You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Marc Perkel <ma...@perkel.com> on 2006/05/18 16:23:57 UTC

Proposal: First URI black list, how about email address black lists?

URI based black lists have been extremely effected in identifying spam. 
I propose another kind of black list. A list of email addresses embedded 
in the message body as replies to nigerian type spam and other spam 
where you are instructed to reply to the email address in the message body.

One thing about all spam is that the spammer wants you to do something. 
And it's what the spammer wants you to do that is the key to identifying 
spam. Most spam wants you to click on a link. So the URI black lists 
work well because it catches the sites that spammers link to.

But - a lot of spam - like nigerian spam - wants you to reply to an 
email address in the message body in order to do what the spammer wants. 
So if there were a blacklist of email addresses that spammers use as the 
place to reply then that would cut into the remaining spam 
significantly. If we can block email based on a real time list of email 
addresses within the body a whole new class of spam can be blocked with 
very high accuracy.

Who likes this idea?

Re: Proposal: First URI black list, how about email address black lists?

Posted by Maurice Lucas <ms...@taos-it.nl>.

On Thu, 2006-05-18 at 07:23 -0700, Marc Perkel wrote:
> URI based black lists have been extremely effected in identifying spam. 
> I propose another kind of black list. A list of email addresses embedded 
> in the message body as replies to nigerian type spam and other spam 
> where you are instructed to reply to the email address in the message body.
> 
> One thing about all spam is that the spammer wants you to do something. 
> And it's what the spammer wants you to do that is the key to identifying 
> spam. Most spam wants you to click on a link. So the URI black lists 
> work well because it catches the sites that spammers link to.
> 
> But - a lot of spam - like nigerian spam - wants you to reply to an 
> email address in the message body in order to do what the spammer wants. 
> So if there were a blacklist of email addresses that spammers use as the 
> place to reply then that would cut into the remaining spam 
> significantly. If we can block email based on a real time list of email 
> addresses within the body a whole new class of spam can be blocked with 
> very high accuracy.
> 
> Who likes this idea?
> 

Picking up an old thread.

Maybe we would not want to do a lookup at for example.
dig txt spammer=domain.tld.blacklist.tld
To check if spammer@domain.tld is a spammers email address.

But only at domain.tld.blacklist.tld and punnish the webmailprovider
(most of the time the free providers) with a low score.
It doesn't make a message go over the top but if e.g. in every message
with a yahoo/hotmail/... address in it which is scanned by SA a line is
included with 
EMAILBLACKLISTYAHOO=0.5 added maybe then someday yahoo will do someting
about spammers.

Maybe then there could be even a (dangerous and misused but free
advertising for the provider) rule which will be a negative scoring
rule.
I would "love" to see in every spam message spammers mis-using my good
name to lower the amount of point. (possible problems like the good-old
bayes poisoning)

In this example yahoo is used but it could have been any provider.

-- 
With kind regards,

Maurice Lucas
TAOS-IT

Re: Proposal: First URI black list, how about email address black lists?

Posted by jdow <jd...@earthlink.net>.

From: "Marc Perkel" <ma...@perkel.com>

> URI based black lists have been extremely effected in identifying spam. 
> I propose another kind of black list. A list of email addresses embedded 
> in the message body as replies to nigerian type spam and other spam 
> where you are instructed to reply to the email address in the message body.
> 
> One thing about all spam is that the spammer wants you to do something. 
> And it's what the spammer wants you to do that is the key to identifying 
> spam. Most spam wants you to click on a link. So the URI black lists 
> work well because it catches the sites that spammers link to.
> 
> But - a lot of spam - like nigerian spam - wants you to reply to an 
> email address in the message body in order to do what the spammer wants. 
> So if there were a blacklist of email addresses that spammers use as the 
> place to reply then that would cut into the remaining spam 
> significantly. If we can block email based on a real time list of email 
> addresses within the body a whole new class of spam can be blocked with 
> very high accuracy.

Well, Blue had something of an idea. It was simply carried too far.

As you observe every spam email contains at least one URL that is
important. It should be possible to cull the one URLs that are
important to the spammer from a list of other URLs. (A list of known
good sites would help this.) Then you use a tool that mimics browser
behavior to connect to each of these sites. If the spammer gets
paid by detected traffic on the actual advertisers web site then
this will generate a lot of spurious income for the spammer and
"detected fraud". This should pretty much cut off the spammer's
income source, except for the vertical market spammers like Leo.

Instead of freezing them out pull Google Click Fraud on them.

{^_^}