dslreports logo
site
spacer

spacer
 
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»
spc

spacer




how-to block ads




7 Advanced Topics

There are several Internet organizations, possibly most prominently MAPS, who maintain lists of IP addresses that are known in some way to support spammers (having open relays, hosting Web sites, distributing marketing spamming software, etc.). If you operate a mail server, usually there is something in its configuration (e.g., Sendmail's rulesets) which can consult these lists, called "blacklists" or "blocklists," in an automated way when receiving a piece of mail. Usually this takes the form of a DNS lookup of a specially crafted name. For example, if MAPS discovers there's an open relay at address 10.20.30.40, they will put an entry for 40.30.20.10.relays.mail-abuse.org in their DNS servers. When your mail server is receiving mail, it calls the operating system to ask it what the IP address of the email client is, comes up with 10.20.30.40, then does a nameserver (DNS) query for the above string. If your mail server gets an expected response, it throws an error back to the email client, and refuses to accept the email. If instead it gets back an error (due to no record being there for example), it assumes the email is coming from an OK source and proceeds.

As a form of even more severe punishment, some of the blacklist organizations distribute Internet routing information (BGP data) that cause ALL IP traffic from these networks to be effectively discarded. Effectively, this forms an Internet "blackhole" (it's unreachable from your network).

Since many spams originate from "throwaway" dialup accounts, and sometimes DSL or cable modems, another list that MAPS maintains is a list of blocks of addresses (netblocks) which ISPs have assigned to their dialup, cable modem, or DSL customers. These are somewhat effective, but often perfectly legitimate emailers send email autonomously (that is to say, without using their ISP's email relay).

As long as you are the one running the email server, this can be effective. If your ISP receives and stores (or forwards) email for you, this will be of no use, because the address from which the mail will be coming is your ISP, and it's pretty much a given that your ISP won't be on the RBL (realtime blackhole list).

Unfortunately, MAPS has become a subscription service, but it may be worth it if you're doing this as a service to a group, such as your family or your house of worship. But there are a few different possibilities; use your favorite WWW search engine to look for "email blocking lists" or similar phrase.

by rchandra See Profile edited by Sarah See Profile
last modified: 2002-06-18 09:33:51

Background info:

»www.killfile.org/~tskirvin/nana/ ··· ter.html
News.admin.net-abuse.sightings is a forum for reports of sightings of net abuse. It is a robomoderated forum, allowing only properly formatted posts. Followups are required to be set strictly out of the group and into the appropriate group in the news.admin.net-abuse.* hierarchy.
News.admin.net-abuse.sightings is moderated by a robot moderator, run by a team of operators. The robot will automatically approve and post messages according to a approved criteria:
Posting spam in this newsgroup is desirable since it's used as an evidence file documenting dates, injection points, URL hosts, drop-boxes, etc.

Posting in NANAS can be done in one of two ways, either directly thru your newsgroup client, or by email. The purpose of this post is to help you minimize collateral damage to your inbox by posting spam in this newsgroup. Spammers can and do frequently harvest email addresses from this newsgroup, so it's wise to take steps before posting to eliminate that potential beforehand.

===============================

Posting via newsgroup client:

1) First you need an email address to use, since your email address is visible in the headers of the postings as the author. The robot moderator does reply and confirm each post, (unless you configure your post beforehand NOT to do this), and posts with invalid email addresses are ignored. I recommend a throwaway address on any free email provider provided they allow you to configure your inbox to only allow email from addresses in your address book. Hotmail can work this way and so can Yahoo. Again, spammers harvest from this newsgroup frequently.

2) Set up your newsgroup client with your new email address and your name. Of course, if you don't know how to do this, you'll need to consult your HELP file or online documentation as to the correct method.

3) You can post in one of the *.test newsgroups if desired to see how your posts look, but this is really unnecessary.

4) Post a spam. Now, you'll need to ALWAYS munge personal information in the headers of the spam before posting. I replace all instances of my email with xxxxx's such as xxxxx@example.com or even xxxxx@xxxxxxx.xxx, or whatever strikes your fancy. If the spam contains other innocent email addresses, like in the CC: field, it's considered good netiquette to munge those also, so you are not responsible for having THEIR email address harvested. You MUST include a subject line in the format of: [email] insert subject here
EXAMPLE:
[email] Make Money Fast!
Failure to use this format will result in your post not appearing at all.

5) Once you post your spam example, you'll receive an email confirming your post to NANAS at the address that you used in your newsgroup reader, Yahoo . . . Hotmail . . . whatever. Now, go to your free email provider and set your options to only allow email from those addresses in your address book, and add the address from the confirmation mail you received. Now, if any spammer scrapes your email address off of NANAS and sends you spam, you'll NEVER see it.

===============================

Posting via email:

1) First you need an email address to use, since your email address is visible in the headers of the postings as the author. The robot moderator does reply and confirm each post, (unless you configure your post beforehand NOT to do this), and posts with invalid email addresses are ignored. I recommend a throwaway address on any free email provider provided they allow you to configure your inbox to only allow email from addresses in your address book. Hotmail can work this way and so can Yahoo. Again, spammers harvest from this newsgroup frequently.

2) Only send spam to NANAS from this email address . . . never any other. This makes it REAL easy to find all your posts using groups.google.com.

4) Send a spam to nanas-sub@cybernothing.org. Now, you'll need to ALWAYS munge personal information in the headers of the spam before posting. I replace all instances of my email with xxxxx's such as xxxxx@example.com or even xxxxx@xxxxxxx.xxx, or whatever strikes your fancy. If the spam contains other innocent email addresses, like in the CC: field, it's considered good netiquette to munge those also, so you are not responsible for having THEIR email address harvested. You MUST include a subject line in the format of: [email] insert subject here
EXAMPLE:
[email] Make Money Fast!
Failure to use this format will result in your post not appearing at all.

5) Once you send your spam example, you'll receive an email confirming your post to NANAS at your email address, Yahoo . . . Hotmail . . . whatever. Now, go to your free email provider and set your options to only allow email from those addresses in your address book, and add the address from the confirmation mail you received. Now, if any spammer scrapes your email address off of NANAS and sends you spam, you'll NEVER see it.

by newview See Profile edited by Sarah See Profile
last modified: 2002-07-10 09:27:14

First: Get yourself a free throw-away email address, such as Hotmail. I recommend using some mix of characters and numbers to prevent this email address from being dictionary attacked, like gj85tm659@example.com. This address will be used for one thing, and one thing only . . . to sign up for a free spam reporting account at SpamCop. Never use it for anything else, ever. SpamCop protects your email address when sending reports. Report recipients will be able to reply to your reports, but they will do so through SpamCop. They will never know your email address unless/until you reveal it. Such replies from recipients of your reports will be delivered to the email address you provide. The advantage of using a free throw-away email address to report spam is pretty obvious . . . the recipient of the report does not know your real email address unless you reveal it.

Second: Signup for a SpamCop free spam reporting account at »spamcop.net/anonsignup.shtml . Use the throw-away email address you just created. All replies from the spam you report will arrive at this email address.

Third: Start reporting spam. It's very important to provide both HEADERS and the BODY of the email when reporting. The headers will reveal WHERE the email actually came from and the BODY of the email (often in html) will reveal where any web sites are located, which get a spam report also. It's very important to SHUT DOWN the spammers method of making money. With no web site, there's no reason to spam.

So, there's two more things you need to learn:
1) How to get your email client to reveal the email headers, and . . .
2) How to get your email client to reveal the HTML source code.

SpamCop comes in handy again . . . there's a page that tells you how to get your email client to reveal the email headers, »spamcop.net/fom-serve/cache/19.h ··· /19.html .
As far as getting the HTML source, you'll need to consult the HELP file or documentation or web site of your email client.

Now . . . you get a spam you want to report.
I find it easier to open Notepad to paste the various pieces together.

1) Open Notepad.
2) Copy the email headers from your email client and paste into Notepad beginning on the first line.
3) After you paste the headers, skip one line.
4) Copy and paste the HTML source code of the spam into Notepad, if it's just plain text . . . copy and paste that.
5) Now copy EVERYTHING from Notepad.
6) Log onto your SpamCop account and paste EVERYTHING into the small window, hit the Process Spam button and SpamCop takes over, revealing who is responsible for EVERY aspect of the spam you received and offering to send a complaint to responsible parties.

by newview See Profile edited by Sarah See Profile
last modified: 2003-02-15 23:57:35

ROKSO is the "Register Of Known Spam Operations", and it's a list of the top 200 spam sources in the world. To be listed in ROKSO, a spammer has to be terminated from at least three consecutive ISPs for Terms of Service abuse, and this cabal is collectively believed to generate 90% of the world's spam. This list is maintained by the Spamhaus Project.

By maintaining this registry, ISPs have an easier time researching new customers and (hopefully) not allowing one of these folks on their networks.

by Steve See Profile edited by Sarah See Profile
last modified: 2004-01-31 15:05:01