procmail
[Top] [All Lists]

ANNOUNCE: pointer to anti-UBE sites (resources to fight spam)

1998-04-23 21:32:28
Archive-name:           mail/anti-ube-pointer
URL:                    ftp://cs.uta.fi/pub/ssjaaa/pm-tips.html
Maintainer:             Jari Aalto <jari(_dot_)aalto(_at_)poboxes(_dot_)com>

Announcement: "Anti-UBE pointers"

        This is an excerpt from a bigger document. There is only one
        software pointer in this announcement: `rblcheck' which has
        proven to be very efficient, fast and system load friendly
        for ISPs that filter mail at MTA level. See at the end of
        this message. Other Spam tools like "SpamGuard, Spam Be Gone"
        are listed in the full document.

        You can also order the text version from file server with,
        but note that the size of the file is big (over 450K)

            To: <jari(_dot_)aalto(_at_)poboxes(_dot_)com>
            Subject: send pm-tips.txt       (try also "send help")

2.0 UBE in Internet (Unsolicited Bulk Email)

[...zap...]

    2.5 Is one or two UBE messages acceptable

          Ray Everett-Church <ray(_at_)everett(_dot_)org>, Attorney/Online 
Consultant
          Co-Founder & Congressional Liaison <http://www.everett.org>
          Coalition Against Unsolicited Commercial Email; article 1997-12
          in remailer politics mailing list

        In developing what eventually became the Smith Bill, CAUCE
        discussed this rather extensively among our drafting committee. The
        bill gives a cause of action againts the advertiser, not any of the
        pathways taken between you and them. This is consistent with the
        interpretation of the fax law (and many other laws for that matter)
        wherein the advertiser -- not the advertiser's agent -- is
        responsible for the act committed.

        As for the single UCE versus bulk issue, the general concensus has
        been that while a single piece of spam does not do much damage, it
        is fundamentally no less a cost shift than 10 identical messages,
        or 100, or 1000, or a million. The only difference is that the
        costs being shifted are greater and greater. We discussed many cut
        off points... would 50 spams be acceptable? 25? 10? One really well
        crafted, hand written, heartfelt and personalized spam be
        permissable? And in the end we felt like we were discussion angels
        on the heads of pins.

        While virtually nobody's system will crash because of one piece of
        spam (although George Nemeyer had trouble with three or four pieces
        as I recall), what is the ultimate difference if you only get one
        piece from each of 15 different advertisers a day? If one spam is
        ok, but two are bad, what is the interval... a day, a week?
        Enforcement depends on knowing when the threshold is crossed.

        So here's a scenario: you receive three spams from what is,
        unbeknownst to you, the same person (one advertising weightloss
        pills from WeightLoss Associates at PO Box 1, one for an MLM from
        MLM Company at PO Box 2, and Bee Pollen from Pollen Partnership at
        PO Box 3). Each were individually crafted and appeared to be mailed
        only to you.

        Under the scenario above, if the law permits one spam, will you
        sue?

        Would you risk suing one or all of them, gambling that they sent
        the spam to anyone other than you (or whatever the threshold is...
        10, 25, 50)? Would you risk suing one or all of them on the chance
        that they were somehow related? What if there was a chance that
        you'd find out that the three companies were really different? What
        if you did sue and found that they were owned by the same person,
        but were legally organized seperate entities and were therefore
        each entitled to one spam a piece?

        In short... if one spam is permitted, it could make enforcement
        incredibly cumbersome, difficult and unlikely, and would present
        spammers with many reasons to violate the law knowing the odds of a
        suit and successful enforcement are greatly reduced. While bulk
        spam is really bad on many levels, whether it's parsed out in very
        small volumes makes little or no difference to the ultimate
        recipients as far as the diminished utility, cost, and annoyance.

        We need a clear, bright line. And the Smith Bill is that.

3.0 Anti-UBE pointers

    3.1 NoCEM, CAUCE and others

       "NoCEM"
        http://www.cm.org/

       "Dougal's NoCeM-E"
        http://advicom.net/~dougal/antispam/
        ... Dougal is sysadm for an ISP. His page has wealth of information
        about Anti-SPAM Tools. You also find his mailing list for NoCeM-E.

       "The Coalition Against Unsolicited Commercial Email (CAUCE)"
        http://www.cauce.org/faq.html
        ...The Problem: Unsolicited commercial email, more commonly known as
        "spam", is a growing problem on the Internet. If you've used the
        Internet for any length of time, you've probably received
        solicitations via email to purchase products or services.

        A Solution: A group of Internet users who are fed up with spam have
        formed a coalition whose purpose is to amend 47 USC 227, the
        section of U.S. law that bans "junk faxing", so that it will cover
        electronic mail as well.

       "Teergrubing against Spam"
        http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html
        ...`Teergrubing' It's German and means Tar-Pit. Once you have been
        stuck you can't get out. ...slow down internet connections in order
        to stop UBE abuse. Several hundred teergrubes are able to block
        spamming worldwide without blocking any e-mail. How do I start: If
        you are the admin of a MX host, install a teergrube.

       "Lot of good articles about spam"
        http://www.sun.com/sunworldonline/swol-12-1997/swol-12-spam.html

       "(anti-spam Law) US Representative Chris Smith's statement on junk 
e-mail"
        http://www.sun.com/sunworldonline/swol-08-1997/swol-08-junkemail.html
        ...considerable variation in the approaches at the federal level,
        and state legislation varies widely as well. Professor David Sorkin
        of John Marshall Law School, who summarized and provided links to
        the major spam-related lawsuits noted above, also provides status
        summaries and links to state and federal legislation

        ...State of Washington just passed an anti-spambill
        
http://www.leg.wa.gov/cgi-bin/print_hit_bold.pl/pub/billinfo/house/2750-2774/2752-s_pl_030798?unsolicited

       "Select email court cases -- Lots of them"
        http://www.jmls.edu/cyber/cases/spam.html
        America Online, Inc. v. Cyber Promotions, Inc.,
        Compuserve Inc. v. Cyber Promotions, Inc., etc.

    3.2 General Filtering pages (more than procmail)

       "Nancy McGough's Mail Filtering FAQ"
        http://ssil.uoregon.edu/~trenton/autopage/page7547.html
        http://www.ii.com/internet/faqs/launchers/mail/filtering-faq/

       "Information Filtering Resources"
        http://www.ee.umd.edu/medlab/filter/ Doug Oard 
<oard(_at_)glue(_dot_)umd(_dot_)edu>
        ...This page lists all known internet-accessible information
        filtering resources.

    3.3 Junk email and spam

       "Spam FAQ"
        ftp://rtfm.mit.edu/pub/usenet/alt.spam/
        http://www.cs.ruu.nl/wais/html/na-dir/net-abuse-faq/spam-faq.html

       "The email abuse FAQ"
        http://members.aol.com/emailfaq/emailfaq.html
        What is UBE, UCE, EMP, MMF, MLM, Spam, it is all explained here.

       "Against Spam -- The garbage collecting."
        http://www.spam-archive.org/
        To support this archive please forward email spam to
        <spam-list(_at_)toby(_dot_)han(_dot_)de>. Everybody is invited to 
bounce Mail-Spam
        he/she has got to this list. This is a mailinglist to distribute
        actual spam-eMail. All incoming mail will be checked by subject and
        from/sender-address wether it has already been distributed or not.
        No discussions in this list. To discuss about this list please
        subscribe to <spam-list-d(_at_)hiss(_dot_)org>.

        To subscribe to _blacklist-update_  mailing list
        TO:   <Majordomo(_at_)hiss(_dot_)han(_dot_)de>
        BODY: subscribe blacklist-update you(_at_)somewhere(_dot_)com
        Mail <postmaster(_at_)spam-archive(_dot_)org> to discuss about 
blacklist if
        your name is on it. (maintained by Axel Zinser 
<fifi(_at_)sis(_dot_)han(_dot_)de>)
        Get the updated blacklist from
        ftp://ftp.spam-archive.org/spam/blacklist/

       "Doug Muth Page"
        http://bounce.to/dmuth
        ... "The SPAM-L FAQ" - A FAQ for SPAM-L, an anti-spam mailing list.
        This FAQ discusses how to join the list and what to post there, AND
        it also delves into the technical aspects of spam. For instance,
        the various kinds of forgeries seen in spams are discussed here,
        along with information on how to recognise them. If you hate spam,
        this is something worth checking out... "TheGoodsites List" - I
        maintain this list, which is part of the Spam Boycott, to show
        which Internet providers out there act responsibly when dealing
        with spam. If you're looking for an ISP and want to know where they
        stand on spam, this is the list for you.

        Send an email message to 
<LISTSERV(_at_)peach(_dot_)ease(_dot_)lsoft(_dot_)com>
        with the words "subscribe SPAM-L <First name> <Last name>" in the
        body of the message (no quotes). f you would like to contact the
        owner, the convention is the same as with all LISTSERV lists. Just
        send e-mail to 
<spam-l-request(_at_)peach(_dot_)ease(_dot_)lsoft(_dot_)com>

       "Dealing with Junk Email"
        ...What you should do (and not do) when you have been victimized by
        a junk emailer. This document teaches you how to read headers in
        order to trace the origin of junk email, and includes detailed
        examples to show you how it is done. Headers are designed for
        computers to read, not people, so they can be a little hard to
        follow. Therefore, I hereby grant permission to print or
        electronically save a copy of this page on your local machine for
        your personal use while tracing junk email. Please check back for
        updates and corrections, though.

        o   What Not To Do: Stuff that doesn't work
        o   What to do: effective techniques, including how to trace junk
            email back to its source
        o   Stay Calm (take a deep breath...)
        o   Stay Mad (don't get discouraged)
        o   How to identify the sender and who gives them Internet access
        o   Who to complain to, abuse addresses, online services
        o   What to say and how to say it, effective complaining

        http://www.mcs.com/~jcr/junkemaildeal.html

       "How to fight back."
        http://www.oeonline.com/~edog/spamstop.html

        .   Look at the header of the advertising message. Find the
            "Message-ID" line. (You might have to tell your e-mail program to
            display this.)
        .   The words after the @ sign are the sender's real--not
            faked--Internet Service Provider, or ISP. (Spammers often try to
            disguise their address, but the Message-ID is a good clue.)
        .   Write a complaint to the postmaster of that ISP, similar to the
            one below. (If the ISP is junkmail.com, then let
            postmaster(_at_)junkmail(_dot_)com hear from you.)

       "Practical Tools to Boycott Spam"
        ...We have been actively engaged in fighting spam for years. Recent
        events, including pending court battles, prompt us to present this
        page to the public. Fight spam to keep the Internet useful for
        everyone. We have been actively engaged in fighting spam for
        years. Recent events, including pending court battles, prompt us
        to present this page to the public

        o   Filtering mail to your personal account
        o   Blocking spam email for an entire site
        o   Blocking Usenet spam for an entire site
        o   Blocking IP connectivity from spam sites
        o   Other tools and techniques for limiting spam
        o   Sample Acceptable Use Policy statements for ISPs

        http://spam.abuse.net/spam/

       "Spam -- stop that!"
        http://www.accessnt.com.au/faqs/spam.htm
        http://com.primenet.com/spamking/buyerbeware.html

       "The Campaign to stop junk email web site"
        http://www.mcs.com/~jcr/junkmail.html
        ...we will attempt to teach victims and potential victims (that's
        everyone with an email address) the most effective methods of
        prevention and retribution.

       "news.admin.net-abuse.* Homepage"
        http://www.math.uiuc.edu/~tskirvin/home/nana/

       "The automated spamhandler beta information heap."
        http://www.halcyon.com/natew/

       "Ian Leicht"
        http://www.nags.org/spamfilter.html

        http://www.junkbusters.com/
        http://www.well.com/~jbremson/spam

       "Anti-Spam Provisions in Sendmail 8.8"
        URL: http://www.sendmail.org/antispam.html

        o   Preventing relaying through your SMTP port
        o   Refuse mail from selected hosts
        o   Restrict mail acceptance from certain users to avoid mailbombing

       "Blocking Email"
        http://www.nepean.uws.edu.au/users/david/pe/blockmail.html

        o   Do you or your users, receive "junk email" (aka., "spam")
        o   Do you have Sendmail R8.8.5 running at your site?
        o   Would you like to block known "junk email" senders' addresses?

        Now you can - and there's no need to patch any source code, either.
        Take advantage of Sendmail's check_mail rule, to see if the
        sender's address is a member of a nominated "class" - drawn from
        the contents of the named file. Additional information and links:

        o   Prospective Addresses/Domains to Block
        o   Limiting Unsolicited Commercial Email
        o   EFF "Net Abuse and Spamming" Archive
        o   [U.S.] Court Lets AOL Block Email
        o   Anti-Spam HOWTO
        o   Net Abuse FAQ
        o   Figuring out Fake Email & Posts
        o   Fight Unwanted Email
        o   Unsolicited Junk Email - Bad for Business
        o   Fight Unsolicited Email and Mailing
        o   Yahoo's Junk Email Resources
        o   jmfilter
        o   Complaints Addresses at U.S. ISPs
        o   news.admin.net-abuse.* Homepage
        o   Processing Mail With ProcMail
        o   Panix's rc.shared ProcMail Configuration
        o   ProcMail Workshop
        o   Email Self Defence
        o   The SPAM-L mailing list


       "How to chase Usenet spammer."
        http://super.zippo.com/~sputum/sputools.htm

    Comprehensive list of spammers

        [Lars Kellogg-Stedman <lars(_at_)bu(_dot_)edu> 1998-03-25 PM-L] Panix
        maintains an excellent spam-catching recipe at:

            http://www.panix.com/rc.shared

        I take this and run it through perl to produce my own local
        spam-handling recipes. Aol publishes their 'preferred mail' list,
        which is easy to turn into a procmail filter. You can find that at:

            http://www.idot.aol.com/preferredmail

        And finally, there is another set of filters based on the panix
        filter at:

            http://alcor.concordia.ca/topics/email/auto/procmail/spam/tag.html

[...zap...]

    3.9 Software: RBL lookup tool

         4 Dec 1997 4 Dec 1997, Edward S. Marshall 
<emarshal(_at_)logic(_dot_)net> in
         prcomail mailing list.

          rblcheck is a lightweight C program for doing checks against Paul
          Vixie's Blackhole List. It works well in conjunction with
          Procmail for filtering unwanted bulk email (under QMail, for
          example, you can invoke it with the value of the environment
          variable TCPREMOTEIP). rblcheck is extremely simple:

            % rblcheck 1.2.3.4

          where 1.2.3.4 is the IP address you want to check.

        This is a quick note to announce the availability of a new tool for
        using Paul Vixie's RBL blacklist (see http://maps.vix.com/rbl/ for
        more information about the blacklist itself, if you don't already
        know). Most tools which use the blacklist block email on a
        site-wide basis. For many networks, this treads on both the ideals
        of the administration, and on the perceived freedoms of the end
        user.

        Personally, I don't care either way. :-)

        This tool was to fill the need I had to reject mail personally,
        since one of the systems I receive mail through cannot, for various
        political reasons, implement the available RBL filters on a
        site-wide basis.

        "rblcheck" is a simple tool meant to be used from procmail and
        other personal filtering systems under UNIX in the absense of a
        site-wide filter, as an alternative to imposing site-wide
        restrictions, or as a means of imposing restrictions on systems
        that cannot support the existing RBL filter patches.

        Simply put: you hand it an IP address, and it determines if the IP
        is in the RBL filter, providing the caller with a positive or
        negative response. With the package, a sample procmail recipe is
        provided, and examples of using it under QMail and Sendmail are
        given.

        .http://maps.vix.com/rbl/
        .http://www.isc.org/bind.html            The official home page
        .http://www.xnet.com/~emarshal/rblcheck/

        It is only tested under Linux 2.x and Solaris 2.5.1. Success
        stories, patches, questions, suggestions, and flames can be
        directed to me at "emarshal(_at_)logic(_dot_)net".

        [Aaron Schrab <aaron+procmail(_at_)schrab(_dot_)com>] Here is my rbl
        setup, but, this depends both upon the format of the Received:
        lines, and the way that mail passes through your mail system.

        I currently grab the IP address from the first Received: header
        inserted by my ISP (I'm a sysadmin at the ISP, so I have a good
        knowledge of how mail gets passed around internally). Here's the
        recipe that I use.

            # if there's a Received: header from one of these servers, it's
            # (probably) the right one

            BACKUPSERVER    = "([yz]\.mx\.execpc\.com)"
            VIRTSERVER      = "(vm[0-9]+\.mx\.execpc\.com)"
            LOCALSERVER     = "([abc]\.mx\.execpc\.com)"

            # Match a header containing:
            #   Received: <anything> [<ip address>]) by <local server>
            :0
            * $ 9876543210^0 ^Received:.*\[\/[0-9.]+\]\)$s+by$s+${BACKUPSERVER}
            * $ 9876543210^0 ^Received:.*\[\/[0-9.]+\]\)$s+by$s+${VIRTSERVER}
            * $ 9876543210^0 ^Received:.*\[\/[0-9.]+\]\)$s+by$s+${LOCALSERVER}
            {
              IP = $MATCH
              # trim it down to just the IP address
              #
              :0
              * IP ?? ^^\/[0-9.]+
              {
                IP = $MATCH

                :0 W
                * ! ? /home/aarons/bin/rblcheck -q $IP
                { SPAM = "$SPAM $IP is rbl'd$NL" }
              }
            }

          It seems to be a procmail issue with letting the IP info
          from sendmail pass through to the rblcheck program. I have not
          been able to find anyone using rblcheck successfully with
          procmail as a delivery agent...

        [Edward S. Marshall <emarshal(_at_)logic(_dot_)net> 1998-03-26 PM-L] 
This is a
        standard problem; you should be able to change the invocation of
        procmail the same way as the example (run env, which in turn runs
        procmail). Make sure that there is a '-p' argument passed to
        procmail; this preserves the environment you're constructing with
        env (newer sendmail revisions sanitize the environment for you, so
        that's not really an issue).

        If you're still having troubles, make sure you're using the latest
        incarnation of rblcheck, with the latest supplied procmail recipe;
        earlier revisions had rather insidious bugs.

        [Xavier Beaudouin (kiwi) <kiwi(_at_)oav(_dot_)net> 1998-03-26 PM-L] 
Also it
        seems that sendmail 8.9.0Beta3 have builtins rules for
        rbl.maps.vix.com. This is somewhat really efficient. I use it with
        sendmail 8.8.8 and tcpwrapper every days and there is about 80%
        spam rejected. Sounds very good. In your /etc/hosts.allow just add
        the following lines :

            sendmail: ALL: spawn /usr/local/bin/rblcheck -q %a && \
                        exec /usr/sbin/sendmail -bs || /bin/echo \\
                    "469 Connection refused. You are in my Black List 
!!!\r\b\r\n"
            && \
                        (safe_finger -l @%h 2>&1 | /bin/mail -s "%d-%h %u" root)

        In your /etc/inetd.conf just add this line :

            smtp stream tcp nowait root  /usr/sbin/tcpd  /usr/sbin/sendmail  -bs

        And check that your sendmail is _not_ working as a daemon. That's
        all Also if you have huge queue you can add a /usr/sbin/sendmail -q
        in the root crontab... This should help to send some waiting
        messages. It think we can use this to wait for official 8.9.0
        sendmail since there is some cf/feature/rbl.m4 there.