You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Chris Santerre <cs...@MerchantsOverseas.com> on 2006/05/18 19:22:04 UTC

RE: Proposal: First URI black list, how about email address black lists?


> -----Original Message-----
> From: Marc Perkel [mailto:marc@perkel.com]
> Sent: Thursday, May 18, 2006 11:09 AM
> To: jdow
> Cc: users@spamassassin.apache.org
> Subject: Re: Proposal: First URI black list, how about email address
> black lists?
> 
> 
> 
> 
> jdow wrote:
> > From: "Dallas L. Engelken" <da...@nmgi.com>
> >
> > Dallas
> > <<jdow>> Directly answering his question - it is not 
> infrequent these
> > days for the "answer" site to be part of a botnet, I 
> understand. So a
> > blacklist would have to be bigevil.cf in size and then some.
> >
> > It'd be easier to simply click fraud the sites until the vendors who
> > commission the spam catch on and turn off the money up front.
> > {^_^}
> >
> 
> OK - you guys are missing part of the idea. The idea is that there is 
> some central database that is maintained for lookups sort of 
> like razor 
> and pyzor or spamcop, or the URI lists, etc. and you make a 
> call to the 
> central database to see if the email address in question is listed in 
> it. If it is, then you have a spammer.

We have a hard enough time with tons of new domains in URIBL. Those cost
money and IMHO a bit more steps to go thru to setup then an email address. I
can't imagine trying to keep up with it. They would expire within hours. 

Its a good thought, and ike Dallas has said, its been talked about. But sooo
much work. 

Also LOL @ jdow. "bigevil" is now an adjective ;) 

--Chris

Re: Proposal: First URI black list, how about email address black lists?

Posted by Roger Taranto <ro...@rogflies.com>.

On Fri, 2006-05-19 at 02:19, jdow wrote:
> (It would be a real serious gas to hook a 419 phish to Eliza and
> watch for the results. Generate a somewhat paranoid Eliza then sit
> back and party. Of course, if *I* could think of this extension of
> the "lead them on" counter phish then I am sure somebody else has
> already done it and simply failed to share it with us. If they have
> and have successfully eaten a phisher's time more power to them and
> I curtsey in their general direction.)

Yep, someone already has done this.  He wrote to spammers himself and
turned it into a book.  Check out http://www.thespamletters.com/
especially the conversations with the Nigerians.

-Roger

Re: Proposal: First URI black list, how about email address black lists?

Posted by jdow <jd...@earthlink.net>.

From: "Marc Perkel" <ma...@perkel.com>
> Chris Santerre wrote:
>>
>> We have a hard enough time with tons of new domains in URIBL. Those 
>> cost money and IMHO a bit more steps to go thru to setup then an email 
>> address. I can't imagine trying to keep up with it. They would expire 
>> within hours.
>>
>>
> Remember we're not talking about the From address but the address within 
> the message that they want you to reply to. That address isn't going to 
> expire very fast because that's how the spammer gets the money. I would 
> say however that these email addresses could be expired over a few weeks 
> perhaps.
> 
> I also think that these lists could be used for a check of outgoing 
> email to see of people (suckers) are responding and to perhaps intercept 
> the email and warn the sender that they are replying to a known scammer. 
> Just a thought.

Marc, in general addresses of this sort seem to hold around for "hours".
When they hang around for days it's a spam that somehow slipped under
the radar. (I've seen a few. But usually I am late enough in the spam
rotation and reading the spams, if I do at all, that by then the site
is tagged and often taken down.)

It is REALLY easy to give a single IP address a large number of names.
So working off names is not really effective except for the vague
potential of click fraud and mailing dummied up replies to phishes.
(It would be a real serious gas to hook a 419 phish to Eliza and
watch for the results. Generate a somewhat paranoid Eliza then sit
back and party. Of course, if *I* could think of this extension of
the "lead them on" counter phish then I am sure somebody else has
already done it and simply failed to share it with us. If they have
and have successfully eaten a phisher's time more power to them and
I curtsey in their general direction.)

Blackballing names is something I've played with. It's only effective
for a few days except in really odd cases then we have all new names
to blackball. "Blacklist_from" suffers much the same problem. And
that is generally a more permanent address.

Of course, some spammers are more agile than others. I've seen large
numbers of Leo Kuvawhosiz addresses in one day, for example.

{^_^}

Re: Proposal: First URI black list, how about email address black lists?

Posted by qqqq <qq...@usermail.com>.

RE: Proposal: First URI black list, how about email address black lists?>Remember we're not talking
about the From address but the address within the message that they want you to >reply to. That
address isn't going to expire very fast because that's how the spammer gets the money. I would say
>however that these email addresses could be expired over a few weeks perhaps.

>I also think that these lists could be used for a check of outgoing email to see of people
(suckers) are responding >and to perhaps intercept the email and warn the sender that they are
replying to a known scammer. Just a thought.

Here's a good example:

Hello Good Fellows,
I know it's hard to find a true real and honest money making on the net
because I had alsoexperienced and onced tired of always started some
new opportunities until i met this one of its kind online business that catches
my interest and attention.

Coz' I can even say "Your Search Is Over !" So stop searching and give
this a try.
Just Email Me at
castle_peak2008@yahoo.com
Put "" Register me for a free Membership"" in the subject,
Be sure to include:
1. First name:
2. Last name:
3. Email Address:
4. Country:
That's All there is to it.
We Will confirm your position and send you a special report as soon as
possible, and also Your free membership ID#.
My best regards,

Pablito Ed Tabar
castle_peak2008@yahoo.com
Note: p.s. This is one time email. If you wish to remove. Kindly email to :
to_my_Fellow@eqqumail.com
with the subject of your email "Remove Me"

Re: Proposal: First URI black list, how about email address black lists?

Posted by qqqq <qq...@usermail.com>.

Here's a good example:

Pablito Ed Tabar
castle_peak2008@yahoo.com
Note: p.s. This is one time email. If you wish to remove. Kindly email to :
to_my_Fellow@eqqumail.com
with the subject of your email "Remove Me"

Re: Proposal: First URI black list, how about email address black lists?

Posted by Marc Perkel <ma...@perkel.com>.


Chris Santerre wrote:
>
> We have a hard enough time with tons of new domains in URIBL. Those 
> cost money and IMHO a bit more steps to go thru to setup then an email 
> address. I can't imagine trying to keep up with it. They would expire 
> within hours.
>
>
Remember we're not talking about the From address but the address within 
the message that they want you to reply to. That address isn't going to 
expire very fast because that's how the spammer gets the money. I would 
say however that these email addresses could be expired over a few weeks 
perhaps.

I also think that these lists could be used for a check of outgoing 
email to see of people (suckers) are responding and to perhaps intercept 
the email and warn the sender that they are replying to a known scammer. 
Just a thought.