Fighting email spam and anti-UBE pointers

Archive-name: mail/anti-ube-pointer
Posting-Frequency: 2 times a month
Maintainer: Jari Aalto A T cante net

Announcement: "Bounces, Challenge-response systems, MTA, Bayesian tools (article pointer)"

Availability

FAQ archive is at http://www.faqs.org/faqs/

This message is an excerpt from bigger from Procmail Module
Library project's README.html document titled "Procmail
strategies against spam." available at
http://pm-lib.sourceforge.net/

The key points discussed in the document:

- Auto-replying or bouncing is considered a bad tactic
- MTA rejects can be abused and system administrators should
check their setup at least in regard to viruses.
- Challenge-Response system is based on false assumption that sender's
address can be used for authentication. It cannot and thus any C-R
system will contribute nothing else by amplifying the spam problem.

See picture http://pm-lib.sourceforge.net/pic/cr-system-joe-job.png

What should be done then?

- Bayesian tools are non-intrusive, harm no third parties
(in contrast to C-R), are easy to use and provide a good shelter.
- Battery of bayesian tools give even better shield due to
each program using a slightly different algorithm.

Many clarifying pictures are included:

- How address harvesting works
- How viruses should not be treated (at MTA level)
- Challenge-Response based authentication (overview)
- Challenge-Response system causing "Joe-Job"
- How MTA level UBE prevention works
- Procmail with battery of statistical tools

Table of contents:

1.0 Thoughts about increasing spam annoyance
1.1 Bouncing messages do no good
1.2 Rule based systems are not the solution
1.3 Challenge-Response systems make matters worse
1.3.1 Challenge-Response is not a doorbell but a
gun shooting decoys
1.3.2 Questioning Challenge-Response systems implementations
1.3.3 Summary - What are the effects of Challenge-Response
systems
1.4 Spam appearing in your yard - a story

2.0 A lightweight UBE block system with pure procmail
2.1 Suitable for accounts which ...
2.2 Where to put "pure procmail" UBE checks?
2.3 Using Procmail Module Library to fight spam

3.0 A heavyweight UBE blocking system
3.1 Advice for Debian Exim 4 mail system administrator
3.2 Advice for the normal account
3.3 Configuring Bayesian programs
3.4 A heavyweight spam catch setup using procmail

Some terminology

._UBE_ = Unsolicited Bulk Email
._UCE_ = (subset of UBE) Unsolicited Commercial Email

_Spam_ = Spam describes a particular kind of Usenet posting (and
canned spiced ham), but is now often used to describe many kinds of
inappropriate activities, including some email-related events. It
is technically incorrect to use "spam" to describe email abuse,
although attempting to correct the practice would amount to tilting
at windmills.

_Spam_ = definition by Erik Beckjord. "Some people decide that Spam
is anything you decide you want to ban if you can't handle the
intellectual load on a list." Remember, not to be confused with
real spam, which is unwanted bulk mail.

People are nowadays seeking a cure which will stop
or handle UBE. That can be easily done with procmail (under your
control) and with sendmail (by your sysadm). In order to select the
right strategy against UBE messages, you should read this section
and then decide how you will be using your procmail to deal with it.

Re: Fighting email spam and anti-UBE pointers

On comp.mail.misc, in , " (Jari Aalto+mail.procmail)" wrote:



Thanks, but I don't have a spam or trollmail problem.

My Challenge-Response system silently dumps all spam
and trollmail.

And it never dumps mail from anyone I want to hear from.

And I don't have to constantly update it or rely on
tech support.

My ISP, Earthlink, has offered a Challenge-Response system
to all of its users for years, but I like my own.

I read the information you posted, and the websites that
you refer people to, and was astounded at your ignorance.

You really need to bring your Challenge-Response system
education up-to-date. By about 25 years.

Don't you even know that Challenge-Response Systems are
in common use and perfectly acceptable on the internet?

RFC 3834: Recommendations for Automatic Responses to Electronic
Mail

http://www.faqs.org/rfcs/rfc3834.html

Or are you simply trying to dis-inform people?

Spammers and Trolls HATE Challenge-Response systems, because
they can't beat them.

Are you a spammer? I notice from your headers that you are
not affiliated with any organization, and any bozo can post
anything on the web or the usenet.

Those announce-only newsgroups you have been approved on are
so desperate for posts that they now approve anything that
comes their way. Their approval used to mean something, but
it doesn't anymore.


AC


--
Homepage: http://home.earthlink.net/~alanconnor/elrav1
Fanclub: http://www.pearlgates.net/nanae/kooks/alanconnor.shtml

FAQ: Canonical list of questions Beavis refuses to answer (V1.40) (was Re: Fighting email spa

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.

--=_mimegpg-commodore.email-scan.com-3776-1131018920-0001
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Usenet Beavis writes:

> On comp.mail.misc, in , " (Jari Aalto+mail.procmail)" wrote:
>
>
>
> Thanks, but I don't have a spam or trollmail problem.

Right. You just have a garden-variety mental problem.

And one of the symptoms is your tendency to pick an argument with
robo-posted FAQs.

> My Challenge-Response system silently dumps all spam
> and trollmail.

Beavis FAQ #10 (see below).

> And it never dumps mail from anyone I want to hear from.

FAQ #10.

> My ISP, Earthlink, has offered a Challenge-Response system
> to all of its users for years, but I like my own.

Doesn't matter, Beavis. Both are blacklisted.

> Don't you even know that Challenge-Response Systems are
> in common use and perfectly acceptable on the internet?
>
> RFC 3834: Recommendations for Automatic Responses to Electronic
> Mail

That's not Challenge-response, Beavis. Read the FAQ again.

> Spammers and Trolls HATE Challenge-Response systems, because
> they can't beat them.

Beavis hates his own FAQ, because it embarasses him.

> Are you a spammer?

Are you a Beavis?

> I notice from your headers that you are
> not affiliated with any organization, and any bozo can post
> anything on the web or the usenet.

And what exact organization are _you_ affiliated with, Beavis?

None? Therefore, by your admission, you're a bozo.

> Those announce-only newsgroups you have been approved on are

What "announce-only" newsgroups, Beavis?

> so desperate for posts that they now approve anything that
> comes their way. Their approval used to mean something, but
> it doesn't anymore.


FAQ: Canonical list of questions Beavis refuses to answer (V1.40)

This is a canonical list of questions that Beavis never answers. This FAQ is
posted on a semi-regular schedule, as circumstances warrant.

For more information on Beavis, see:

http://angel.1jh.com/nanae/kooks/alanconnor.shtml

Although Beavis has been posting for a long time, he always remains silent
on the subjects enumerated below. His response, if any, usually consists of
replying to the parent post with a loud proclamation that his Usenet-reading
software runs a magical filter that automatically identifies anyone who's
making fun of him, and hides those offensive posts. For more information
see question #9 below.

============================================================ ================

1) If spammers avoid forging real E-mail addresses on spam, then where do
all these bounces everyone reports getting (for spam with their return
address was forged onto) come from?

2) If your Challenge-Response filter is so great, why do you still munge
when posting to Usenet?

3) Do you still believe that rsh is the best solution for remote access?
(http://tinyurl.com/5qqb6)

4) What is your evidence that everyone who disagrees with you, and thinks
that you're a moron, is a spammer?

5) How many different individuals do you believe really post to
comp.mail.misc? What is the evidence for your paranoid belief that everyone,
except you, who posts here is some unknown arch-nemesis of yours?

6) How many times, or how often, do you believe is necessary to announce
that you do not read someone's posts? What is your reason for making these
regularly-scheduled proclamations? Who do you believe is so interested in
keeping track of your Usenet-reading habits?

7) When was the last time you saw Bigfoot (http://tinyurl.com/23r3f)?

8) If your C-R system employs a spam filter so that it won't challenge spam,
then why does any of the mail that passes the filter, and is thusly presumed
not to be spam, need to be challenged?

9) You claim that the software you use to read Usenet magically identifies
any post that makes fun of you. In http://tinyurl.com/3swes you explain
that "What I get in my newsreader is a mock post with fake headers and no
body, except for the first parts of the Subject and From headers."

Since your headers indicate that you use slrn and, as far as anyone knows,
the stock slrn doesn't work that way, is this interesting patch to slrn
available for download anywhere?

10) You regularly post alleged logs of your procmail recipe autodeleting a
bunch of irrelevant mail that you've received. Why, and who exactly do you
believe is interested in your mail logs?

11) How exactly do you "enforce" an "order" to stay out of your mailbox,
supposedly (http://tinyurl.com/cs8jt)? Since you issue this "order" about
every week, or so, apparently nobody wants to follow it. What are you going
to do about it?

12) What's with your fascination with shit? (also http://tinyurl.com/cs8jt)?

13) You complain about some arch-nemesis of yours always posting forged
messages in your name. Can you come up with even a single URL, as an example
of what you're talking about?

14) You always complain about some mythical spammers that pretend to be
spamfighters (http://tinyurl.com/br4td). Who exactly are those people, and
can you post a copy of a spam that you supposedly received from them, that
proves that they're really spammers, and not spamfighters?


--=_mimegpg-commodore.email-scan.com-3776-1131018920-0001
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQBDafqox9p3GYHlUOIRAg3eAJ0fuCYZt4zXHaTZRlahlDvLuubmzwCf ZAAy
s6aswJco0Vgc6+w9qr5J870=
=Xne8
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-3776-1131018920-0001--