Update (December 30, 2001):
With the holiday season largely finished, most of our test addresses have experienced spam increases of three (3) to ten (10) times compared to the 2000 Holiday period. The bulk of the increase was from the Ralsky spamgang and unsolicited porno spams. Our private mailbox is now protected using ProcMail and SpamBouncer, so there is a 99.3% decrease in spam, though spammers are trying many tricks to get past the filters. The more successful one is to use a throwaway account (HotMail, PacoimaRanch.ZZN.COM and similar), with a blank body and the spam is actually in a .txt or .doc attachment. The filters ignore the attachment and pass the spam as if it were a legitimate message. We're hoping the filter recipe geniuses at SpamBouncer figure out a way to spot this new and troubling practice.
Prior to using the filters, a typical day had ten (10) to one-hundred (100) spams. This is now down to one or two per week. This is an acceptable level of annoyance, though no spam would be even better.
Update (December 5, 2001):
An amazingly uncluttered inbox!!! True success!!! The recent installation of ProcMail and SpamBouncer have reduced our Pacoima Ranch Offices daily dose of spam from dozens that get past our ordinary E.Mail program filters to a single spam every few days - a drop of nearly 100%. Very little real mail gets lost, and that which does comes from many of the truly spamhausen ISP's (ATTCanada.CA; ATT.COM; Genuity.COM; Shaw.CA; Broadwing.NET; Verio.COM; Aitcom.COM; all Chinese, Korean, Russian and Japanese open relay servers; and similar). As each message sent to /dev/null/ receives a courtesy bounce copy telling them how to bypass the filters (a special password is mailed to them), the only problem noticed is that most surfers are reluctant to use the password, or lack the ability to read and follow instructions.
We initially thought that all bounced messages involved people reluctant to use the password until we noticed that many people were partially using the password, but sending the new message to another address. Because the password is easily changed, career spammers cannot simply make a note of it and then spam flood your inbox. If the resent message with password is from someone who needs continuing access to you, you add them into a special nobounce list. All further correspondence with them bypasses all filters and goes directly to your inbox. This is very similar to the whitelists and greenlists used by most E.Mail services and software.
While not for everyone, our initial experiment will now become a permanent part of our root environment. For those reluctant to lose any mail, there are lighter setting possible in SpamBouncer than the ones we used as part of our experiment. Our setting used the Spews.ORG blacklist at full strength. The Blockmail folder (highly suspicious) and the Spammail folder (known spam sources, known spam subjects, etc.) were set to go directly to /dev/null/. To /dev/null/ an incoming file means the server instantly destroys the message. You never see it, never have to download it, and are only aware it even existed when you check your logs. The message sent to /dev/null/ uses very few resources and occupies no space on your server. We like that.
Original story (November 3, 2001):
With the economy cooling on a global scale, unemployment rising in the United States and the recent bioterrorist threats via regular mail, all surfers should brace for a spam onslaught, if they haven't already noticed the increase in spam. Many people are reporting increases of nearly 100% in the amount of Unsolicited Commercial E.Mail (UCE) and Unsolicited Bulk E.Mail (UBE) that they receive. UCE and UBE are both commonly called spam. Some very unlucky surfers have reported exponential growth in the spam they receive. There's a very simple reason for this.
Though illegal (and yes it is, spamming always involves an unsolicited use of a server that costs either the server or the recipient for the transmission of the spam), spamming is highly lucrative. The response rate is very low, but there is a response rate. All the spammer is out is a dialup account and maybe a domain. These get closed usually on detection, though the recent rise of "bullet-proof hosting" has made even this not a sure thing. The software (ratware is spam software) is fairly cheap. Spam ratware usually runs under $200. Even if only fifty to one-hundred people respond, chances are the spammer will recoup his investment and show a profit. That this is illegal rarely bothers spammers, most are criminals to begin with.
Why the recent rise and how does it relate to world trends? As unemployment and economic downturns grow, there are more people looking for ways to quickly earn money, or even to start a new career. Some of them will turn to spamming to earn money, thereby increasing the amount of spam, just as is now happening. Also, due to the recent fear of many North Americans about touching and handling regular paper mail, E.Mail now seems an almost safe alternative. It is, but spammers will undoubtedly use this as a further excuse to illegally send UCE and UBE. It should be noted that most UCE and UBE is for fraudulent products, most of which are never received after payment.
So how does one protect oneself against this onslaught of their inboxes? Hopefully your ISP already uses filtering services. There are many of them out their, and they really do work. For the spam that makes it in, their are online services like SpamCop to allow you to complain about spam received. Be sure to read the rules about how to use the service, then sign up if needed. The SpamCop service comes in two flavors (free and modestly priced). This E.Zine has used the free flavor for over a year, and has had a dramatic decline in many types of spam. We still get a lot of the qet-rich-quick schemes, but get almost no porno spam. This is on a public address that's been on the 'Net for over five years, so it is possible to control your inbox if you are agressive about it.
Another alternative available to people with their own servers or to surfers with "root" or "home" privileges on their ISP's servers is to install ProcMail and use the SpamBouncer filters. This E.Zine currently uses ProcMail to filter webbugs and E.Mail virii and it does a nearly perfect job at it. As a rule, if your "root" or "home" directory contains a .procmailrc document, you can use the SpamBouncer filters. Check with your server adminstrators about how you should be installing modified .procmailrc documents, though the installation notes at the SpamBouncer site should suffice for experienced webmasters. Most Linux servers come preinstalled with ProcMail. SpamBouncer has many Forums on the 'Net to help neophytes with installing and configuring it. Some ISP's even have a public installation of SpamBouncer and all you need to do is make a minor addition to your .procmailrc document to envoke the SpamBouncer filters. Here at the News Letter we plan to shortly install SpamBouncer as most of our spam comes from either the Ralsky spamgang or from malfunctioning Chinese and Korean servers. ProcMail with SpamBouncer filters lets you effortlessly bounce these types of spam.
Best of luck, and remember, there's nothing like the smell of burnt spam in the morning!!!
|
|
