Giving Your Greytrapping a Helping Hand 109
Peter N. M. Hansteen writes "Some spam houses have invested in real mail servers now, meaning that they are able to get past greylisting and even content filtering. Recently Peter Hansteen found himself resorting to active greytrapping to put some spammers in their place. The article also contains a list of spam houses' snail mail addresses in case you want to tour their sites."
Re:Um, (Score:3, Informative)
Just because you don't see doesn't mean that Google doesn't have to invest a large amount of resources to process spam, in terms of storage, network transfer, and CPU overhead.
Re:Um, (Score:2, Informative)
I wouldn't say that spam is a problem for the savy and those behind a properly configured server. But as a system admin for several area businesses, they would find themselves swimming in spam without proper filtering. Thankfully Spamassassin coupled with Vipul's Razor gives results comparable to Gmail's spam filter.
Re:Couldn't you just blacklist those servers? (Score:3, Informative)
Re:Dynamic Dolphin?? (Score:3, Informative)
Grey-trapping (Score:5, Informative)
I was not clear on the definition of grey-trapping. It is the process of providing decoy e-mail addresses that are discoverable by harvesters but not by ordinary humans. When mail arrives at the destination of a decoy, the sender IP address is then added to the spam filter of the receiver.
Basically sort of a honey pot approach.
So you might ask why can't ISPS do this at the ISP level rather than the user level? Make it opt-in, white-listable, etc..
The problem is what happens when some reputable sender get's on the list.
FOr example, Joe Spammer takes his address list and does a sing-up operation to Yahoo for all the addresses. Now the Yahoo registration server then does not automatically enroll them but still it sends an e-mail to every one of the e-mail addresses. some of which are the decoys.
so Yahoo gets grey-listed by the ISP.
I would think this attack would also foul up every grey-list in existance as well. So I don't actually understand how grey-listing works.
Re:Um, (Score:2, Informative)
There 0.75 spam/day emails are detected by my MUA's spam filter, meaning I tend to never have a spam email in my inbox!
You can find good/reliable VPS'es from $10/mo. that'll allow you to:
I rather pay for my own VPS than pay Google for a freaking email account and/or their App Engine.
Yawn. Antispam is a commodity purchase now. (Score:5, Informative)
At one time I invested a few weeks time into building a heuristic antispam filter. One of the principles I used was very similar to this (there were many others).
I came to the conclusion pretty quickly that in the game of anti-spam, the larger the email pool you have, the more efficient your heuristic tools can be. Once I proved that to myself, I went looking for who was doing the best job using the techniques I decided worked best, and routed my mail through them.
Its cheap, effective, and gets the spam off my network bandwidth. Even if you do a perfect job yourself, you're still paying for the traffic. That's a waste by itself.
If you're so worried about privacy, get yourself an appliance that uses the same principles as the services (like postini, etc.). Either way, antispam is no longer a business for the individual.
Re:Um, (Score:4, Informative)
I rather pay for my own VPS than pay Google for a freaking email account and/or their App Engine.
Except google apps "Standard edition" is free [google.com]. And it's pretty much all you'd need unless you're a largish business. Pretty much the only difference is you get a mere 5GB (of which I'm using something like 200MB) instead of 25GB per mailbox, a limit of something like 50 users, and you don't get their mobile access and migration tools. You get SMTP/IMAP/POP and the best webmail interface there is :)
Re:Yawn. Antispam is a commodity purchase now. (Score:4, Informative)
Seconded. My email addresses tend to be old, public, and static. This means they get a ton of spam. It's not worth the time and effort of handling anti-spam in-house when Postini can do an equivalent or better job at a reasonable price.
Switching to Postini also freed up a ton of RAM and CPU on our hosted servers.
Re:Couldn't you just blacklist those servers? (Score:4, Informative)
If you rent servers to people that spam me, then you lose the ability to email me until I here you've sorted your act out.
It's that simple. And it has to be.
Re:Give your COCK-AND-BALLS a "hand" (Score:4, Informative)
You are able to do all sorts of wacky things with moderation effects. Just make all moderation other than off-topic have no effect on rating, and browse at 0. Presto chango, "-1, off-topic" goes away and everything else gets to stay.
Stats (Score:4, Informative)
For every single message you are getting, google is probably filtering out at least a hundred.
My own mail servers, tiny in comparison, get about a connection every second. 98% of those connections are rejected out of hand (bad HELO, fucked reverse DNS, residential IP address, bullshit brute-forced email address, etc) and of that remaining 2%, half is legitimate email. Which means for every hundred connections, one is legitimate. So 1% of all our mail traffic as legitimate. 1%.
In other words, you have no clue at all how fucking bad spam is. It is bad. Really bad.
Re:Thats fine with me (Score:4, Informative)
"Cause I'll just email your manager and the sales guy who didn't get my customers email and hopefully you'll be fired."
I'll be fired because I blocked email from an IP address in your range that's set up to fire spam at people?
No, I don't think so, in fact I can advise the sales guys and management that anything coming from that IP address is likely to be fraudulent anyway. Check who you rent servers to, and check their activity, or lose the ability for that IP address to mail my servers until I'm happy you've got your act together. The end.
Re:Couldn't you just blacklist those servers? (Score:2, Informative)