[conspire] Re: Linux program to remove mail from server?

Rick Moen rick at linuxmafia.com
Thu Apr 28 14:14:21 PDT 2005


Quoting Edmund J. Biow (ejb1 at isp.com):

> What I would really like is a program that could analyze the real return 
> address of the sender from the header on the server and then give you 
> the opportunity to bounce the message back [...]

Given the slightly tongue-in-cheek tone of the rest of this paragraph, I
hope and expect you know that it isn't buildable.  I've seen a number of 
utilities that purport to autoanalyse spam and autogenerate "spam report" 
complaints to, and they're all worse than useless.

Such a program would be merely useless if it did no harm, but the ones
I've seen tend to crank out badly-designed complaint e-mails to forged
addresses or to postmaster/abuse accounts at (most often) the wrong
host, or to domain-registration contact addresses -- again, often at the
wrong domain entirely.

Ever read about the cargo cults?  Some years after the end of WWII,
anthropologists found in the interior of New Guinea some bizarre
native-built structures that looked oddly like military airfields and 
control towers, except completely non-functional because they only
_looked_ a little like the things they were built to imitate.  The
anthopologists asked around, and found out the story:

The wartime presence of the Allies had brought the tribes considerable
material wealth, you see:  Their departure was a severe blow.  So, the
tribes met and tried to figure out how to solve the problem.  They
reasoned, wait, the foreigners needed those crazy-looking fields and
towers for their airplanes.  Let's build some, and maybe the airplanes
and all the cargo wealth they carried will return.

Spammers lie.  (Spammer rule #1.)  Therefore, spammers' headers also
lie -- by careful design.  Figuring out where it really came from takes
a certain amount of care, and automating that process is non-trivial.
Doing it badly, and thereby making the analysis tool's user feel (in
error) that he's doing something _useful_ ("fighting spam"!) is really
easy, and happens all the time.  Most often, the complaint / spam report
e-mails they generate go to inappropriate parties, and thus are
_themselves_ secondary spam, and constitute adding more harm to an
already bad situation.

It's cargo-cult antispam.  With the difference that the original cargo
cults were harmless (albeit bizarre).

On the whole, the "send complaints / spam reports" model is broken and
reflects a lack of understanding of the problem -- same as the
ever-popular "please don't publish my address, because the spammers will
find it" approach.

I figured out why the latter doesn't work about ten years ago, when I
noticed my SMTP received-mail logs showing that spammers were walking up
all possible recipient names on my SMTP host, from
aaaaaaaa at linuxmafia.com on up, sequentially.  They can take this
fantastically inefficient approach because they have all the firepower
in the world, in the form of virus-compromised zombie Windows boxes.
Thus, if for that reason alone (and there are others) the "hiding from
spammers" strategy is long obsolete -- if it was ever defensible at all.





More information about the conspire mailing list