CNET también está disponible en español.

Ir a español

Don't show this again

Services

Faking it to beat spam

    In response to the March 24 Perspectives column by Charles Cooper, "An answer to spam's discontents?":

    I think you must realize that a huge proportion of the spam that hits mailboxes is sent using some form of abuse, with abuse of open relays and abuse of open proxies being the commonest. Don't you ever wonder why nobody does anything about that abuse?

    Granted, it's a very low-level abuse. If you think about it, you should realize that low-level abuse might be susceptible to low-level countermeasures.

    For three years, I've run a fake open relay. Originally it was an e-mail server/fake open relay, now it's just the fake open relay--and only half-open most of the time at that. I found it possible to combine a server and a fake open relay with a decent degree of reliability. The problems I had came from implementation details, not conceptual ones. In any case, I don't try to combine the functions now, and I don't suggest anyone else do it.

    To a spammer, an open relay is a system that delivers the message; the spammer sends to find out if the system is an open relay. There's no magic way to find open relays--you test for them. So all that is needed for a fake open relay is to deliver the spammer's test messages and to not deliver anything else. It is that simple.

    Unix/Linux operators can run Sendmail as a fake open relay. Most may not want to do that and may run Sendmail normally. Windows users and anyone else with a Java Virtual Machine can run Jackpot (a free download: http://jackpot.uk.net/).

    Most journalists writing about spam have no idea what a spammer relay test message looks like. Many anti-spammers also have no idea. Thousands are sent every day; I capture three to five per day. These give away something about the spammer--he can't forge everything, because if he did, he'd never get any test results back. If I delivered a relay test, I'd get spam (probably.) I delivered a test in mid-February. Spam followed for two weeks before it trickled off.

    Brad Spencer
    Madison, Wis.