[MLB-WIRELESS] Email address format of online mail archives

Luke Shillabeer kiwwa at optusnet.com.au
Mon Oct 22 22:28:58 EST 2007


lol, speaking of bounties on the heads of spammers....

http://www.rlslog.net/real-punishment-russian-viagra-spammer-murdered

Cheers,
Luke.

On 17/10/2007, at 3:42 PM, Craig Sanders wrote:

> On Wed, Oct 17, 2007 at 01:24:23PM +1000, Rowan 2008 wrote:
>>
>> On Wed, 17 Oct 2007, Craig Sanders wrote:
>>
>>> hiding your address doesn't work.  good spam-filtering can work.
>>
>> I'm working in the opposite direction to you, I think that  
>> prevention is
>> better than cure.
>
> i agree with that.
>
> i don't agree that hiding your address is ANY form of prevention,  
> let alone
> *effective* prevention.
>
> and to me, blocking spam *IS* prevention. pressing the delete key is
> mere cure.
>
> but the best prevention would be a Dead-or-if-you-really-must-then- 
> Alive
> bounty on spammers, globally.  i wish.
>
>
>> Rather than try to block spam (and probably a handful of false
>
> if you don't want spam, you have no choice but to try to block it.
>
> fortunately, good spam filters can be very effective.
>
>> positives) I decided to avoid getting myself "indexed" in the first
>> place.
>
> can't be done.
>
> if you have an email address, it WILL get on spam lists, and you  
> WILL get
> spammed.
>
> even if you never use it. even if it's not in anyone's address book or
> on any web page or anywhere else.
>
> and the closer the localpart of your address is to a real name or an
> existing localpart in the spammers lists, the sooner it will get  
> spammed
> (spammers make up bogus addresses by the millions by combining known
> localparts with domain names).
>
> check your mail logs, you'll see thousands of rejected spams for
> addresses that have never existed on your server, but which seem
> "reasonable" as usernames.  and thousands more which look like
> Message-IDs, too.
>
>
>> I retired my 10 year old address in 2006 (which is still littered
>> all over the web), and since then I've actually had some success
>> with the (unfiltered) username+currentyear format that I'm using to
>> write this msg - I receive roughly 30-40 spams per day to my 2006 and
>> 2007 variations (which include a bunch of admin addresses on various
>> domains), so it was
>
> i've been using the same address for over a decade and can't remember
> the last time i got a spam in my inbox folder. months ago, at least.
> the occasional spam gets through my filters into a mailing list  
> folder.
> 99+% of all spam gets blocked by postfix, amavisd, and spamassassin.
>
> btw, you obviously still need to keep the 2006 and 2007 versions (and
> presumably earlier variations) - so you're still getting spam for
> them...so what actual benefit do you get from changing your address?
>
>
> my work email address, however, where i have no control over the spam
> filtering (aside from client-side filtering in thunderbird) gets  
> several
> dozen spams per day, and started getting them the same week the  
> account
> was created - and it never existed before i started work there in feb
> this year.
>
>
>> disappointing to see the 2008 variation receiving spam so soon  
>> after I
>> started using it.
>
> inevitable. dont waste your time caring about it. instead, spend your
> time doing something that can and will make a difference - beefing up
> your spam filters.
>
> of course, it's your system and your mailbox, so what you do with  
> it is
> your choice. i'm just pointing out that there are better and far more
> effective things to do than to worry about your address being (in  
> clear
> or with varying degrees of munging) on web archives or not.
>
>
>
>
>> I've also set up a simple script that blocks IPs that attempt to  
>> deliver
>> to unknown email addresses for 24 hours - most of them have words  
>> such as
>> dialup, pool, adsl etc in their hostnames so it's likely they're  
>> botnet
>> zombies.
>
> yep, i've done stuff like that. using a few good RBLs and especially
> DULs works better. postfix's tarpitting (deliberate and increasing
> delays in the SMTP session after multiple rejects) also helps.
>
>
>
>> Sounds a bit like closing the gate after the horse has bolted,
>> but it's more like closing the gate after the first horse of 10  
>> has made
>> it out. :) As a bonus it fairly quickly blocks a dictionary  
>> attack. The
>> block list usually floats around 1500-2000 IPs.
>
> no, it's actually a reasonably effective technique. the "price" is a
> small risk of self-inflicting a denial-of-service on your own machine
> due to spoofed IP addresses....and you end up with enormous firewall
> rulesets.
>
>> If I can figure out how, my next step will be to generate a unique
>> email address for each outbound message, with a whitelist for certain
>> domains such as wireless.org.au which will only accept a static
>> address.
>
> there's existing software around to do that (for *nix, at least).  
> can't
> remember any program names at the moment, but i know of people who use
> that kind of software and think it's good.
>
> personally, i think it's too much hassle and more likely to cause
> problems for legitimate mail than spam-filtering because it confuses
> non-geeks. plus, i think it's giving in to spammers - this is MY email
> address and i'll use it, i WON'T be forced to abandon it by spamming
> scumbags.
>
>
>
> craig
>
> -- 
> craig sanders <cas at taz.net.au>
>
> America ... just a nation of two hundred million used car salesman
> with all the money we need to buy guns and no qualms about killing
> anybody else in the world who tries to make us uncomfortable.
> 		-- Hunter S. Thompson, "Fear and Loathing on the Campaign Trail"
> _______________________________________________
> Melbwireless mailing list
> Melbwireless at wireless.org.au
> http://wireless.org.au/mailman/listinfo/melbwireless




More information about the Melbwireless mailing list