[ale] Rant about the spam situation (was: autospamming)

Thu May 27 16:27:39 EDT 2004

On Thu, May 27, 2004 at 03:36:40PM -0400, Cy Kurtz wrote:
> 1.)  Are spammers just spoofing the return address to match the forward
> address or is someone actually using my email account to send spam?

Welcome to the world of "joe-jobs", where a random spammer spoofs other
random addresses to eliminate one other piece of information that
might be useful to a forensic investigation.

Most of my experience has been that the spoofed address doesn't even have
to match the forward address, as my current rate of 8-10 joe-job bounces
in my inbox per day will attest (and that's just the ones too unique to
filter out).

> 2.)  Is there something I should be doing as a responsible netizen to
> prevent this?

Assuming that it's strictly a spoofing situation, there's not a whole lot
you *can* do, much less *should* do.  The spoofers are hiding behind
spam trojans, and unless you have a "live specimen" with a compsec
expert to analyze the incoming traffic, the only thing you can do is to
send a complaint to the ISP to which the trojan-infected host is
attached.  However, I've found that reporting is largely ineffectual.
Deutsche Telekom, for example, took over a week before one of its
infected hosts quit sending payloads of itself to the ALE list.
Naturally, they made it to the ALE list because it was spoofing
ALE members' return addresses!

The only thing I'll do now is write to a complaintant that received a
spam with my spoofed address who took the time to write a more personal
request to stop.  Interestingly, one lady wrote to me saying she was
having trouble reaching "my" meds website.  'course, I've also complained
to the ISP of the complaintant when curse words were used by the
original complaint.  Actually, I was just having a bad day that time. ;-)

IMHO, the whole SMTP email transmission mechanism outlived its usefulness
several years ago, and only now that spam accounts for 50% to 65% of all
email traffic have people stepped up to attempt to fix the mechanism
itself instead of relying on filters and realtime blackhole lists.

BTW, the "Buffalo spammer" that EarthLink was pursuing for assuming
false identities for spamming got sentenced to at least 3 yrs. jail time
recently.  The article's on /. today.

> 3.)  Would changing my email password(s) do anything to help this
> situation? How often should I change my email password(s)?

Changing email passwords on a semi-frequent basis is a Good Practice (R)
for other reasons, but it has no effect on what you're experiencing.

> 3.)  Are legislative attempts to curb spam going to be more of a pain in
> the neck than spam itself?

Hopefully, the recently-announced SPF/CallerID merger for authenticating
return addresses will drastically cut down on the spam (not to mention
alleviate the joe-jobs bounces).  For a month or so, anyway. :-\