From: Aron Roberts (aron@socrates.berkeley.edu)
Date: Mon Sep 16 2002 - 17:08:23 PDT
At 16:08 -0700 2002-09-16, Graham A. Patterson sagely wrote:
>Scanning the text, including comments, of any web page for something that
>looks like an email address is straight forward. ...
>...
>News groups where a posting is done with a primary address.
>...
>Your address in someone else's address book if they get a suitable virus
>or are running an insecure system.
>...
>And this is without including sites who have legitimate (you forgot to opt
>out) rights to use your address.
As Doug Bagley notes
<http://www.bagley.org/~doug/spam/dirty.shtml>, certain spammers are
apparently bypassing Web sites, newsgroups, and the like and going
directly to mail servers,:
>Some spammers will pull names and words out of a dictionary to try
>as recipient addresses and blast away at a mail server hoping to get
>some deliveries.
These "dictionary attacks" involve sending messages to a huge list
of random and/or probable addresses ("aaa@host.domain",
"aab@host.domain", "aaron@host.domain", "aron@host.domain", etc.) at
each mail server to see which messages go through and which are
'bounced.' (Some tools used by spammers might also use a more
sophisticated variation of this technique, talking directly to mail
servers using SMTP commands such as 'VRFY' and 'EXPN'.)
While some spammers might then harvest the e-mail addresses
associated with the messages which are successfully delivered, their
most brazen counterparts may not even care to take the time to build
a mailing list, simply being content knowing that some fraction of
their messages went through.
Some spammers are even sneakier: some additional techniques
they've apparently used for harvesting addresses are identified at:
Uri Raz, "How do spammers harvest email addresses ?"
http://www.private.org.il/harvest.html
Regarding the first technique mentioned in Graham's note, above, as
well as in Pat's original message -- harvesting e-mail addresses on
Web pages -- there are a number of tools that can be used to
trivially obscure these addresses, thus placing them beyond the reach
of at least casual harvesting efforts.
Some examples of these tools are:
HiveLogic's Email Address Encoder
http://www.hivelogic.com/safeaddress/
Encodes e-mail addresses into HTML 'entities'; e.g. "a" for
the lowercase letter 'a'. Mentioned by Kirk Franklin.
SpamVaccine
http://www.matterform.com/
Shareware application for the Mac OS that makes it convenient
to obscure addresses using a) semi-random JavaScript with HTML
entity encoding and b) inserting a graphic for the "@" symbol
for viewing by non-JavaScript-enabled browsers.
There are likely many more Web- and application-based tools of this
type. Many rely on the fact that most spammers' harvesting tools
likely don't have any way of executing JavaScript code on Web pages.
Others will display all or part of e-mail addresses as images, or
will provide forms for sending mail via CGI scripts or other
server-side code, rather than 'mailto:' links.
The following site offers many 'do it yourself' suggestions for
protecting e-mail addresses from spammers, including tricks for
obscuring addresses on Web pages and much more:
Spambot Beware
http://www.turnstep.com/Spambot/avoidance.html
However, because of the multiple techniques spammers have at their
disposal and their quickness to adapt to challenges, fighting spam
may be ultimately more an issue of law, rather than technology, as
the San Francisco Chronicle's Harry Norr has noted (below).
Aron Roberts
Workstation Software Support Group
---------------------------------------------------------------
Date: Mon, 29 Jul 2002 16:30:16 -0700
To: Nils Ohlson <nils@cchem.berkeley.edu>
From: Micronet mailing list administrator
<owner-micronet-list@uclink4.Berkeley.EDU>
Subject: Re: [Micronet] Funds Investment [the problem of spam]
Cc: Micronet mailing list <micronet-list@uclink4.Berkeley.EDU>,
MAGNet mailing list <magnet-list@uclink4.Berkeley.EDU>
In the message "Fwd: [Micronet] Funds Investment", dated 2002-07-29,
Nils Ohlson wrote:
> I got this spam today, sent through the micronet list. You
>may already be acquainted with this particular scam; hopefully
>no-one at UCB is taken in by it, but you never know.
>
> Is there anything to be done at the campus level to screen
>out this sort of dangerous nonsense? I would be grateful for either
>a personal response, or one to the list.
[...] the San Francisco Chronicle's Henry Norr has recently
spotlighted the problem of spam and how to combat it in a series of
three hard-hitting (and highly recommended) articles:
"Spam attacks growing"
July 15, 2002
<http://sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2002/07/15/BU224200.DTL>
"New tools to fight spam"
July 22, 2002
<http://sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2002/07/22/BU.DTL>
"Trying to discard junk faxes"
(which in part continues the discussion about fighting e-mail spam)
July 29, 2002
<http://sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2002/07/29/BU112551.DTL>
The first and second articles mention several services and tools
for filtering spam messages, particularly the Brightmail Solutions
Suite (a commercial client/server product which works with Solaris
and Windows mail servers, and is used by some of the largest US-based
ISPs) and CloudMark SpamNet (a free add-in for Microsoft Outlook
2000/XP for Windows).
One reason the spam problem may be coming to the forefront now is
that the sheer volume of spam may have ramped up significantly over
the past year. In his July 15 article, Henry Norr wrote:
"According to the latest monthly data from Brightmail, a San
Francisco company that attempts to stop the flood for corporate
customers (including The Chronicle) and Internet service providers,
the rate of unique spam attacks measured by the company's network of
decoy addresses has increased more than five-fold during the past
year -- from less than a million in June 2001 to more than 4.8
million last month."
(As if to testify to this fact, I've just returned after 17 days of
vacation to approximately 550 messages in my 'inbox' on Socrates. Of
these, slightly over 200 - over 35% of my total messages - were
spam-related. These included over 150 unsolicited spam messages,
plus another 50 messages generated when my vacation auto-replies
'bounced' when responding to non-existent addresses used by spammers.)
In his July 22 article, Henry concluded:
"No matter how good the anti-spam tools get, I don't see much
prospect that they'll ever manage to eliminate this pestilence
altogether, or even reduce it to an occasional annoyance. The ongoing
battle between spammers and spamfighters is a lot like the legendary
competition between burglars and lockmakers: Each time one side makes
an advance, the other comes up with something to defeat it, in a
cycle that never ends.
"That's why I think the ultimate solution, if there is to be one,
will have to be legal -- which means political -- rather than
technological."
And he subsequently discussed how repeated attempts to enact
anti-spam legislation in the US Congress have - so far - been stymied.
Aron Roberts
Workstation Software Support Group
(administrator of the Micronet and MAGNet mailing lists)
-----------------------------------------------------------------------
The following was automatically added to this message by the list server:
Webnet information is available at <URL:http://webnet.berkeley.edu/>.
This archive was generated by hypermail 2b29 : Mon Sep 16 2002 - 17:08:54 PDT