Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Spam Books Media Book Reviews

Review:Stopping Spam 51

Posted by Hemos from the stop-it-right-now dept.
I've put the proverbial pen to paper and taken a look at Alan Schwartz and Simson Garfinkel's book Stopping Spam, the (of course) pig book from our friends at O'Rielly. Short, and to the point, this is a good book for those who want to stop some of that spam that seems to flow through. At least I don't get anything from Bull's Eye anymore. (grin)
Stopping Spam
author Alan Schwartz & Simson Garfinkel
pages
publisher O'Reilly & Associates
rating 8.5
reviewer hemos
ISBN
summary Quick & dirty ways to stop spam.

The Scenario

Schwartz and Garfinkel (of HotWired fame) have got together to write a book basically high-lighting ways to stop spam, why spam needs to be stopped, implications of spam for the Internet, and what you can do. Well writte, they also rely on some of their experiences with it, which adds a personal touch to things. The book also talks about some of the history of spam-Spam King, what people are doing, and how Spam works. The book itself is relatively short, but packs good information into it.

What's Bad?

I would preferred something longer. The book itself does a good job of covering the basics of stopping spam, but something that's more definitive for the sysamdins in the crowd would have been appreciated. This is truly a nutshell review of things-it doesn't go into a huge amount of detail, but provides more of a general overview.

What's Good?

The book does a good job of covering how spam works, and how to stop spam. Some of the advice is basic-things like avoiding putting your e-mail address on web pages. It also talks about spoofing in newsgroups, how cancel messages work, why they work. To people who like context, the history and comments they give are well recieved, and well written. I particularly enjoyed some of the history of UDPs. Filters are covered, in a variety of different e-mail programs, which is useful for many people.

So What's In It For Me?

Basically, if you are looking to slow/stop spam this is good. It's a good introduction for moderators of newgroups, small-time syadmins and such. I wouldn't say that this book is the definitive source, but for 80% of us, this book will more then do the job. Things like filtering mail and Usenet, safeguarding addresses, and also spam stopping for administrators. That's good stuff.

Buy this over here.

Table of Contents

  1. Preface
  2. What's Spam and What's the Problem?
    • Slapped in the Face
    • What's Wrong with Spam
    • A Taxonomy of Spam
  3. The History of Spam
    • Prehistory
    • Early Bulk Email
    • Usenet and the Spam Cancelers
    • In Their Own Words
  4. Spamming Today
    • The Players
    • The Technology
    • Spamming in the Future
  5. Internet Basics
    • Addresses
    • Protocols
    • Email
    • Usenet News
    • Instant Messages
  6. A User's Guide to Email Spam
    • Safeguarding your email Address
    • Filtering Junk Mail
    • Responding to Junk Mail
  7. A User's Guide to Usenet Spam
    • Filtering News
    • Responding to Spam
  8. Spam Stopping for Administrators and ISPS
    • Policy Choice
    • Blocking Incoming Spam
    • Stopping Outgoing Spam
  9. Community Action
    • Sharing Information
    • Group Action
    • Legal and Legislative Action
    • Informing the Public
  10. A: Tools and Information
  11. B: Cyber Promotions Timeline
  12. Index
This discussion has been archived. No new comments can be posted.

Review:Stopping Spam More

Review:Stopping Spam

Comments Filter:

  • Where can I buy a proverbial pen? (Score:1)

    by Anonymous Coward
    All they sell around here are the ink kind.

  • Or... (Score:1)

    by Anonymous Coward
    ... you could just fake a bounced message back to them.

    I just need a scriptable mail client (or a mail client in which I can say "send this message to this script, and read the output into a new message"). I could probably do it in Mutt/vi & perl but I can't seem to get the headers to show up in the message when I edit it.

    Anyone know any solutions to this?

    It makes sense - they don't want bounced messages, you don't want spam.
  • I remember reading about an anti-spam technique called "Teergrubing", which is done in a non-biased manner... Is it mentioned in the book?


    -----------
  • Posted by The Famous Brett Watson:

    I have a PO Box, and it peeves me no end that the post office accepts money from me for the privilege of owning it and then accepts money from advertisers for the privilege of stuffing unaddressed advertising in it. For goodness sake -- surely I'm saving them leg-work by having a PO box in the first place: how much so-called "cost recovery" do they want to gouge me for?

    My policy with junk mail: snatch pen out of shirt pocket, inscribe "return to sender" somewhere on the offending item, and pop it straight back in the letter delivery box. Some folks prefer to just toss it back in through the PO box -- litter the mail room, not the street. I guess I'm just a bit more formal in my mode of protest.

  • And this relates to Spam in what way?

    > You'll learn about things like user interfaces,
    > business programming, how to scope out customer
    > needs, database design, price points,

    Don't you mean "customer's available cash"? One of my greatest needs is stability, but Microsoft's plan (keep introducing new features (gotta sell everyone on the newest release) rather than fixing the existing ones) doesn't exactly tend toward the creation of reliable software.

    > scripting, and responding to negative feedback.

    Responding to negative feedback (of the bug report variety) is easy - "just upgrade to the newest version (whenever it comes out) and that bug will be fixed - ummm ... except for 'insufficient memory to update display' - that's a feature, not a bug"

    Will we also learn about FUD, the Windows 2000 "deathmarch" (including the REAL release date), and Bill's plan to defeat OSS? I doubt it.

    > One thing that William Gates has NEVER done is
    > publicly run down the competition.

    You're right. He leaves that job up to Ed Muth, "Steve Barkto" and other Microsoft employees.

    Even Jesse Berst is starting to suggest [zdnet.com] Linux as an alternative to Microsoft. Doesn't THAT tell you something about Microsoft's reputation and prospects?

  • I wonder how much money this little slashdot plug is going to cost them...
  • 1) hosts.deny

    2) Sendmail 8.9's anti-spam code

    3) Killfiles

    4) identd (most spam uses fake e-mail headers)

    5) Forward the spam to the spammer's postmaster

    6) Send Router announcements of a new zero-hop route to the spammer's site, via any dead route.

  • Spamtrack is by no means a finished product, and still needs some work before it's suitable for everyone. I encourage users to try test@spamtrack.978.org to make sure the results are appropriate for your situation before making heavy use of the service. As always, suggestions, comments, and bug-reports are welcome: you can email them to brianr-slashdot.org@osiris.978.org

    In response to Mr. Anonymous Coward's Comments:

    1.It will send the spam complaint to the contacts of every domain in every legitimate-looking Received: header.

    Correct. This results in a contact to every site involved or fraudulently represented as involved with the tranmission of the unsolicited commercial message. ISP's that were involved want to hear about it so they can avoid having their resources wasted by the spammer. ISP's that were fraudulently represented as being involved by forged headers want to know so they can stop the spammer from misusing their name again in the future.

    This is a bad thing because it will also send the spam complaint to your ISP...

    Sending a copy of the complaint to the spammed user's ISP could be either good or bad depending on the circumstances and the ISP's policy, and should probably be turned off by default.

    ...It basically accuses them of allowing relaying. This is a nice kick in the nuts when you've been busting spammers all day...

    This is not the case at all. Some ISP's like to know about abuse of their resources by spammers (even if they're not being used as a relay) and will actively pursue the matter.

    2.It spams every internic contact for the domains it decides are involved. It's hard to tell from the tests I have tried, but it may send mail to every contact for each domain....

    The Internic whois database is only used when the domain has not registered their preferred spam-complaint contact address with one of the major abuse contact lists. If no contact is on file and the whois lookup fails, then the message is sent to postmaster and abuse at the offending domain. Even if the same address appears as a contact more than one time, only a single complaint message will be sent.

    3. It mangles the subject

    Spamtrack merely prepends text to the subject. The subject is not mangled, and can still be matched by automated tracking systems.

    ...and inserts a little speech about why spam is bad... The best thing to send is a message with the original subject line, with only the message with full headers in the body and no other comments. Otherwise, you will mess up spam-report handling programs which try to match messages...

    Any sane spam-report handling program will match the first RFC822 object it finds in the body of the message or its attachments. Including a complaint or "speech" in the body of the message should not interfere with this process.

    The same complaint message and "speech" is also BCC'd to the spammer, just in case they don't understand the implications of what they've done. The envelope sender address on that message is written in a manner that makes it easy to keep track of which spammers actually send more spam to people who ask them not to send any spam at all.

  • A lot of people used to tell me that they didn't like to report spammers. When I asked them why, there were two major reasons they always cited: 1. I don't know who to report it to, and 2. If I report them, my mailbox will only fill up with dozens of "Yes, we got your spam complaint" messages. Spamtrack, a free service powered by all Free Software is my answer to the problem.

    Using spamtrack is easy. Simply forward the spam message with full headers (preferably as an attachment) to report@spamtrack.978.org. A list of all the contact addresses for the offending domains will be compiled. You will be sent a report, and the domain contacts will be sent complaint messages. All complaint messages will have the return addresses rewriten so that responses will end up in the database instead of filling up your inbox.

    Spamtrack uses a modified Ricochet and the PosgreSQL database to track complaints and their responses. An online interface where you can view responses and statistics on worst offenders, response times, and number of resolutions is in the works.

    Please use the report@spamtrack.978.org address only to report actual unsolicited commercial messages. You can forward test messages to test@spamtrack.978.org.

  • I've also written a review of Stopping Spam [usyd.edu.au].

    Danny.

  • I don't have this book myself. I think that people who know what they're doing can successfully avoid nearly all e-mail spam, but for people who don't know where to start, this book could be a good place to start.

    I try to avoid the practice of obfuscating or protecting my e-mail address, on the grounds that there are better ways to protect yourself from spam. Hiding your e-mail address is just dodging the main issue. No matter how much you hide it, they will get your address. You'll have to put up sooner or later.

    Here's what I do to avoid e-mail spam. I think these steps work rather well. My e-mail address is publicized on slashdot, my home page, Usenet archives, and various other places, and yet I get very little spam (once a month at most, never more than once from the same place).

    1. Subscribe to the Realtime Blackhole List [vix.com] to dodge known spam hosts.
    2. Use the Spam Bouncer [hrweb.org] to filter out all the spam that the author of the program knows about (which is quite a lot; 200 kb of filters at last count), and send simulated bounce messages back to the spammers.
    3. Run blackmail [demon.co.uk] over sendmail to block relays and allow for additional manual filtering (e.g. if Netscape, Microsoft, or some loser sends me unwanted mail, they're not ever mailing me again :)
    Between all of these, I live a nearly spam-free life without having to worry about hiding my mail address. If this sounds like heaven to you, then, well, why don't you try these things too ^_^
  • Amazon $15.96
    BarnesAndNoble $15.96
    Bookpool $13.95
    Shopping $12.96
    Spree $14.97

    Regards, Ralph.
  • My friend hacked this spammer's PBX.
    Give it a listen, pretty amusing.

    1 800 409-8302 x1288
  • Very cool, worth calling for a laugh. And it's on the bad guy's bill. :)

  • One easy way to avoid spam is to not publish your address on websites? Geez, that's kinda lame. How do you make an easy mailto: for customers or potential contacts on a webisite? Sorry, I don't think so.

    I also use my real address in newsgroups and everywhere else. I'd rather be easy for people to contact (good and bad) than be a pain to contact. I know other people who munge their addresses to newsgroups, and I always forget to change their addresses before mailing them. So I get bounce messages back. I hate that.

    But I've been on the net 6 years now, so I remember the good old days pre Canter and Seigel.

    Other odd things: I get a few pieces of spam now and then from a GTE mail account that I don't think I've ever publicized the address on. The spams all have a very similar format in the subject field.

    Then of course, there was the time Mute (the record label) spammed some people with a 2 meg attachment or some such. I use Unix, so I just deleted it easily. I can't even imagine what it must have been like for PPP users.
  • It's a shame we have to get to the point of writing books about stopping Spam, but I guess it's one of those things we have to deal with. I had one work account where I was getting several dozen spams a week (I know other people who've had more). The only way I finally got rid of them was to go to work at another company, thus dropping that email address. ;-)

    (I managed to really piss off a few sysadmins with my crontab mailbombers before I learned to chill out and focus my complaints more... ;-)

  • That was amusing.. as far as the worries about your number being recorded and saved for phone spam, just call from work, silly. :]

    So who changed the message?
  • Deleting spam is exactly what spammers want not interested people to do. Don't just delete it. Look in the headers, find the ISP of the spammer, forward it to them, and let them take care of it.

    Avi Norowitz slashdot@ice.tj

  • Do the same with paper spam too. Remove anything with your name on it and stuff the junk mail into the postage-free "Business Reply" envelope and send their junk back to 'em! If enough people do this (this costs them postal fees), they'll start mailing out less spam.
    Actually, this is very close to what we do at our house:
    1. Open spam snail mail and look for Business Reply Envelope (BRE) and the Acceptance/Order Form (AOF).
    2. Stuff BRE with all of the spam (including the outer envelope that it arrived in) except the AOF.
    3. Use an indelible marker (preferably black) to scribble out the part that says "Yes! ..." and anything else except your name and address which should be preprinted on it (note that it will usually include some kind of account number).
    4. Write "please remove me from your mailing list" in plain block letters next to your address.
    5. Put AOF in BRE, seal the BRE and mail it.
    Some snail spammers are wising up and only including postcards for Business Reply Mail. Doing the scribble & return thing on these usually works, tho.

    I used to work at a mailbox rental site (not one of the big chain places, tho). The USPS will not return anything sent Bulk Rate (if the postmark says "BULKRT" or anything like that).

    I seem to remember somewhere seeing that if you request such removal in writing, the sender is obligated by law to do so, but don't remember where I saw it...

  • Something I've always wanted to do, but never done, is to order "bill me later" Franklin Mint dishes and dolls and subscriptions to Hustler, etc. for spammers who only give their snail-mail addresses. Maybe I'll do it one day...
  • I don't know. I understand that Spam sets a bad precedent and uses up valuable bandwidth, but I found a simple solution a long time ago: I just delete it, unread. The subject lines are pretty obvious. And even when they aren't and I read one by mistake, I just delete it. No harm.

    Thankfully, I've never gotten any really long spams which would require excessive time to download. Maybe that would change my mind.

    In the end, I believe in the "goodness" of the net and like to make it easier for people to find me, by keeping my real e-mail address in newsgroup postings and my web site.

    -Augie
  • Yup, that is an end-user POV.

    Your points are good, though. I just wouldn't get the book for my own purposes. Maybe as a SysAdmin it would be helpful, but is that who the book is aimed for? I flipped through it at the store when I saw it once and it seemed aimed more towards the end-user.

    -Augie

  • Or... (Score:1)

    by dmuth ( 14143 )
    If you want to fake a bounce, just use Procmail to return the appropriate exitcode to sendmail. You can find a list of the error codes by number in /usr/include/sysexits.h.

    I'm not sure if bouncing will do a whole lot of good though, as lots of the spam out there is forged, so the spammers don't get the bounces. It's a lose-lose situation. :-(

  • I've been pretty gassy lately, so my message was a poem without words. HAHA :]
  • My program, SpamCop [julianhaight.com] does a much better job of reporting spam. It has a web interface and an email interface, and by using the web interface, you can see what it's doing ahead of time. It dosn't have any of the problems listed above, and it is well loved by users and system admins alike. It's fast, accurate and it dosn't spam unrelated parties. It dosn't even complain to relay admins - although that might be added as an option later.

  • Good idea on the extra header fields. Anyone know if there is a defined namespace I should be careful of - like mime or whatever? I guess just start with an X and I should be OK.

    The thing about the 'extraneous' information though, I think this is important.

    First of all, I like to put the ID in the subject, because I automatically filter all incomming replies and sort them by complaint - and the subject line is sometimes the only thing left of the complaint when I get back a response - then you can tell if 'your' complaint has been answsered without giving away your REAL address. I also CONCEAL your address in the outgoing complaint.

    Secondly, although many complaints fall on the jaded ears of experienced complaint-desk jockeys, I find that many of my complaints are sent to clueless lusers. I don't want them to confuse my complaint for a stupid spam. I also give the tracking URL to these guys so they can see WHY I decided to complain to them.

    Besides, my boilerplate gives 'em the info they need right up front - IP and datestamp. Eventually, I hope ISPs will come to trust spamcop more than reading headers themselves - at least for day-to-day stuff.

    -=Julian=-

    p.s. The url [julianhaight.com] again! Bookmark it!

Slashdot Top Deals

For God's sake, stop researching for a while and begin to think!

Close