Blue Security's inability to process my volume of spam.
Thu, 2006-06-01 09:37 — drosoph
Sometimes I feel like I'm a honeypot for SPAM.
In just three of my accounts (wife's, mine, and one web account), we receive over 15,000 SPAM per DAY. BlueSecurity was never able to process that volume even with multiple machines and massive amounts of scripting. It's nice to be at the top of the list of submitters but when you're only submitting 10% of what you get, it still isnt working. I want to be able to submit every single junk email that I get without backlogs.
I am a COMPLETE supporter of the programs as long as they remain legitimate and supervised. And, I will contribute in any way that I can to make sure that we put a stop to unsolicited email ads.
- drosoph's blog
- Login or register to post comments
Similar entries
Poll
Do you think Blue Frog was the best or Black Frog is or is going to be better ?
Blue Frog was better
42%
Balck frog is better or is going to be better
58%
Total votes: 71
Recent comments
- Re: Knujon.com
1 day 1 hour ago - Re: Upside Down Car Loans
1 week 2 days ago - Re: Cash Till Payday Loans: Money Your Pocket Right Away
1 week 4 days ago - Re: SPAM SOFTWARE I JUST FOUND
1 week 4 days ago - Re: Fighting SPAM, PHISHING and INTERNET FRAUD
2 weeks 3 hours ago - To be a winner....
2 weeks 3 hours ago - Re: Myers Briggs Personality Test
3 weeks 4 days ago - Re: Mortgage Loan Refinance, Refinancing Mortgage Loans, Mortgag
4 weeks 1 day ago - Re: BLACK FROG
4 weeks 3 days ago - Re: BLACK FROG
4 weeks 4 days ago
Syndicate
Comments
zkfhtyai
[URL=http://hzzqzhum.com]fcquepkr[/URL] evdgqeux qhauyjio http://vbrbfqfg.com gedefvpv wnahfgyo
Signs of pending comment-spam doom
I think these meaningless posts are signs of a pending flood of comment spam.
The meaningless posts are sent by a comment spammer (or a comment-spam bot) to check if we remove such stuff quickly or not. If we don't remove it quickly they'll flood us with comment spam.
If our forum engine supports moderating, so that regular users (or special trusted users) can vote on each post, and if it can hide down-voted posts, I think this should be enabled. Then we can all help removing spam. If this is not supported, I think someone with suitable access privileges will have to monitor the forum frequently and quickly remove bad posts.
If neither of these are possible I fear we will soon drown in comment spam.
The longer these two initial posts stay, the more likely we'll be spammed.
An alternative might be to add rel="nofollow" to each link (explained in the information I linked to). However I'm not sure that's effective.
Poltergeist
nathan's fault
yeah it pretty much sucks, but nathan won't give anyone access to fix it, I just have enough access to post stories :(
just so you all know, its nathan's fault this project is being held up
I remember there was one
I remember there was one spammer who posted a unique number to every blog on the net, basically tagging every blog, then he or she googled for those numbers to build a database of sites that were spammable.
Because of that things like that akismet for wordpress was created.
globalwarming awareness2007
I use IncrediMail to filter
I use IncrediMail to filter spam. It's really good :)
I think the Okopipi setup
I think the Okopipi setup will handle this kind of volume better than BlueSecurity was able to -- bluefrog relied on you finding a way to forward your junk to their reporting addresses. Email simply isn't a great way to pass around large amounts of data, and the extensions for email clients, etc. were just forwarding email -- not uploading compressed data.
I don't know if the details have all been worked out, but I think the new plugins for mail clients will just save spam emails locally, and the Okopipi client will manage uploading them to the network -- presumably compressed, and certainly not while you're sitting there waiting for the message to send so you can get back to your email.
Dupes
I believe that you were probably receiving duplicates. Tens of thousands of the same exact email. If a filter system was built to eliminate all the dupes, I bet you'd only be getting a couple hundred uniques a day. There's no way to handle 15K spams per day because all the links have to be visited first to determine if they are actually a spam site. a couple hundred wouldn't be a problem though.
wow
I get 1-3 spam messages a day. Putting spammers out of business (or attempting to) has pretty much become a hobby of mine, as weird as that sounds. . so when I read that you get that much spam.. in the back of my mind I was thinking "ooh, I wish I got that much.."
So how'd you manage to get that much? what e-mail provider are you using?
To NPerez
I'm being rude and replying out of turn...but...I have Yahoo and I get average 3-6 spams a day and reporting spam to Yahoo is like...well..spitting in the wind. Yahoo's spam system is not effective at ALL.
girlwart
SpamGuard
Click on Options [on the upper right of the Yahoo Mail page] and then click on Spam Protection. Make sure SpamGuard Plus is ON and choose Save these messages in the Bulk Folder .
If you're posting your e-mail address in online Guestbooks or signing up for mailing lists [among other things] it'll just be a matter of time and you'll likely be deluged with spam ;) **Never click a link to be 'removed from a list' or opt-out of an e-mail that you didn't expressly sign up for.**
That's incredible
That's an amazing amount of spam. Have you ever considered forwarding those addresses to something like a Yahoo or Gmail account, something with a really good anti-spam filter?
Taking into account people such as yourself, and I'm positive that there's several people like you, will be of utmost importance, especially considering that your traffic will be only a fraction of everyone's traffic put together.
Your answers
Extra spam...
"The wonderful spammers who took a liking to BlueSecurity used the filtering lists to"
You've got to wonder about the mentality of these people. Annoying the very people who are already taking action? Not smart.
If I were a spammer I'd be looking for ways to clean up my lists simply so I could concentrate on the people who might actually buy from me. A list of people who would never, ever, under ANY circumstances buy viagara from a spammer would be quite useful.
But nooo...they think they're above the laws of the universe, and they'll find this out one day. All it takes is a couple of angry-enough coders who don't care too much about "obeying the rules" (like Blue Frog did).
The problem is that spammer
The problem is that spammer is not interested with selling any viagra; he wants to sell his spamming services.
What he provides is "some millions sent e-mail messages", and for this he is payed. How many of this e-mails turns into transactions, is not his business.
It's no wonder that he is protecting his asset - big mailing list. Effectively, he is cheating his customer (spamvertising site selling viagra/rolex). But this is included in costs of spamming services and nobody cares.
So it's naive to expect that spammer will clean his lists only because you'll never buy any goods. He is payed for the count of sent e-mails, no matter of their effect.
The only way for one million spam messages is one million opt-out request on spamvertised site, so that with next bulk e-mail campaign spammer will be expressly asked to not touch Do Not Intrude Registry.
Spammers...
"The problem is that spammer is not interested with selling any viagra; he wants to sell his spamming services."
So the spammer isn't the one who sells the pills. Makes sense...
"The only way for one million spam messages is one million opt-out request on spamvertised site, so that with next bulk e-mail campaign spammer will be expressly asked to not touch Do Not Intrude Registry."
Are we going to stick to Blue Frog's "One spam = one complaint" policy. To me that seems weak...spamvertised sites need to be totally flooded with garbage IMHO. Playing nice won't save anybody's bandwidth, it will only prolong the battle. If a site is totally flooded then "spammer friendly" ISPs will also start thinking twice about their business model, not just the spammers. If a spammer's ISP costs start to rise then he has a double incentive to stop.
Okopipi has to stay on Fred's tracks.
Fred was on the right path, not trespassing limits but also not being weak with the scum of spammers and showing his teeth when needed.
It's not good crossing the line and fall in to illegal tactics.
1 Spam, 1 opt-out request is a proven and lawfull way of getting rid of spammers.
Not more and not less.
Illegal?
"It's not good crossing the line and fall in to illegal tactics."
Can you please show me the law that says flooding a spam site is "illegal"?
No such law esists. Even if it did I have a written invite to go use his web site. I don't recall giving him permission to send me email.
You want to talk "illegal"? How about illegal pills, scams, pushing up the cost of *everybody's* internet usage, DOS attacks on nice people like Blue Frog, shutting down portions of the Internet, etc.
PS: "showing his teeth when needed"? He folded at the first sign of trouble.
18 U.S.C. 1030.
Its called Fraud and Related Activity in Connection with Computers 18 U.S.C. 1030. . It states that impeding a computer network or system's ability to
do its intended function is illegal and punishable up to 10 years in jail or $ 250,000. The US Patriot Act
expanded the government's ability to monitor communications in order to find DoS attackers as a matter
of national security (Section. 814. Deterence and Prevention of Cyberterrorism). It is a law and it is illegal.
Laws
That law never has any effect on the spammers who attack people. Secondly it is not a denial of service to go to, or have an agent go to, a site and fill out a form asking them to stop spamming. If so many people go to a site that it appears as a DOS then that is a flaw in the business model of the spammer and they should make the appropriate changes.
I'm tired of the hand wringing and cowardice. It's what brought down a working solution...Blue Frog. If this project is worried about it then by all means let us donate money and hire a lawyer for his advice. Or find an advisor. Blue Security had a law professor from some California university on its consulting staff I believe.
Anybody have any idea what date this project may lift off the ground?
I don't live in the USA...am I subject to that "law"?
Even is that law would be applicable to Black Frog users:
* The USA, and it's laws, are only a small percentage of the world. I don't live in the USA and neither do many people who might be able to use their internet connections to fight spam (although many of us suspect that at the end of the day the USA is responsible for 99% of all spam).
* That law would only be useful to US citizens who wish to bring a complaint against an attacker. I doubt that any spammers host their servers in the USA so they are unlikely to try to bring a complain under that law.
* Pharmamaster didn't think twice about shutting down a chunk of America's Internet and that law isn't being applied to him.
If laws are a worry to some people than maybe Black Frog should support both cases - "law abiding" and "everybody else".
Anything less will lead to endless debate, wasted time, and hacked/modded versions of Black Frog. The people who'll spend time writing "flood" patches for Black Frog would be better employed improving the original, don't you think?
Flooding is bad mmkay
Flooding a site isn't the way to go. Blue Frog was having an impact with their one opt-out per spam message. If we start flooding sites then Okopipi won't be a legitimate service for long. If the number of opt outs directly reflects the size of the spam campaign then the message is more likely to reach the target that they can stop it by cleaning their lists.
If we start flooding and an advertiser is trying to comply and still sending a few spams to Okopipi members unknowingly then they will be hit hard, even when they are attempting to comply. If they start seeing a decrease in the level of opt-outs as soon as they clean their lists they are more likey to get the message that we will stop if they continue to comply.
I don't know about that, I
I don't know about that, I think that the system should be democratic - each computer counts as 1 vote for each spam they have - actually no, forget that, it would then become a statistic of how effective the spammer was..
1 opt out per email received is not so great, unless this system also takes catch-all into account can does one Opt-Out per CC or BCC at the same domain. I know my domains get 10-20 random names on my domain, so I should be sending 10-20 opt outs as well!
Either that or make it fairly easy to add a plugin which allows multiple opt-out but it is not part of the default installation.
And how do we fight back against spam which does not lead to a website? Say they only have a postal address, phone number or are just spamming stock market FUD.
There should be the possibility of DoS against known open proxy where such mail (without website) is coming from - EVEN IF IT IS NOT THE ADMIN FAULT! its just the ONLY way to fix problems. And each spammed user counts as one vote against a general minimum to start attacking, like ten thousand users got this certain TYPE of spam from this range of mail servers, so let them attack. But not allow spammers to use the system because they can not "fake" so many individual votes.
If we can drive the spam runs down to much smaller amounts then they will become unprofitable.
So there is no choice but to fight hard, totally crush all sources of spam. Become a giant true democracy of voting against whatever the hell seems annoying to the majority. This could extend to Ad URLS, popups and anything really...
--
PharmaMaster is a jerk. Regulation of the internet prevents the majority (angry users) from kicking the arse of the minority (millionaire spammers).
Flooding
"...Okopipi won't be a legitimate service for long."
Who's talking about a "legitimate service"? I thought we were trying to stop spam, not be AOL.
"If we start flooding and an advertiser is trying to comply and still sending a few spams to Okopipi members unknowingly then they will be hit hard..."
The whole point of a p2p network is fast response to changes. He's still sending a few spams, we're still filling in a few forms. He's more than likely changing web sites every few days anyway so he can make a clean start whenever he want to. His choice.
PS: Cry me a river. These are SPAMMERS and we're talking about. People who feel good about shutting down sections of the internet and filling my personal communications with garbage. Am I supposed to care about their feelings?
Which is it?
Well your first comment suggested that a site which sends a few pieces of spam will get hit just as hard as a site that sends a million. You didn't say a few you said...
That is DDoS.
"...a few pieces of spam"
Do you know any sites which send only "a few pieces of spam"?
a site which sends a few pieces of spam will get hit just as hard as a site that sends a million
Not true, because a site which sends only "a few pieces of spam" will have less attackers than a site which sends a million.
That is DDoS.
Yep, but somehow I don't feel bad about doing it to a apammer.
After all, they've been doing it to me for years...and to you too, and to pretty much everybody you and I know.
How much have they actually cost everybody in cold hard cash over the years...?
It's time to stop this problem, dead.
Quote:Yep, but somehow I
After all, they've been doing it to me for years...and to you too, and to pretty much everybody you and I know.
How much have they actually cost everybody in cold hard cash over the years...?
It's time to stop this problem, dead.
You hit the nail on the head: we cannot apply lynch law.
Criminals act illegally, but we can only fight them back using lawfull measures. Otherwise you're breaking the law and are subject to punishment.
And DDoS-ing the site is a crime all over the world, even if it is a spammer site.
Gmail spam filter never
Gmail spam filter never misses for me. I never get spam in my inbox, but I get hundreds in my spam folder and I've never had legetimate mail go to the spam folder. Thunderbird's filters don't work. They miss all the time and get false positives. I quit using thunderbird filters a long time ago.
thunderbird filters and whitelisting.
Thunderbirds filters do too work -- you just have to configure them right if using the filters you created. If you want Thunderbird to automatically filter spam for you, you must use it for a period of time so that it can learn your habits, and read what is spam and what is not.
I configured filters myself in Thunderbird, and I don't get any false positives. 0. None. (I use the address book option, everything is whitelisted)
Hey, gmail's spam filter
Hey, gmail's spam filter work better than creating your own filter.
I used to try creating my own filter in gmail, but gmail's really IS better the more YOU use it. (it adapts to YOU)
Be careful with trusting the
Be careful with trusting the Thunderbird spam filter 100%. I've had a couple false positives over the years. Not many, but enough so that I always scan through my junk folder :) It also seems to be weak with detecting the new spams that are just images.