spam back?

Post by **bad_brain** » 01 Feb 2006, 08:58

hey mates...

well, you might have read my post about the spammer who uses this domain, I got it fixed now and my email account is clean again, but I have an idea:
what about creating an online form which enables visitors to spam back?
there should be 2 boxes with email-accounts you can use (I can provide 1000 yahoo-ones) and a list of known spammers.
chose the account>chose the spammer>enter some kind words into a textbox>spam the bastard!
the only part which is a little tricky would be to login to the email accounts....

Demian · Post by **Demian** » 21 Feb 2006, 07:35

and I thought the state-of-the-art way of turning the momentum of a spammer against him would be using honeypots...

Post by **bad_brain** » 21 Feb 2006, 08:46

well, I only know honeypots in context with setting up an unsecure server and then check how it´s intruded by attackers to be able to avoid these intruding techniques on the real server. or in context with wlan networks where you produce a lot of fake networks to distract attackers from the real one.
the problem with spammers is that they don´t use their own servers for spamming, in my case a server located in Lebanon was used, and you surely can imagine that it´s pointless to sue in this case or take any other actions because they simply use another server next time. to grab them by the nuts it´s imo the best to take action against the place where they are really vulnerable: their homepage. and hey, emails are traffic too, at a certain ammount they begin to eat bandwidth and hardware ressources, and if they reach their traffic limit it can be pretty expensive...

Post by **Stavros** » 21 Feb 2006, 09:15

Is it possible to trace the spammers back to their IP even through a server?

Post by **bad_brain** » 21 Feb 2006, 11:16

yes it is. you have to check the email-header.

but it depends on the server they have used/abused. but even if you can´t find the original IP in the header simply contact the server admin (you can get all infos about the server owner you need here: www.centralops.net ,use the "domain dossier") and DEMAND the excerpt of the mailer demon logs. and if they don´t want to cooperate they are most likely the original source of the spam.

Demian · Post by **Demian** » 21 Feb 2006, 16:26

Hmmm... spam or not, email or not, but to be honest, I would myself rather choose a service provider that doesn't keep logs to give them out on demand. It's a matter of customer privacy. But spam tends to follow quite specific patterns, which can be faced with probabilistic algorithms. These algorithms need to be trained, but spammers happily do that themselves if you put up a honeypot for them to spam. In this case, the honeypot doesn't need a whole insecure box, it's just an email address you don't use, but you put online in various places instead so the spammers' crawlers find them. (This is a quite versatile scheme: to counteract wiki- and forum-spam, I've heard of people putting up dead pages or threads which get spammed after a while) Avoiding those honeypots is far more difficult for them than cracking new boxes to spam from, so I regard this type of countermeasure as simply more scalable.