reply(I don't know the actual percentage), thats still a lot when you are sending millions of emails. So if we could stop the spam from working - would that mean spammers would stop? My guess is that they probably would - or at least try to find other ways (perhaps even worse methods. Who knows, we might think back someday and wish the days of spam were back...). My idea is to create a project similar to SetiAtHome or similar that does two things: - allows users to report sites/email addresses/phone numbers that are being advertised by spam. This notification would be sent to a central server that collects them. When a given number of users have reported a site as a spam-site it is marked as such (to prevent people from reporting non-spam sites for some strange reasons - revenge or whatever). - a software on the users computers (a screensaver a la SetiAtHome or a process with low priority in the background) would connect to the server and get a list of such spam sites. It would then initiate a denial-of-service attack to these sites. If this service would become popular enough (with tenths of thousands of users perhaps) it would generate enough DOS attacks to be able to block these spam sites. This would (hopefully) result in these sites to lose the benefit from emailing spam since it would only increase the magnitude of the attacks they would receive. I know there are many things that I haven't thought through. First is perhaps if this would be legal and something tells me that the DOS part would not be :-(. Secondly, spammers would definitely try to find ways around this, perhaps by using large hosting companies for their sites (I must admit I'm not that familiar with where spam sites are hosted at this moment). So what do you think? Am I way off here or would some variation of this idea work? All comments welcome, both positive and negative :-)
Wenn ist das Nunstück git und Slotermeyer? Ja! Beierhund das oder die Flipperwaldt gersput!
dabs wrote: So what do you think? Illegal, immoral. Might just work... :suss:
David Wulff http://www.davidwulff.co.uk
-
dabs wrote: So what do you think? Illegal, immoral. Might just work... :suss:
David Wulff http://www.davidwulff.co.uk
David Wulff wrote: Illegal, immoral. Might just work... Exactly. In my opinion spam won't be stopped unless we use methods similar as the spammers are using themselves. They are flooding us so we should flood them.
Wenn ist das Nunstück git und Slotermeyer? Ja! Beierhund das oder die Flipperwaldt gersput!
-
I was thinking (I know I shouldn't but sometimes I just can't help it :-) ) The reason why we receive so much spam is partially because it works. Even though only 0.0025% of spam gets some sort of a reply(I don't know the actual percentage), thats still a lot when you are sending millions of emails. So if we could stop the spam from working - would that mean spammers would stop? My guess is that they probably would - or at least try to find other ways (perhaps even worse methods. Who knows, we might think back someday and wish the days of spam were back...). My idea is to create a project similar to SetiAtHome or similar that does two things: - allows users to report sites/email addresses/phone numbers that are being advertised by spam. This notification would be sent to a central server that collects them. When a given number of users have reported a site as a spam-site it is marked as such (to prevent people from reporting non-spam sites for some strange reasons - revenge or whatever). - a software on the users computers (a screensaver a la SetiAtHome or a process with low priority in the background) would connect to the server and get a list of such spam sites. It would then initiate a denial-of-service attack to these sites. If this service would become popular enough (with tenths of thousands of users perhaps) it would generate enough DOS attacks to be able to block these spam sites. This would (hopefully) result in these sites to lose the benefit from emailing spam since it would only increase the magnitude of the attacks they would receive. I know there are many things that I haven't thought through. First is perhaps if this would be legal and something tells me that the DOS part would not be :-(. Secondly, spammers would definitely try to find ways around this, perhaps by using large hosting companies for their sites (I must admit I'm not that familiar with where spam sites are hosted at this moment). So what do you think? Am I way off here or would some variation of this idea work? All comments welcome, both positive and negative :-)
Wenn ist das Nunstück git und Slotermeyer? Ja! Beierhund das oder die Flipperwaldt gersput!
There is an openrelay SMTP mail server list. You should ask your mail provider to use the ordb.org database to reject incoming mails. It can go a long way in combating spam. Many companies have done it on an enterprise level. I hope it catches on with the public mail services as well. My article on a reference-counted smart pointer that supports polymorphic objects and raw pointers
-
I was thinking (I know I shouldn't but sometimes I just can't help it :-) ) The reason why we receive so much spam is partially because it works. Even though only 0.0025% of spam gets some sort of a reply(I don't know the actual percentage), thats still a lot when you are sending millions of emails. So if we could stop the spam from working - would that mean spammers would stop? My guess is that they probably would - or at least try to find other ways (perhaps even worse methods. Who knows, we might think back someday and wish the days of spam were back...). My idea is to create a project similar to SetiAtHome or similar that does two things: - allows users to report sites/email addresses/phone numbers that are being advertised by spam. This notification would be sent to a central server that collects them. When a given number of users have reported a site as a spam-site it is marked as such (to prevent people from reporting non-spam sites for some strange reasons - revenge or whatever). - a software on the users computers (a screensaver a la SetiAtHome or a process with low priority in the background) would connect to the server and get a list of such spam sites. It would then initiate a denial-of-service attack to these sites. If this service would become popular enough (with tenths of thousands of users perhaps) it would generate enough DOS attacks to be able to block these spam sites. This would (hopefully) result in these sites to lose the benefit from emailing spam since it would only increase the magnitude of the attacks they would receive. I know there are many things that I haven't thought through. First is perhaps if this would be legal and something tells me that the DOS part would not be :-(. Secondly, spammers would definitely try to find ways around this, perhaps by using large hosting companies for their sites (I must admit I'm not that familiar with where spam sites are hosted at this moment). So what do you think? Am I way off here or would some variation of this idea work? All comments welcome, both positive and negative :-)
Wenn ist das Nunstück git und Slotermeyer? Ja! Beierhund das oder die Flipperwaldt gersput!
I don't think a central server is necessary for this. I can't see why this can't be done with just P2P connections. Thus the more Spam a Spammer sends the bigger will be the DOS attack they recieve in return. With P2P imagine you could share your spam list with 1000 other users and you send a 3600 ACKs in an hour, then you are onto something. I think it would be better to rename it as an Email Verification Emissary, and not to use the words DOS in the development of it. Regardz Colin J Davies
Sonork ID 100.9197:Colin
You are the intrepid one, always willing to leap into the fray! A serious character flaw, I might add, but entertaining. Said by Roger Wright about me.
-
We should put an internaitonal death sentence on reading spam. it doesn't need to be enforced, just to sit there, lurking, to give people the creepy feeling of "OMG if someone found out I could get shot for this!" Makes them more careful with their inbox, little creepers ;) A good thing would be identifying the people that make spam work - i.e. those that purchase something they learnt of by spam. Randomly shoot one every week. Arrange the shooting at prime time, and broadcast their final words as well ("Hi, I'm mark, and I purchased a spycam on the internet. I want to tell mommy how much I love her and that I am very very sorry! breaks in tears") as well as the shooting ("bam bam splatter"). NO wait, this could actually make work spam even better :rolleyes:
Those who not hear the music think the dancers are mad. [sighist] [Agile Programming]
LOL, I now feel like draghting a chain letter to that effect. :-) Regardz Colin J Davies
Sonork ID 100.9197:Colin
You are the intrepid one, always willing to leap into the fray! A serious character flaw, I might add, but entertaining. Said by Roger Wright about me.
-
I don't think a central server is necessary for this. I can't see why this can't be done with just P2P connections. Thus the more Spam a Spammer sends the bigger will be the DOS attack they recieve in return. With P2P imagine you could share your spam list with 1000 other users and you send a 3600 ACKs in an hour, then you are onto something. I think it would be better to rename it as an Email Verification Emissary, and not to use the words DOS in the development of it. Regardz Colin J Davies
Sonork ID 100.9197:Colin
You are the intrepid one, always willing to leap into the fray! A serious character flaw, I might add, but entertaining. Said by Roger Wright about me.
Of course this would have an innocent name. I like the name Email Verification Emissary (EVE). And yes, P2P will probably work too, I just have no prior knowledge in implementing such solutions. Not that I am going to start coding this solution tomorrow, just trying to think of ways to fight spam, perhaps others will use the idea :-) The idea behind the centralized server was basically to ensure that only spam sites would be attacked and it would also take care of the distribution of the attacks. Say that 10.000 sites have been reported and there are 100.000 users online. The server would figure out how many attacks were necessary to bring the "hottest" spam sites down (those most often reported) and scedule enough users to start those attacks. So instead of each site only getting hits from 10 users then perhaps the 100 most frequently reported sites would get attacks from 1000 users (or whatever number needed to bring them down). The server would probably just ping the spam sites and if they reply within a certain time limit they need more attacks! But as I said, it's not that I am coding this solution right now, just trying to think of ways to get back at the spammers :-)
Wenn ist das Nunstück git und Slotermeyer? Ja! Beierhund das oder die Flipperwaldt gersput!
-
There is an openrelay SMTP mail server list. You should ask your mail provider to use the ordb.org database to reject incoming mails. It can go a long way in combating spam. Many companies have done it on an enterprise level. I hope it catches on with the public mail services as well. My article on a reference-counted smart pointer that supports polymorphic objects and raw pointers
This does help of course but it does not prevent the spammers from creating a temporary account at hotmail or yahoo and use it to send out the spam. Most of the spam I receive at my hotmail email adress comes from yahoo or hotmail users.
Wenn ist das Nunstück git und Slotermeyer? Ja! Beierhund das oder die Flipperwaldt gersput!
-
Of course this would have an innocent name. I like the name Email Verification Emissary (EVE). And yes, P2P will probably work too, I just have no prior knowledge in implementing such solutions. Not that I am going to start coding this solution tomorrow, just trying to think of ways to fight spam, perhaps others will use the idea :-) The idea behind the centralized server was basically to ensure that only spam sites would be attacked and it would also take care of the distribution of the attacks. Say that 10.000 sites have been reported and there are 100.000 users online. The server would figure out how many attacks were necessary to bring the "hottest" spam sites down (those most often reported) and scedule enough users to start those attacks. So instead of each site only getting hits from 10 users then perhaps the 100 most frequently reported sites would get attacks from 1000 users (or whatever number needed to bring them down). The server would probably just ping the spam sites and if they reply within a certain time limit they need more attacks! But as I said, it's not that I am coding this solution right now, just trying to think of ways to get back at the spammers :-)
Wenn ist das Nunstück git und Slotermeyer? Ja! Beierhund das oder die Flipperwaldt gersput!
On reflection maybe "Systematic Internet Email Verification Emissary" would be nice also. Names of programs and About boxes are what determine any projects success more than funcionality. :-) My main opposition to any centralized server is that the legal authorities will shut it down due to ISP type complaints and the owner of the server would be found legally acountable. However if a project was released into the wild as freeware using P2P connections, ISP's would have to operate on an individual level to stop it. I think similar to you in that it is a numbers game, but with P2P if 1000 users tell 100 others who all send an Acknowledgement signal every second, sites will be stalled very quickly. If hosting sites were more rigid on the activity their users were using spam wouldn't be such a problem. dabs wrote: But as I said, it's not that I am coding this solution right now, Darn ! I was hoping for a solution by the end of the month. :-) Regardz Colin J Davies
Sonork ID 100.9197:Colin
You are the intrepid one, always willing to leap into the fray! A serious character flaw, I might add, but entertaining. Said by Roger Wright about me.
-
On reflection maybe "Systematic Internet Email Verification Emissary" would be nice also. Names of programs and About boxes are what determine any projects success more than funcionality. :-) My main opposition to any centralized server is that the legal authorities will shut it down due to ISP type complaints and the owner of the server would be found legally acountable. However if a project was released into the wild as freeware using P2P connections, ISP's would have to operate on an individual level to stop it. I think similar to you in that it is a numbers game, but with P2P if 1000 users tell 100 others who all send an Acknowledgement signal every second, sites will be stalled very quickly. If hosting sites were more rigid on the activity their users were using spam wouldn't be such a problem. dabs wrote: But as I said, it's not that I am coding this solution right now, Darn ! I was hoping for a solution by the end of the month. :-) Regardz Colin J Davies
Sonork ID 100.9197:Colin
You are the intrepid one, always willing to leap into the fray! A serious character flaw, I might add, but entertaining. Said by Roger Wright about me.
Colin Davies wrote: "Systematic Internet Email Verification Emissary" would be nice also SIEVE is a great name actually! On the centralized server issue, yes the legal issue is of course a big factor, I was hoping that since the server would not be doing any attacks itself then it would perhaps be possible to justify its existence. Perhaps by saying that its function was mainly to collect a list of spam sites and report it to users who would like to make sure they don't accidentally visit such sites :cool: A factor I haven't researched enough is what number of requests would be sufficient to bring down an average spam-site server. How many sites could 1000 users sending 100 requests every second bring down? 1? 10? 100? I have absolutely no idea... In my opinion users could not send more than 100 requests every second (i.e. 1 request per second to 100 spam sites) and we would also need to take into account the ability web servers have to identify DOS attacks. When does a server start to suspect that it has been hit by a DOS attack?
Wenn ist das Nunstück git und Slotermeyer? Ja! Beierhund das oder die Flipperwaldt gersput!
-
I was thinking (I know I shouldn't but sometimes I just can't help it :-) ) The reason why we receive so much spam is partially because it works. Even though only 0.0025% of spam gets some sort of a reply(I don't know the actual percentage), thats still a lot when you are sending millions of emails. So if we could stop the spam from working - would that mean spammers would stop? My guess is that they probably would - or at least try to find other ways (perhaps even worse methods. Who knows, we might think back someday and wish the days of spam were back...). My idea is to create a project similar to SetiAtHome or similar that does two things: - allows users to report sites/email addresses/phone numbers that are being advertised by spam. This notification would be sent to a central server that collects them. When a given number of users have reported a site as a spam-site it is marked as such (to prevent people from reporting non-spam sites for some strange reasons - revenge or whatever). - a software on the users computers (a screensaver a la SetiAtHome or a process with low priority in the background) would connect to the server and get a list of such spam sites. It would then initiate a denial-of-service attack to these sites. If this service would become popular enough (with tenths of thousands of users perhaps) it would generate enough DOS attacks to be able to block these spam sites. This would (hopefully) result in these sites to lose the benefit from emailing spam since it would only increase the magnitude of the attacks they would receive. I know there are many things that I haven't thought through. First is perhaps if this would be legal and something tells me that the DOS part would not be :-(. Secondly, spammers would definitely try to find ways around this, perhaps by using large hosting companies for their sites (I must admit I'm not that familiar with where spam sites are hosted at this moment). So what do you think? Am I way off here or would some variation of this idea work? All comments welcome, both positive and negative :-)
Wenn ist das Nunstück git und Slotermeyer? Ja! Beierhund das oder die Flipperwaldt gersput!
dabs wrote: - a software on the users computers (a screensaver a la SetiAtHome or a process with low priority in the background) would connect to the server and get a list of such spam sites. It would then initiate a denial-of-service attack to these sites. The problem is that hey relay though other servers. If you DOS the relay servers and the whole net will shut down. The ORDB (http://www.ordb.org/) shows how bad it really is. Cheers Mike Johannesburg, South Africa
-
dabs wrote: - a software on the users computers (a screensaver a la SetiAtHome or a process with low priority in the background) would connect to the server and get a list of such spam sites. It would then initiate a denial-of-service attack to these sites. The problem is that hey relay though other servers. If you DOS the relay servers and the whole net will shut down. The ORDB (http://www.ordb.org/) shows how bad it really is. Cheers Mike Johannesburg, South Africa
OK I might not have specified my idea clearly enough. The idea is not to DOS the email servers but rather the spam sites the emails are advertising. I'm aware of the amount of email sent from yahoo, hotmail and other common email hosting sites. Let's say I receive an email from doyouwanttolose40poundsintwomonths@yahoo.com and the email is advertising a site that GUARANTEES that I will lose AT LEAST 40 POUNDS FAST!!! Then the email contains a link to a website I'm supposed to go to to get more information about this great product, lets say www.loseweightfast.com or whatever. My users would report this email as spam and in the process www.loseweightfast.com would be reported as a spam site and would get attacks if enough users report this site as a spam site. The email address would probably never even be stored anywhere, just the website address. Then there's another problem (and this is perhaps what you are talking about - I might have misunderstood) but some spam links point to http://www.firstrunmarketing.com/someforwardingpage.asp?someparameters and when the users click that link then the user is forwarded to the actual spam site. But then again, isn't www.firstrunmarketing.com also a spam site? It probably is...
Wenn ist das Nunstück git und Slotermeyer? Ja! Beierhund das oder die Flipperwaldt gersput!
-
This does help of course but it does not prevent the spammers from creating a temporary account at hotmail or yahoo and use it to send out the spam. Most of the spam I receive at my hotmail email adress comes from yahoo or hotmail users.
Wenn ist das Nunstück git und Slotermeyer? Ja! Beierhund das oder die Flipperwaldt gersput!
I think hotmail/yahoo etc should have a cap on the number of mails that can be sent out per day. My article on a reference-counted smart pointer that supports polymorphic objects and raw pointers
-
OK I might not have specified my idea clearly enough. The idea is not to DOS the email servers but rather the spam sites the emails are advertising. I'm aware of the amount of email sent from yahoo, hotmail and other common email hosting sites. Let's say I receive an email from doyouwanttolose40poundsintwomonths@yahoo.com and the email is advertising a site that GUARANTEES that I will lose AT LEAST 40 POUNDS FAST!!! Then the email contains a link to a website I'm supposed to go to to get more information about this great product, lets say www.loseweightfast.com or whatever. My users would report this email as spam and in the process www.loseweightfast.com would be reported as a spam site and would get attacks if enough users report this site as a spam site. The email address would probably never even be stored anywhere, just the website address. Then there's another problem (and this is perhaps what you are talking about - I might have misunderstood) but some spam links point to http://www.firstrunmarketing.com/someforwardingpage.asp?someparameters and when the users click that link then the user is forwarded to the actual spam site. But then again, isn't www.firstrunmarketing.com also a spam site? It probably is...
Wenn ist das Nunstück git und Slotermeyer? Ja! Beierhund das oder die Flipperwaldt gersput!
How about .freeservers.com or 8m.com sites.. They can be easily set up, but not all of them are spam sites. Also another thing that you might want to look at is what words are used in spam that aren't used in normal messages (have a button on your app that says "This is spam" and collect the infomation and research it (possible distro comp). -Steven CP Addict
By reading this message you are held fully responsible for any of the mispelln's or grammer, issues, found on, codeproject.com.
For those who were wondering, actual (Linux) Penguins were harmed in creating this message.
Visit Ltpb.8m.com
404Browser (Efficient, Fast, Secure Web Browser): 404Browser.com -
How about .freeservers.com or 8m.com sites.. They can be easily set up, but not all of them are spam sites. Also another thing that you might want to look at is what words are used in spam that aren't used in normal messages (have a button on your app that says "This is spam" and collect the infomation and research it (possible distro comp). -Steven CP Addict
By reading this message you are held fully responsible for any of the mispelln's or grammer, issues, found on, codeproject.com.
For those who were wondering, actual (Linux) Penguins were harmed in creating this message.
Visit Ltpb.8m.com
404Browser (Efficient, Fast, Secure Web Browser): 404Browser.comYes it would have to be something like that. My users would have the possibility to report either individual emails as spam or certain sites. When an email has been reported, my app would have to figure out what site is actually behind the spam. The .freeservers.com and 8m.com sites are a problem indeed. The "attacks" in these cases would have to be emails to the admins at these servers notifying them about the spam sent out to advertise such sites. I do realize that this will not work for all spam, and spammers will always try to find ways around this system.
Wenn ist das Nunstück git und Slotermeyer? Ja! Beierhund das oder die Flipperwaldt gersput!
-
I was thinking (I know I shouldn't but sometimes I just can't help it :-) ) The reason why we receive so much spam is partially because it works. Even though only 0.0025% of spam gets some sort of a reply(I don't know the actual percentage), thats still a lot when you are sending millions of emails. So if we could stop the spam from working - would that mean spammers would stop? My guess is that they probably would - or at least try to find other ways (perhaps even worse methods. Who knows, we might think back someday and wish the days of spam were back...). My idea is to create a project similar to SetiAtHome or similar that does two things: - allows users to report sites/email addresses/phone numbers that are being advertised by spam. This notification would be sent to a central server that collects them. When a given number of users have reported a site as a spam-site it is marked as such (to prevent people from reporting non-spam sites for some strange reasons - revenge or whatever). - a software on the users computers (a screensaver a la SetiAtHome or a process with low priority in the background) would connect to the server and get a list of such spam sites. It would then initiate a denial-of-service attack to these sites. If this service would become popular enough (with tenths of thousands of users perhaps) it would generate enough DOS attacks to be able to block these spam sites. This would (hopefully) result in these sites to lose the benefit from emailing spam since it would only increase the magnitude of the attacks they would receive. I know there are many things that I haven't thought through. First is perhaps if this would be legal and something tells me that the DOS part would not be :-(. Secondly, spammers would definitely try to find ways around this, perhaps by using large hosting companies for their sites (I must admit I'm not that familiar with where spam sites are hosted at this moment). So what do you think? Am I way off here or would some variation of this idea work? All comments welcome, both positive and negative :-)
Wenn ist das Nunstück git und Slotermeyer? Ja! Beierhund das oder die Flipperwaldt gersput!
You have an interesting idea. Now, the sticky part seems to be the DOS attack, more generally, how to respam the spam. Basically, something needs to happen to the spammer in order for them to stop. I say execution would suffice. To work around the legal issues of DOS, may I suggest a different type of DOS. Don't some web hosts, especially the freebies, have monthly transfer limits on the accounts? If so, do enough HTTP requests to the spam site to exceed any transfer limits but not do a DOS attack per sae, let the web host do it - or charge the spammer fines or fees for exceeding any limits. What the spammer is trying to do is increase traffic, right? Another option is tracking down an email from the spam site and spam it. Maybe charge a nominal fee for subscriptions to this service to pay for expenses incurred. Hey I'll donate time to create this....
-
You have an interesting idea. Now, the sticky part seems to be the DOS attack, more generally, how to respam the spam. Basically, something needs to happen to the spammer in order for them to stop. I say execution would suffice. To work around the legal issues of DOS, may I suggest a different type of DOS. Don't some web hosts, especially the freebies, have monthly transfer limits on the accounts? If so, do enough HTTP requests to the spam site to exceed any transfer limits but not do a DOS attack per sae, let the web host do it - or charge the spammer fines or fees for exceeding any limits. What the spammer is trying to do is increase traffic, right? Another option is tracking down an email from the spam site and spam it. Maybe charge a nominal fee for subscriptions to this service to pay for expenses incurred. Hey I'll donate time to create this....
Harrier wrote: You have an interesting idea Thanks :-) Harrier wrote: Now, the sticky part seems to be the DOS attack, Yes. I had imagined lots of clients sending requests (ACK's) where the number of requests sent by each client could not be interpreted as a DOS attack but the number of requests combined would suffice to kill the spam site. Harrier wrote: I say execution would suffice I absolutely agree. However, someone already built the electric chair whereas this application hasn't been built :-) Harrier wrote: Don't some web hosts, especially the freebies, have monthly transfer limits on the accounts? Perhaps, but is it something we can rely on? What about the porn sites? Aren't they designed to handle lots of traffic? Harrier wrote: Maybe charge a nominal fee for subscriptions to this service to pay for expenses incurred. Hey I'll donate time to create this.... Count me in ... :-)
Wenn ist das Nunstück git und Slotermeyer? Ja! Beierhund das oder die Flipperwaldt gersput!
-
OK I must admit I missed the SpamNet program. It does sound promising but again it does not stop the spam from being sent in the first place. Also, the problem with many of these tools is that they are plugins in Outlook or other client side email software. This would not work for users that use web-based email systems (such as the web version of Exchange). Regarding the DOS issue, I was hoping that each user would only send a few "attacks", it would actually be a few requests from each user but hopefully incomplete requests that would not count as hits on the spam site but would eat resources nonetheless. The volume of users would actually create the DOS effect. But as I said, I welcome all comments, both negative and positive. I would like to know about all downsides of this idea.
Wenn ist das Nunstück git und Slotermeyer? Ja! Beierhund das oder die Flipperwaldt gersput!
dabs wrote: OK I must admit I missed the SpamNet program. It does sound promising but again it does not stop the spam from being sent in the first place. It helps fighting spam in a indirect way, i.e., what's the point of sending spam if the intended audience doesn't see your spam?
It's not the fall that kills you: it's the sudden stop - Down by Law, Jim Jamursch (1986)