Re: Spammers watching this user forum

[Steve Coleman <steve dot coleman at jhuapl dot edu>]

Earnie Boyd wrote:

> When you bounce that type of SPAM then you are participating in the DoS. 

I agree completely with this statement, and although I though the idea 
of "wpoison" was technically "cool" it also does nothing to ebb the 
tide, and in fact only increases the level of the floodwaters by causing 
the spammers to generate more bogus emails that need to be sent and 
processed. SpamAssasin is also "cool" but once the spam is already on 
the network its bad-news no matter how it gets stored, filtered, and 
processed. Even the best of filters have their downside and most don't 
throw anything away in fear of a "real" email getting tossed. I for one 
would love to see a more "active prevention" of spam!

My current thoughts.. Most spammers use open relays as their way to move 
their email into the legitimate Internet email system So, modify an smpt 
like process to look like a normal sendmail, only it will forward just 
one or two messages (i.e. the spammers open relay test) for each 
connecting host and then log that host and email address into a database 
as well as reporting the host to the RBL, ISP, etc.. For any subsequent 
access from that address this process should simply "eat" the email but 
act as if it is accepting and delivering it. For each subsequent email 
received from that host address it simply delays the connection flow 
like the LaBrea tar-pit project did it, thus limiting the connection 
bandwidth and slowing their delivery engine to a snails pace. This 
essentially captures the spammers sending process while while 
simultaniously dumping what little they manage to get out the door to 
straight to /dev/null. No filter processing required! As long as I don't 
pay for the minimal/controlled bandwidth, and I play nice with others, I 
probably won't even know they are trying to abuse me since it would take 
near zero cpu cycles to toss everything.

Face it, anybody trying to use my PC to send an email is obviously up to 
no-good, and I don't grantee delivery since they are not paying for my 
services. If they find something living on my port 25 I never said it 
was a "sendmail", that’s just their assumption. If enough machines on 
the internet listened on port 25 out there and "ate" all the spammers 
junk like this then the spammers would have a tough time staying in 
business by trying to use open relays, because they would never know if 
their cruft was /dev/null'ed or not. If they stop using open relays then 
all the RBL's will work like a charm even without all the fancy AI 
filters! Less traffic, less storage, less processing, everybody wins. 
All the spammers would know is that it took a VERY-LONG-TIME to send 
everything, so maybe its just a slow network? - lol

Sorry for this rant, but as not to be too off-topic, if I ever did do 
something like this in the future then Cygwin is going to be the 
“perfect weapon” to fight back with, because there are lots of machines 
out there running Windo$e, and the more tar-pits out there the better! 8^>

Since this is not completely Cygwin related, please contact me off-line 
if you have any comments or ideas on this topic.

Steve.






--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/