From owner-freebsd-chat  Sat Feb 23 14:43:11 2002
Delivered-To: freebsd-chat@freebsd.org
Received: from mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133])
	by hub.freebsd.org (Postfix) with SMTP id 6BFB937B419
	for <freebsd-chat@FreeBSD.ORG>; Sat, 23 Feb 2002 14:43:08 -0800 (PST)
Received: (qmail 40705 invoked by uid 100); 23 Feb 2002 22:43:05 -0000
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15480.6905.348926.555126@guru.mired.org>
Date: Sat, 23 Feb 2002 16:43:05 -0600
To: mascio@ryu.com
Cc: freebsd-chat@FreeBSD.ORG
Subject: Re: User unknown: Lie to Spammers?
In-Reply-To: <3C77EF30.2030001@ryu.com>
References: <Pine.BSF.4.21.0202230847350.25286-100000@server.highperformance.net>
	<xzp7kp4p132.fsf@flood.ping.uio.no>
	<3C77EF30.2030001@ryu.com>
X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid
X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG%
 *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\
From: "Mike Meyer" <mwm-dated-1014936185.98c1d5@mired.org>
X-Delivery-Agent: TMDA/0.46 (Python 2.2; freebsd-4.5-STABLE-i386)
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-chat.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-chat>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-chat>
X-Loop: FreeBSD.org

John R. S. Mascio <mascio@ryu.com> types:
> Dag-Erling Smorgrav wrote:
> >They don't.  They ignore bounces.  Most of the time they don't even
> >*receive* bounces, because they spoof their return paths and channel
> >their spam through open relays.

Yup. Here's <URL: http://www.cs.colorado.edu/~seidl/lawsuit/ > what
happened in one such case when the machine so spoofed suffered what
amounted to a DoS because of this.

> So true.  A friend of mine uses Ricochet 
> (http://www.vipul.net/ricochet/) to try to attack the problem.  You save 
> the email, including headers and it will send email to the admins of the 
> chain of receiving machines that the email followed.  The goal is to 
> attempt to get spamers punted by the ISPs often enough that it is some 
> pain for them as well.  He's had some luck with it.  YMMV.

I'm not familiar with Ricochet, but the general problem with this idea
is that the spammers put bogus received-from headers in them, just to
cause such tools to fail and/or bother innocent people.

You might want to check out tmda (in the ports tree). It's based on
the idea that spam is one-directional. Since installing it, the only
spam I get comes through the freebsd lists.

	<mike
--
Mike Meyer <mwm@mired.org>			http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message