Spammers LUV SpamAssassin

Discussion in 'Linux Networking' started by Alan Connor, Aug 31, 2003.

  1. Alan Connor

    Andy Baxter Guest

    I've already done this, so you could have a point. I get about 2 non-html
    spams a week - the rest get filtered.



    remove ' n - u - l - l ' to email me.
    Please don't send me html mail or un-notified attachments. These will be
    automatically filed under 'probable spam' unless I'm expecting an email
    which hasn't come.
    If you do need to send an attachment or html mail, put [attachment] or
     in the subject line.
    Thanks, andy.
    Andy Baxter, Sep 2, 2003
    1. Advertisements

  2. Alan Connor

    Whoever Guest

    I'm not sure where the "Sam" comes from. I've never posted as "Sam"
    anything. Perhaps you are mixing me up with someone else?
    But your replies show the truth that you do!
    Well, how many posts have *you* made recently? I suggest you take your
    own advice.
    I don't know. But I have only been replying to your posts for a couple of

    I would not know. But you should! Every one of your posts is an
    Whoever, Sep 2, 2003
    1. Advertisements

  3. Alan Connor

    John Winters Guest

    This from a man who resorts to incoherent abuse as soon as someone
    tries to have a rational debate with him?
    Because you're utterly incapable of engaging in rational debate. You always
    ignore the points which are made, call your correspondents liars and then
    heap abuse on them.

    The failing is entirely yours.

    John Winters, Sep 2, 2003
  4. Alan Connor

    Peter Jones Guest

    Ooh, ooh, I know, I know. Pick me! Ooohh!

    Sorry, got caught up in the moment...

    Peter Jones, Sep 2, 2003
  5. Alan Connor

    Peter Jones Guest

    I hope you're a patient guy, Tony. I suspect it is a rather large number --
    and even then, he'll only accept it if it finally stops conflicting with his
    rather special world-view...

    Peter Jones, Sep 2, 2003
  6. Alan Connor

    Peter Jones Guest

    I know for a fact that he does -- but don't take my word for it, because I'm
    just a filthy lying asshole punk scammer/spammer (at last count.)
    It all depends on which dictionary you use. I suspect Alan's has the
    following definition:

    Spammer: (n) 1. One who disagrees with Alan; 2. One who pretends to hate spam
    but doesn't use *ELRAV1*.

    Peter Jones, Sep 2, 2003
  7. Alan Connor

    Peter Jones Guest

    Not yet, perhaps, because there are still plenty of easy targets out
    there, so that targeting individuals is just not cost-effective. Do you
    really think that if the entire world adopts C/R systems, the spammers
    will sit idly by, going hungry? No, they will just adjust their tools to
    suit the current environment and start targeting individual To:/From:
    But if you, address A, have address B on your whitelist because address B
    belongs to your mother or your best friend or your boss, then won't mail
    coming from address B end up in your email system? And if the spammers
    forge mail from address B, won't that also appear in your email system?
    You will, Alan, you will...

    I think the point is patently clear that Alan does not care about the
    negative consequences of what he is doing, so long as he does not see any
    of it -- and since his favourite method of dealing with any form of
    negative feedback is to blacklist and/or killfile the person it is from,
    he won't see much of it at all.
    Well, it seems easy enough these days to beat postal junk mail by simply
    putting a "No Junk Mail" sticker on your postbox -- at least in this
    country. That works because the junk mail must have some form of
    identification/contact details, or it is worthless as advertising, and
    most organisations now recognise that alienating potential customers (by
    placing their junk in your mailbox against your express wishes) is a bad
    business move.

    Perhaps that is the answer to the spam issue too. Remove the aspect of
    anonymity. Most spam messages (viruses aside) are selling *something*;
    perhaps if everybody who received one contacted the actual business behind
    the advertisement and politely but firmly expressed their displeasure at
    receiving the spam (and our firm intention to never purchase any object
    advertised through unsolicited email), they would start to get the

    Or perhaps I'm just a poor naive fool... :)
    Sure there is. Who needs staff? All you need is a valid email address
    (and personally I can never understand why people advertising a product
    make it so difficult for you to actually contact them! How do they
    actually expect to sell anything?) and a reasonably intelligent script
    which can recognise a wide range of incoming RAVs and respond to them
    appropriately, thereby getting their message into the system (and secure
    in the knowledge that they have a valid email address at the other end.)

    And if the RAV actually has something as blatant as an X-RAV header
    identifying itself, it just makes their script's job that much easier...

    Peter Jones, Sep 2, 2003
  8. Alan Connor

    Peter Jones Guest

    I suspect that if his "friends" are not willing to change their email address
    (if/when it gets blacklisted due to the reasons under discussion) then that
    person probably really isn't worth talking to anyway -- and in fact, is
    probably in collusion with the Big Bad Spammer in the first place.

    More to the point, since any emails from that friend will now be dropped
    soundlessly into /dev/null, that friend will get a little upset at being
    "ignored", then decide there are better people to spend time with anyway.

    And since Alan would be blissfully unaware of the whole thing, he would still
    be convinced that his system was foolproof. (And you know what they say
    about making a system foolproof, don't you?)

    Peter Jones, Sep 2, 2003
  9. Alan Connor

    tony Guest

    Oh, the delicious irony..
    tony, Sep 2, 2003
  10. Alan Connor

    /dev/rob0 Guest

    Oh well ... here we are, Ed, sitting in Alan's killfile. Look around,
    quite a few good people in here! <waves to everyone> Hello, folks, I
    got in here because I wouldn't blindly worship at the altar of elrav1.
    On the way in I got called some choice names! Fun -- in a way, but
    really more pitiful than anything.

    My elrav1 question, which was posed by others in a slightly different
    form, remains: how does a C-R system cope with spam arriving from a
    whitelisted source? Alan won't answer, so I'm throwing it out to all the
    gang here in the killfile.

    Some have used the example of virus mails, replicating out of a
    whitelisted user's address book. SpamAssassin and the like can be very
    effective in dealing with those. My example was a mailing list with weak
    or nonexistant spam filtering. Again a job for SA.

    The only conclusion I can reach is that a C-R system cannot guarantee a
    100% spam-free mailbox. Perhaps C-R systems can make a contribution to
    the war on spam, but that's unlikely under Alan's leadership. What say
    the other killfiled ones?
    /dev/rob0, Sep 2, 2003
  11. Alan Connor

    Dan Espen Guest

    All this discussion about your system makes me wonder:

    Do you ever send mail to yourself?

    Did you tell elrav that is was OK to recieve mail from yourself?

    Did you ever get spam that looked like it came from yourself?

    What mechanism does elrav use to avoid this potential problem?
    Dan Espen, Sep 2, 2003
  12. Alan Connor

    Ed Murphy Guest

    His web page recommends adding yourself to the block list. You may
    draw your own conclusions.
    Ed Murphy, Sep 3, 2003
  13. Alan Connor

    W. Citoan Guest

    Depending upon what group you are posting from, you may have missed his
    post to (only) comp.os.linux.misc earlier today in which he stated that
    a forged From line containing his email address made it through his s/w.

    The message id is: kU35b.5848$

    Of course, he still is ignoring the fact that the forged From line could
    be any address that has already passed his RAV check...

    - W. Citoan
    W. Citoan, Sep 3, 2003
  14. Alan Connor

    Dan Espen Guest

    OK, I will.

    That would be a problem for me.

    I sometimes use mail to move information from my home machine into my
    inbox at work. Mail from home is configured to appear to come from my
    work machine.

    I don't know how much spam I get forged to appear to come from me...
    just checked, none in the last 500 spams.
    Dan Espen, Sep 3, 2003
  15. Alan Connor

    Peter Jones Guest

    Funny, that's how I got in too. More or less. Seems to be getting a
    little crowded in here...
    I agree. Quite apart from the bad first impression a Challenge presents
    to a potential new contact -- especially a busy one who can just as easily
    take his/her business elsewhere (which is, of course, something which does
    not concern Alan; out of sight, out of mind!) -- the main strength of the
    system appears to be its auto-generation of whitelist and blacklist.

    Smart scripting could potentially detect *some* forged headers by looking
    at the Received headers, but that is by no means guaranteed to be 100%
    accurate. While some may be filtered out, consider an email from somebody
    like, well, me: my mail (from home) gets sent from whichever machine I
    decide to use on my LAN, out through the SMTP server on my gateway machine
    (which currently identifies itself based on a local domain name which has
    no connection to any publicly-visible domain) and then speaks, generally,
    directly to the mail server at the receiving end. There are no
    "Received" headers that tie my email address to my ISP. This would also
    be a valid concern for anybody using an email address that is not
    allocated by their ISP -- and I have one (or more) of them too. The
    script can either flag these as forged -- in which case the user of the
    C/R system never receives them -- or let such cases through, in which case
    the forgeries will certainly follow.

    Even then, the most intelligent script in the world (searching for forged
    headers, at any rate) could not hope to distinguish between a valid email
    from me and a virus sent out by my recently infected machine...

    The C/R system may well be a first line of defense, but something more is
    definitely needed for it to even approach a "foolproof" state. One of the
    first things needed is for Alan (and, I guess, anyone else with his
    attitude) to acknowledge the flaws in the system (rather than ignore them)
    and to recognise that "foolproof" is a pipe dream that can never truly be


    Peter Jones, Sep 3, 2003
  16. PJ> Perhaps that is the answer to the spam issue too. Remove
    PJ> the aspect of anonymity. Most spam messages (viruses aside)
    PJ> are selling *something*; [...]

    The anonymity is not there solely because of the unsolicited bulk mail nature
    of the advertising. Usually another reason that it is there is that the
    "product" or "service" being sold is illegal in some way. (Ask yourself how
    many such advertisements that you have received are for obvious scams and
    Jonathan de Boyne Pollard, Sep 3, 2003
  17. dr> My elrav1 question, which was posed by others in a slightly
    dr> different form, remains: how does a C-R system cope with spam
    dr> arriving from a whitelisted source?

    Challenge-response systems _don't_ cope with unsolicited bulk mail arriving
    from a (manually) whitelisted source - by definition. A (manually maintained)
    whitelist completely _bypasses_ the challenge-response system. That's its

    The (automatically maintained) whitelist generated from successful responses
    to challenges is a different matter, and how the system copes depends from its
    design, in particular from how broad the effect of the automatic whitelisting
    is and what exactly it permits. With challenge-response systems such as
    "qsecretary", the whitelisting caused by receipt of a response only affects
    the specific message that generated the challenge in the first place. With
    various other challenge-response systems the scope of the whitelisting is
    different. Some allow all further messages from the same envelope sender
    mailbox. Others allow all further messages for a specific period. And so

    dr> The only conclusion I can reach is that a C-R system cannot
    dr> guarantee a 100% spam-free mailbox.

    _No_ anti-UBM system will do this. They all share a fundamental design flaw.
    Their designs incorporate looking for some element that is common to some
    number of unsolicited bulk mail messages but that is not actually directly
    related to their undesirable "unsolicited" and "bulk" qualities, and blocking
    all messages with that element, unsolicited bulk ones or no. (In the case of
    challenge-response systems, one simply need note that "failed to respond to a
    challenge" is not identical to "unsolicited bulk".) The senders of
    unsolicited bulk mail simply end up removing or changing this element, and the
    problem continues.
    Jonathan de Boyne Pollard, Sep 3, 2003
  18. PJ> [...] the main strength of [a challenge-response] system
    PJ> appears to be its auto-generation of whitelist and blacklist.

    The strength is not from just the auto-generation alone, it is also derived in
    part from the automatic _pruning_ of those lists.
    Jonathan de Boyne Pollard, Sep 3, 2003
  19. Alan Connor

    Timo Voipio Guest

    By-the-way, Alan (in case that's your real name), spamassassin is just a
    collection of perl scripts and C code.
    If you are perl- and/or C-literate, you can easily read it and see for
    yourself what's happening.

    Timo Voipio, Sep 4, 2003
  20. Alan Connor

    Alan Connor Guest

    Let's see. How many people are there who can read shell scripts compared
    to those who can read C and Perl?

    Also, the C comes compiled, right? For most people it certainly does.
    So they have to make a special effort to get the uncompiled code.

    And SA is HUGE compared to my program. And to use perl you have to have the
    massive perl program installed, don't you. Making SA larger by miles.

    Everyone has a shell already, don't they?

    SA is also far more complex than my program. Much more difficult to use.

    Then there's the huge memory footprint of SA/perl, and mine has NONE.

    But the real bottom line is, of course:


    I look forward to your next silly post.

    Alan C
    Alan Connor, Sep 4, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.