150 emails a day to spamforce...

And how are you folks running?

Not a one yet. I guess I'll have to be less subtle in my Spamsink placements....

I got 6 of them sneaking arround..

4 where already catching only spam so that would give me a headstart ...

The other two are doing alright with virusses but don't catch very much spam yet..

Hello good people

I am getting anywhere between 150-200 spams a day on three accounts, though for those that are already attracting spam then the figure is likely to aspire slowly but surely over time.

There are however various ways to get Emails propagated out, and I provide below a possible means of responsibly accelerating the process.


Seed, Unsubscribe, Wait, Deploy...

Raise intended spam-sink addresses but do not set to forward straight away.

Email spammers with requests to unsubscribe, or post in newsgroups and chat-rooms using the same contact Email address, subscribe to FFA (free-for-all) newsletters, sign up for on-line casino games, etc...etc...,

BUT...

...be absolutely sure to always include a footer in your Emails and newsgroup postings specifically requesting that no unsolicited or marketing correspondence is sent to your Email address (i.e. the spam-sink used).
...ALWAYS keep careful notes and be sure to unsubscribe to anything and everything that you may have previously subscribed to with your intended spam-sink address (or haven't subscribed to for that matter ).

Following your unsubscriptions, allow say 14-21 days before you set your distributed spam-sink addresses to forward to your portal - which would allow a generous period within which to be comprehensively "unsubscribed".

Responsible organisations will honour your requests, though some will just do this on the face of it and then pass on your valuable contact details for others to then exploit. For example, you may have sent a message to an on-line pharmaceuticals outfit enquiring about weekly bulk deliveries of Viagra and member growth pills, but although you don't buy anything the recipient can attest your potential value as a possible respondee to spam ad's in this category. Before you know it you will probably be spammed with all sorts of adult-orientated goodies.

The same thing goes for "free" porn sites, or sites requesting your Email address in order for you to download software rich in spyware (etc).


Taking advantage of Trojans...

Soon I might even try setting myself up a PC from tired old bits (cobbled junk) and intentionally running it with the absolute minimum of security - perhaps even downloading known trojans onto it. THEN by filing on the same computer various files containing a plethora of [u]only[/] spam-sink addresses from various contibutors (members), it should be no surprise what will happen next - see item "8"...

http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.q@mm.html

Also an insight on this page as to partial strings that it might be a good idea to avoid for early spam-sink addresses.

PC provided with only just enough time to collect, use and unwittingly harvest spam-sink addresses, and then disabled/cleaned ready for the next trojan.

Brendan.

Perhaps Ad'-Ware would be a better start - rather than rely on styles of trojan to allow collection via opened ports.

I could make the "dirty" PC awash with spamsinks and let all the Ad'-Ware on it do all the "reporting" it likes.

Probably a really good fast way to get onto those traded Emailing lists

Brendan.

Brendan how many are you getting from me? How about placing a single spamsink address in a forum reply?

If you're seeding spamsink email addresses by actually subscribing to things, doesn't that defeat the spamsink idea? I mean, I can send you lots of spam that I can be 100% sure I didn't subscribe to. Why would a spamsink be any better than that?

If a spamsink has an address that has never been used -- only put in an inconspicuous place in a website, where only bots would find it -- then the only ones sending to it are email harvesters. You get 0% false positives. If you subscribe and then unsubscribe, you will get mail from disorganized mailers who don't process their unsubscribes very well (non-profits on a shoestring budget, for instance). If you use your address to post to a bulletin board, other users may use it to PM you.

I believe the concept is when you unsubscribe, you shouldn't receive anything. If you do, at that point its unsolicted, ergo... spam.

True, but if I cared enough about a charity to subscribe, and now I prefer not to receive mailings, I still don't want to report them as spammers just because their unpaid volunteers are months behind updating their mailing list.

Doesn't have to be a charity. But, that's the concept. I don't do it, but I'm sure some do.

Hello team - Sorry that I haven't been around to answer your questions earlier as I have been away on extended business.

Anyway, on to your questions...

AlphaCentauri wrote:

Hello Alpha - thanks for your posts.
Subscribing to things and then unsubscribing is a surefire way to identify those who either do not honour unsubscribe requests or, more particularly, pass on freshly-verified addresses to others who choose to send marketing messages which you have never asked for. Speculators might choose to harvest and indiscriminately use any old address, though there are others that collate and sell on Email lists primarily to easily-duped small-time spammers in addition to the more prolific operators (you may have seen those "30,000 verified Email addresses for only $xx" type spams yourself).

Clearly Email addresses that are fresh and/or verified, particularly where positive interest has been shown in certain categories, are primary targets hungrily sought. However, if I subscribe to something and do not give explicit permission for my address to be passed on to other marketing organisations, and then unsubscribe to only those that I have previously subscribed, then I should be able to expect no further Emails after a reasonable period of time allowing message buffers to be flushed (usually about 7 days). I would however recommend some time in excess of this - say 3-4 weeks.

By way of example, I subscribed and then unsubscribed (the next day) to only a handful of what I had every reason to believe to be known porn-related peddlers, and then monitored my account. This I did nearly three weeks ago on a fresh account, though did not auto-report immediately. Just prior to my recent excursion there were only a mere few messages from what appeared to be other sources, so I unsubscribed to them as-well for good measure . However, having since returned from my excursion (not more than ten days later) I had precisely 510 spam Emails on the same account, though not just from porn peddlers but others along the lines of "Christian Lenders Network", "Rolex Watches for $75-$150", "Get a University Degree", and so-on.

It is equally possible that these spams are emanating from the same root source as from others that have obtained mailing lists freshly compiled with new and verified Email addresses by those to whom I originally subscribed and then unsubscribed. Either way, they all stand to be processed in the same way once I have set up the auto-forward to the spam portal. This Email address was completely new and never before existed for any other purpose.

I do understand your feelings on this, and we all need to exercise a view as to who are spammers and who are non-prolific institutions that for some reason don't have appropriate resources to process unsubscribe requests immediately - and then act accordingly. Should you have the opportunity to raise alternate Email addresses, you could raise a new address when subscribing to anything believed to be from a responsible operator and simply never use that address as a spam-sink.

Nevertheless, responsible charitable institutions still have a responsibility to honour unsubscribe requests within a reasonable period of time, though if subscribing to a charities that we truly care about then we would not ordinarily choose to target them in this way. The onus of responsibility rests with all who use either spam-sinks or raise manual reports via Mailwasher against the Emails we receive. However, should a charity choose to go down the spam route then this also gives way to other spammers that mask themselves as similar charitable institutions but for more fraudulent and sinister purposes. Although the more technically-proficient amongst us are more capable of identifying munged headers (etc) in setting spammers apart from probable legitimate sources, we mustn't forget that novice internet users do not understand how to do this and the very group that unwittingly continue to fall prey to, fund, and therefore encourage spam.

My particular targets are those to whom I have unsubscribed on previous occasions (even though I never subscribed in the first place) and from whom I continue to receive spam on my personal Email addresses. Going back to my recent business excursion and not having collected Emails from my accounts over a period of only ten days, I returned to find well over 2700 pure spams collectively on my three personal accounts. This figure has been steadily aspiring and will no-doubt continue to do so, and having accounts hijacked in this way denies me the opportunity to download on-the-move as the cost would be enormous. Of those spams, only five were legitimate

Hello Paul.
I'll have to enquire to Firetrust about your contributions via your portal as they are going direct and not via myself, though should you wish to re-direct them via your monitoring account again (which is still active) then you should get a reasonably accurate representation - say over a seven-day period.

Regarding posting a spam-sink in a forum reply, I'll raise a new address for this purpose and monitor its progress


Thanks again guys (sorry for the lengthy reply).

Brendan.[/u]

_________________
_________________

NEVER say "Never"!
_________________

I have resorted to tracking the maillog and seeing how many times emails have been forwarded to my spamforce email. On one day I took a half day snapshot a week ago and noticed just under 400 emails.


DO NOT SEND EMAIL TO THE FOLLOWING ADDRESS. DOING SO WILL CAUSE YOU TO BE BLACKLISTED. NEVER SEND EMAIL TO: spf20040907_150aday@computercops.org

Ikeb wrote:

I trust that you have since provided your updated account security information to "Ebay SafeHarbour"?

Had you seeded this spamsink elsewhere, other than your website?

Brendan.

_________________
_________________

NEVER say "Never"!
_________________

I received none for a long, long time. Now they are coming rapidly.

Alphacentauri wrote:

Yes, that has often been my experience as-well with some of my own spamsinks. Once your spamsink has migrated over to a list that is then passed on or aggressively sold on to others then the spam will aspire quite quickly.

However, any other users of mailing lists, contaminated by spamsinks in this way, will also fall foul of the SpamForce approach, and without being able to identify and purge spamsinks from their hit-lists then once contaminated the list is de-valued. With wider support for the project, the greater the impact.

Digressing into a comical notion....
I have wondered what sentiment would arise from purchasers of such mailing lists with the usual groundless "guarantees" from their spammy "up-line", only to then find themselves blocked, investigated, or accounts terminated (where applicable) as a direct result of the product that they have purchased. Wouldn't it be a wheeze to see spammers turn on each other?

It's very early days yet though perhaps an amusing hypothesis

Brendan.

_________________
_________________

NEVER say "Never"!
_________________