"Stan" == Stan Ryckman <stanr(_at_)sunspot(_dot_)tiac(_dot_)net> writes:
Stan> Debra Walker wrote:
>>
>> Now, I would like to use procmail to trash (kill) and/or
>> autobounce unsolicited email. I have gotten three of these
>> types of messages this week, two of them apparently from
>> Interramp and one from either internet.com and/or gnn.com.
[snip]
Stan> According to what I read in news.admin.net-abuse.misc,
Stan> interramp is a known problem site.
So? You'll see posts about AOL, Netcom, and so on as well. At one
time, Netcom was for several months a haven to the "Green Card
Lawyers" aka the first to spam (and maybe to Serdar Argic as well).
AOL's current abuse coordinator used to respond to complaints with "we
take our users' privacy seriously here at AOL." In the several years
since that time, both have seen the light, and based on the responses
I've seen from them, they now work very hard at dealing with abusive
users.
In the recent past I have had correspondence with the postmasters of
both Netcom and Interramp. They were responsive to the problem. This
time, I got the same mailing that Debra did (I suspect), from an
Interramp account via a Netcom PPP address; my mail to Interramp
bounced---I suspect that everybody who got the spam responded and
Interramp crashed. If so, I imagine Interramp will convert to the
true religion quickly.... Netcom responded promptly and courteously.
The moral is that any small fast-growing ISP is going to be open to
this kind of abuse. Only when they get big enough to seriously
threaten lawsuits over violations of the AUP will they be able to
credibly act like Big Brother. (Even then, it's hard to scare the
likes of the Green Card Lawyers.) I don't know that I like Big
Brother any better than I like spam. YMMV, of course.
>> According to all of the information that I have gathered, this
>> seems to be a common example of a recipe (?) to use:
>>
>> :1 ^From.*interramp.com /dev/nul
Stan> More likely, :0 ^From.*interramp.com /dev/null
This is a more or less reasonable response. Unfortunately for me, I
have had direct correspondence with real users at every single one of
the sites mentioned in otmar's recipe. Poor me! I can't get out that
way....
Stan> But if you want something more sophisticated, the following
Stan> (untested by me, but I may try it) was posted to
Stan> news.admin.net-abuse.misc.
[snip]
otmar's recipe isn't really "more sophisticated," just more verbose,
and it has real problems:
(1) If *everybody* uses "hotzenplotz" as the key word, spammers
will learn to add that as quickly as they learned to add
"Approved:" headers to Usenet posts to moderated newsgroups. On
the other hand, if everybody uses a different word, we'll have to
keep databases of our correspondents. Might as well go to full
PGP.... I don't think my mother is up to that! But the spammers
will be passing around the databases, just as I suspect that the
recent Interramp spammers bought their mailing list from the AOL
spammers of last month.
(2) If everybody on procmail (eg---procmail's mailer does not add
a FROM_DAEMON header) uses that recipe, any unfortunate user of a
system on the s--t-list who mails to procmail will get mailbombed
in return. Postmasters of large systems sign up for that (how
many mails do you think the postmasters of Interramp and Netcom
got for that spam?); they get paid to handle it, and IMO they do
it well. But the ordinary users, who haven't read
news.admin.net-abuse.misc yet? Uh-uh, not in my book.
Now, if you can come up with a spam-sniffer recipe/program that
identifies spam with less than say 10% false positives, *and* you
don't use the same program that everybody else does ('cause if you do,
the 10% false positives will get buried by angry responses if the
looks-like-but-isn't-spam goes to a mailing list), go ahead. If not,
leave damage control to the pros, like Jonathan Kamens and the
Cancel-Moose[tm]. Just junk the suspect mails, don't respond in kind.
IMHO, any automated response with more than a very small percentage of
false positives makes you part of the problem.
Oh, by the way, it just occurred to me that anybody who posts an
autobounce recipe tuned to reject whole sites may be liable for
damages under "denial-of-service." Probably not, but Canker and
Slime, Attys, would take the case, so I'd watch it, bubba....
What do I recommend? Well, it may not be optimal for you if your
storage is extremely limited, or you pay a lot for download time. But
I just dump mail not attached to a known address or my local domain
and lacking certain keywords related to my public activities in the
subject to a junk-mail file, and read it twice a week. If I can't
identify spam in one screenful and under ten seconds, then it's not
spam, it's art :-) Two minutes a week max, and that file rarely gets
over 10kB. Even so, it's 80% stuff I want to see. (Which kills the
limited storage and download costs arguments, for my case, even if I
had such restrictions.)
The important thing is that I'm primed for spam; it doesn't take me by
surprise. I find that's the most important thing; I don't waste
emotional energy on anger and frustration. I suspect that what otmar
likes best about his recipe is the "GET LOST" line---or maybe the "get
another provider" line.... I've had a lot less need for that kind of
satisfaction recently. Spending an extra 30 seconds twice a week to
delete a spam is much less wasteful than spending 30 minutes writing
to postmasters and thinking about implementing a firewall....
--
Stephen John Turnbull
University of Tsukuba Yaseppochi-Gumi
Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp/
Tennodai 1-1-1, Tsukuba, 305 JAPAN
turnbull(_at_)sk(_dot_)tsukuba(_dot_)ac(_dot_)jp