I am constantly receiving the same spam email everyday, sometimes three times in a day![nbsp][nbsp]There seems to be no way of stopping the *@~!##!! thing.[nbsp][nbsp]Is anyone else on FQuest receiving it?

===============================
>From creditsystem@mediaone.net Fri Mar 16 20:31:44 2001
Return-Path: <creditsystem@mediaone.net>
Delivered-To: xdmcity-dbarry@dmcity.com
Received: (qmail 24413 invoked by uid 39656); 16 Mar 2001 20:31:44 -0000
Delivered-To: xdmcity-webmaster@dmcity.com
Received: (qmail 24406 invoked from network); 16 Mar 2001 20:31:43 -0000
Received: from unknown (HELO mail.kukjepharm.co.kr) (211.32.165.3)
[nbsp][nbsp]by taz.futurequest.net with SMTP; 16 Mar 2001 20:31:43 -0000
Date: Sat, 17 Mar 2001 04:57:57 +0900
Message-ID: <B0000650910@mail.kukjepharm.co.kr>
To: creditsystem@mediaone.net
From: <creditsystem@mediaone.net>
Subject: GUARANTEED way to QUICKLY have EXCELLENT CREDIT!!
MIME-Version: 1.0
Content-Type: text/plain; charset=unknown-8bit

$$[nbsp][nbsp]GUARANTEED WAY TO QUICKLY HAVE EXCELLENT CREDIT!![nbsp][nbsp]$$
=========================

-Dean

The email you post brings up a good point that I will go ahead and reveal...

One of the Spam blocking techniques that I'm investigating is two-fold:
1) Make sure that all 'From:' addresses have associated MX records...
**stops stuff like 'From: blah@3953934ddjrle.com'
2) Deny all 'To:' addresses that we don't host on our servers, if it passes that filter - then check to make sure the destination 'To:' matches the actual delivery endpoint...

I'm also thinking of banning the _entire_ *@china.com mail system...[nbsp][nbsp]Every piece of email I see coming off that system is Spam...[nbsp][nbsp]I have yet to block an entire mail service, but I think that 'china.com' has gone above and beyond to necessitate blocking...

I'm open to comments on the two items I've proposed above...[nbsp][nbsp]I am not interested in hearing *additional* techniques at this time, but would rather remain focused what is presented above...

The current Mail system is not able to handle core filtering, but it is something that I'm designing into the QMail SmartHubs...

Overall, I feel that the above two techniques would block between 30 - 60% of all inbound Spam...[nbsp][nbsp]Most of the spam email is being generated from the whois information that NSI is selling to Bulk Mailers as my own DNS specific email addresses are getting clogged with Spam everyday...[nbsp][nbsp]I spend at least 30 minutes a day cleaning out these boxes...

--
Terra
--Nobody wants Spam in their mailbox, so why do bulk mailers persist in pissing everyone off for that .0001%?!?--
FutureQuest

No, I am not receiving the SPAM that you posted.

I ran it through my spamcop account filter. It recommends reporting the spam to:
mailto:b0033830@users.bora.net

Here is the parsing info on the header:

Parsing header:

Received: (qmail 24413 invoked by uid 39656); 16 Mar 2001 20:31:44 -0000
no ip found in received line
Ignored

Received: (qmail 24406 invoked from network); 16 Mar 2001 20:31:43 -0000
no ip found in received line
Ignored

Received: from unknown (HELO mail.kukjepharm.co.kr) (211.32.165.3) by taz.futurequest.net with SMTP; 16
Mar 2001 20:31:43 -0000
Possible spammer: 211.32.165.3
[show] &quot;nslookup 3.165.32.211.dul.maps.vix.com.&quot; (checking ip) not found
[show] &quot;nslookup mail.kukjepharm.co.kr&quot; (checking ip) ip not found; mail.kukjepharm.co.kr discarded as fake.
[show] &quot;dig mail.kukjepharm.co.kr mx&quot; (digging for mail exchanger) Can't find mailserver.
[show] &quot;dig kukjepharm.co.kr mx&quot; (digging for mail exchanger) Can't find mailserver.
Taking name from IP...
[show] &quot;nslookup 211.32.165.3&quot; (getting name) no name
[show] &quot;dig mx mail.kukjepharm.co.kr&quot; (digging for mail exchanger) 211.32.165.3 is not MX for mail.kukjepharm.co.kr
[show] &quot;nslookup 3.165.32.211.rbl.maps.vix.com.&quot; (checking ip) not found
[show] &quot;nslookup 3.165.32.211.inputs.orbs.org.&quot; (checking ip) not found
Received line partially untrusted

Tracking message source:211.32.165.3:
[show] &quot;nslookup 211.32.165.3&quot; (getting name) no name
[show] &quot;dig -x 211.32.165.3 soa&quot; (digging for start of authority) - domain@krnic.net
No abuse.net record for krnic.net
postmaster@krnic.net bounces
Using postmaster#krnic.net@devnull.spamcop.net for statistical tracking.
[refresh/show] Cached whois for 211.32.165.3:postmaster@krnic.net, b0033830@users.bora.net
No abuse.net record for krnic.net
postmaster@krnic.net bounces
Using postmaster#krnic.net@devnull.spamcop.net for statistical tracking.

Statistics:
b0033830@users.bora.net score:2
postmaster#krnic.net@devnull.spamcop.net score:3051
211.32.165.3 score:11

I don't know if this helps you any. Personally, I report every spam I receive. Usually through spamcop.net.

As long as no legitimate messages are blocked, great![nbsp][nbsp]I think that it's dangerous though, because as a &quot;webmaster&quot;, just like you, anything which goes wrong at any point is &quot;my fault&quot;.[nbsp][nbsp]So if a client might have a misconfigured ISP that they have been using for years, and their message to me bounces, they still think that it is my fault or my host's fault and at worst, I lose a project, or at best, I spend hours trying to get them or their ISP to fix their mail. (call this &quot;AOL syndrome&quot; maybe)[nbsp][nbsp]So, if there is a chance that I might bounce just one legitimate message a month, I would rather manually filter 1000 spam messages which is far easier.

Re: #2.[nbsp][nbsp]Would this block all messages BCC'ed to me?[nbsp][nbsp]Or are there different ways to BCC?[nbsp][nbsp](There are a few legit messages BCC'ed to me which I don't want to start bouncing)
[This message has been edited by Jeff (edited 03-16-01@8:57 pm)]

As long as no legitimate messages are blocked, great! I can't guarantee there won't be any false positives -- any and all filters are plagued with this problem...[nbsp][nbsp]That is why I haven't instigated any Spam blocking filters just yet - except for using the Maps system on PHOENIX and higher...

I'm up in arms right now as there is a constant drum beating by the site owners to do something to help stem the tide of Spam...[nbsp][nbsp]IMHO, it's not our responsibility to filter any site owners email as it leads to potential legal problems because we've accidently filtered that email proclaiming &quot;You've just won a Million Dollars&quot; and it's for real...[nbsp][nbsp];)

Also IMHO - the ones to go after are the Spammers sending all this crap anyways...[nbsp][nbsp]Stop them and that stops the Spam...

IRT #2, I would most likely parse the BCC: header as well relying on the 'From:' test for pass/fail...

To add another one:
3) search the body for those annoying disclaimers that Spam is legal via some House or Senate bill

In conclusion, I'm only trying to devise a way to solve a problem...[nbsp][nbsp]I don't agree with the Spam filtering at all, but nonetheless there are many demanding it from us...[nbsp][nbsp]Right now, I'm just thinking out loud and looking for feedback if the initial proposal will be enough to satisfy...

--
Terra
--Back against the wall--
FutureQuest

Because of the possibility of false positives, I would prefer, at least one of the following:

an opt-in style of filter, so that only those who actively CHOOSE to have their mail filtered would be subject to such false positives.

Otherwise, I would prefer no filters at the system level. Only at the individual site owner level.

Exactly what Sheila said - if there was a box in the CNC to turn this on by account(so the webmaster is actively aware of it and can turn it off) it could be good.[nbsp][nbsp]The real problem would be that legit messages would probably not just be bounced, but blackholed so no one would know...[nbsp][nbsp]

#3 sounds pretty good - I've never seen a legit mail which starts with &quot;this is not spam&quot;.[nbsp][nbsp]

I would agree about the selective spam filter,
because I wouldn't want any legitimate email
to be accidentally filtered out. In general, I'd
rather manually hit the DELETE key in
my email software than to lose email.

If the option to switch off the filter is not
possible, I'd personally rather not have the
filter at all.

Chris.

[This message has been edited by chrisheng (edited 03-17-01@03:39 am)]

A possible variation on opt-in that was used by an ISP in the UK, was to add an x-header to the e-mails that were suspect.[nbsp][nbsp]That way there was some easy and consistent text to set an e-mail filter for on the client end.[nbsp][nbsp]

It also means that Futurequest aren't responsible for the deletion of false positives.

Jarrod

Adding an x-header is exactly what I am doing right now on my own site, by using my .qmail files. Then, I have my e-mail client filter on that.

I like the passive:
X-header

idea...[nbsp][nbsp]Only problem is that this will increase our support duties as we now have to explain:
a) what it is
b) why it is
c) how to setup and use filters for Email client (A, B, C, D, E, ..., Z)

The less than understanding users will still be pounding our support desk complaining about Spam in their mailbox as &quot;They didn't start getting Spam until the registered their domain and bought a hosting package from us&quot;...

We explain, just setup a ..... - immediate response: &quot;What is a filter? NO I just want the spam to go away&quot;

Anyways - I will lean towards the 'X-Header' and place any other actions dormant...

--
Terra
--Hey, I searched the Help file for CuteFTP and could find nothing about Spam filtering!!!--
FutureQuest

If you don't do anything about the spam situation (leave it as it is now), support still has to explain:

Why they are receiving spam now, why it won't go away, what to do about it...

If you simply &quot;blackhole&quot; highly suspect messages, support will have to answer questions such as:

Is my mail getting lost? How can I know that none of my mail went into your spam blackhole? (etc...)

My point being, you are spending support hours on spam no matter which action you take, even lack of action.

Agreed.... the point being the best action to take is one that generates the least amount of problems and most functionality.[nbsp][nbsp]The X-header seems to be one that will satisfy more requirements than any others...so far.

Deb
[nbsp]- Process of elimination [pun intended]

You know, with the X-header option, you could probably have a site-owner toggle setting in the CNC to delete all messages with the X-header instead of delivering it to the POP box.

Or maybe you could make a .qmail-default somewhere that people could download into their own space, that was set to do that for them.

I'm sure you will add an aota.net tutorial page on this topic if/when it is implemented.

Finally, maybe a potential way to prosecute spammers:
http://www.roanoke.com/roatimes/news/story109048.html

It's not a solution, but it's a start in making these jerks held accountable for their actions...

My frustration comes from the fact that FutureQuest is blamed for someone receiving Spam in their account's mailbox - like we were the ones that sent it to them with intent to sell them some 'Low Mortgage rates' or stuff like 'Viagra' etc etc etc...[nbsp][nbsp]We lose many accounts because of this, and no amount of explanation can retain them...[nbsp][nbsp]Oh well - they will discover more of the same at their next host...

The fact of the matter is that we can't stop it from going through our system - in fact no one really can...[nbsp][nbsp]I have yet to see a foolproof system that can eliminate it, and the one I have seen that traps 90% of it costs millions of dollars in subscription fees to their service for a host of our size...

I'm fighting a very frustrating and losing battle trying to keep up with all the latest tricks spammers play...[nbsp][nbsp]What stopped them yesterday, won't work today...

--
Terra
--Get's really tired of being raked through hot coals when it comes to Spam--
FutureQuest

I really like the X-header idea:

1.) Transparent to many users who don't want to use it.

2.) If you do use it, you are aware of it and in control of how it functions.

3.) The support issues are proactive vs. retroactive; &quot;how do I do this&quot; questions are better than &quot;emergency - help fast&quot; issues.[nbsp][nbsp]I think that an instruction page on Aota and the forums would provide a lot of the support for people to setup mail filters, whereas if any mail is blackholed outside of the siteowner's control, all that support will have to be done by FQ since whenever a mail is mis-sent or missing, we will have to ask &quot;would situation xyz or ISP configuration xyz trigger the filter?&quot;

Here's an article about a spam case, you may find interesting:

http://dailynews.yahoo.com/htx/zd/20010317/tc/spam_wars_can_they_be_won__1.html

Actually all I did, and I don't know why I didn't do this earlier, was just set up another filter in Eudora and have it deleted on the server before it ever gets to me.

-Dean

My recommendation is to implement X-header insertion for each positive test implemented at the core.

Document the X-header inserted, with a reference link to the test made for the particular header, and let all pop client users figure out on their own how to implement their[nbsp][nbsp]filters for them.

for instance:
X-SpamBlock: ORBS Inputs
X-SpamBlock: MAPS DUL

FQ could provide limited documentation for site owners as to how best trap these messages by .qmail or .procmail

FQ could then limit testing to any or all of the publicly available tests (MAPS and ORBS are the only sources of which I am aware; and each have more than one test]; and leave the test documentation to those sources.

Additionally, a spam filtering forum could be considered wherein FQ site owners could share tips and strategies beyond the scope of FQ support.

Thanks to all for your concerns and suggestions,

Maynard at spamcop.net and happily so

Yeah, verily.
Spamcop is my friend!

Grrr got another one yesterday.[nbsp][nbsp]Now why didn't that filter work? (Eudora 5)[nbsp][nbsp]Incoming ->creditsystem@mediaone.net ->server options ->delete on server.[nbsp][nbsp]This not possible on the FQ email setup?

-Dean

I have a friend who works for www.brightmail.com (http://www.brightmail.com)

For individual users it is free I think.
Basically you set it up to filter your mail via the pop.

I dont know what the deal is for corporate or paying customers.

David

Not accepting anymore individuals :(

-Dean

I found this:

http://www.spamex.com/

zmax referred spamex.com
There are others of this breed. It's not clear to me what is their business plan or financial strategy, but there are a couple others as well which provide unlimited &quot;throw-away&quot; addys for your use and comfort:

mailshell.com and sneakemail.com

These tools don't much help those of us who have had a single addy for a long time, which is well distributed as a primary address to good people, and which also happens to be on a Millions CD or other evil lists unscrupulously assembled for the sole purpose of cheap profiteering at the expense of the innocent.

And before the birds wake up, I'll take this opportunity to say that derogatory labelling of the anti-spam community is starting to sound a lot like blaming the victim.

If people don't start doing something more than hitting the delete key, there will continue to be a whole lot more victims than not; and our direct costs for internet access and hosting will quickly and easily double, just because that's what it costs the Net to transport and otherwise manage this spewage for the perpetrators.

:)

Here's a new spam technique I just witnessed (at least, new to me):


Welcome!

This is to confirm the receipt of your subscription to the
Business Information Gateway's (BiiG.COM) GROUND-FLOOR,
BUSINESS &amp; INVESTMENT OPPORTUNITY E-Zine.

The GROUND FLOOR BUSINESS &amp; INVESTMENT E-ZINE will help
you learn and earn, while helping build your business with:
[nbsp][nbsp]-Ground Floor Business Opportunity Information
[nbsp][nbsp]-Ground Floor Investment Opportunity Information
[nbsp][nbsp]-INTERNET MARKETING WIZARDS:[nbsp][nbsp]Online/Offline -- The
<rest snipped>...

And, sent to me AT THE SAME TIME (from the same people):


Hello!

This is to confirm receipt of your subscription cancellation from Business Information Gateway's Ground Floor E-Zine.

Now THAT is rich. I can just see their thinking here: When I get reporting for spamming, I will show that they've already been unsubscribed...

<Doh!>

I make no warranties or assertions! :)

Just passing on what I found.
If you know anything about them or it, great just let us know!

Here's a beautiful one that just hit my box:[nbsp][nbsp]*sigh*
For a limited time, take advantage of our special -- Three million general U.S. emails for
just $600 per million! We include, at no cost, a bulletproof email address for 30 days, a
$400 value!

Best of ALL, Tech Data Services can be used as a 100% TAX WRITE OFF for your
Business!

===============================================================
&quot;Many business people are finding out that they can now advertise in ways that they
never could have afforded in the past.[nbsp][nbsp]The cost of sending mass e-mail is extremely low,
and the response rate is high and quick.&quot; - USA TODAY
===============================================================

[nbsp]1) Let's say you... Sell a $24.95 PRODUCT or SERVICE.
[nbsp]2) Let's say you... Mass Email to 1,000,000 PEOPLE DAILY.
[nbsp]3) Let's say you... Receive JUST 1 ORDER for EVERY 2,500 EMAILS.

[nbsp]CALCULATION OF YOUR EARNINGS BASED ON THE ABOVE STATISTICS:
[nbsp][Day 1]: $9,980[nbsp][nbsp][Week 1]: $69,860[nbsp][nbsp][Month 1]: $279,440
Now you know why you receive so many email advertisements...
[nbsp]===> MASS EMAIL ADVERTISING IS EXTREMELY PROFITABLE!

Under Bill s.1618 TITLE III passed by the 105th U.S. Congress this letter is not
considered &quot;spam&quot; as long as we include: 1) contact information and, 2) the way to be
removed from future mailings (see below). To Remove Yourself From This List: Please
email mnb987l@yahoo.com with the email address that you would like removed and the
word REMOVE in the subject heading.

And the new business owners to the net are salivating as we type...

--
Terra
--War is Hell--
FutureQuest