topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 1:31 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: IDEA: Anti-spam utility generating complaint, running whois to generate data.  (Read 6290 times)

John_textiles

  • Supporting Member
  • Joined in 2007
  • **
  • default avatar
  • Posts: 3
    • View Profile
    • Donate to Member
Spam kills a lot of time.  To complain, I have to run a bunch of whois lookups, for the originating IP, the spammer's domain if the spam is advertising a domain, etc.  Is there any chance of getting a utility which could at least lighten the workload a bit?  Thanks!

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
can you elaborate a little about what kind of tool youd like?

John_textiles

  • Supporting Member
  • Joined in 2007
  • **
  • default avatar
  • Posts: 3
    • View Profile
    • Donate to Member
Elaborate, sure.  I'd like something, anything, that would reduce the effort required to report spam.  The perfect program would do it all, generating a form letter, addressing it to the abuse addresses of the ISP that mailed the spam, the registrar or servers for the site or domain advertised in the spam, the abuse addresses for the spammer's mail provider, etc.  Example.  I get a spam promoting a porn site or MLM scam.  I want the program to automatically run whois on the source IP for the spam mail, the website/domain, and also any domains related to the spammer's contact e-mail address listed on the whois registration of the spammer's site.

So if I get a spam from IP address 65.54.something, meaning it's from Hotmail, I want the abuse addresses for Hotmail to be added to a list of recipients of my complaint letter, which the program will generate (a fill-in form, basically).  If the site, mynakedsisterpicfordrugmoney.com, is registered with Enom, then Enom's abuse address is added.  If the whois info reveals that the registrant is Lenny Smith, with an e-mail address of [email protected], then a whois of that ugly...supplies domain will reveal another contact name and e-mail address, so that at some point we have a real address, rather than an address at a domain the spammer controls.  Obviously, sending a complaint to "[email protected]" won't do us much good, and could even escalate the spam by letting Lenny know your address is active.  It's when we find a [email protected] or at hotmail.com, that we have an address to which we can complain, and at least get his e-mail provider to cut off e-mail service (although the idiots at Yahoo! often argue and send "nope, not from us" form letters, refusing to acknowledge that they're helping a spammer even if the spammer uses his Yahoo! address only for the purpose of registering his domain).

I'd like to have a program that does a recursive and comprehensive search via whois, etc., to figure out all the complaint addresses to which reports can be sent to combat spam.  [email protected] would be an address that would always be included in the list of entities to notify.  Currently, when time and energy permit, I do all that research manually and paste stuff into a simple text file I use as a form letter for my complaint.  It would be so helpful to so many people to be able to automate the process.  Thanks!
« Last Edit: June 12, 2007, 04:46 PM by John_textiles »

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
i think this is a wonderful idea actually -- i'd love to see someone write it.
it would be nice if it could take as input the complete email received, and parse the email headers, etc.  in doing so it could also avoid being tricked by fake "from" fields, etc.

great idea -- i'd really like to see someone here write this, AFTER a comprehensive search to make sure such tools don't exist yet.  it would make a nice addon for email clients too like thebat and firebird.

BinderDundat

  • Supporting Member
  • Joined in 2007
  • **
  • default avatar
  • Posts: 31
    • View Profile
    • Donate to Member
Since a lot of spam comes from hijacked computers, complaints may not do you any good and if there is a real spammer receiving the complaint, they may take a complaint as validation of your email address and then you will get MORE spam.  Illegal? Spammers don't care.

I would like to see an implementation of a spam filter rule that compares the friendly name from the header with user-defined match words.  The spammers don't have most people's names, so you get a blank friendly name. If the filter defined all address book entries and non-"Deleted Items" and "Spam" folder entries as Friends and passed emails with blank friendly names to a spam folder, you would deal with 99+% of the spam.  With a rt-click menu entry that adds the sender of mis-identified spam to the friends list, you can catch the customer service type emails that often get caught in your ISP's filters by setting their spam rules looser and filtering on your email client.  Ideally the filter would delete Spam folder items older than a definable number of days.  Oddly enough, I have never seen this simple approach used.  It should code with a small footprint and ideally be available as a plug-in.

John_textiles

  • Supporting Member
  • Joined in 2007
  • **
  • default avatar
  • Posts: 3
    • View Profile
    • Donate to Member
You're missing the point entirely.  The complaint is not to be sent to the spammer (hell, I could just hit 'reply' if I wanted to write to the spammer, if the address is valid and the e-mail sent there is ever read by the spammer).  The point is to generate a complaint letter which goes to the abuse@ addresses of the spammer's 1) mail service providers, 2) registrar of any domains the spammer includes in his spam, and 3) the system the spammer used to send the spam.

Since a lot of spam comes from hijacked computers, complaints may not do you any good and if there is a real spammer receiving the complaint, they may take a complaint as validation of your email address and then you will get MORE spam.
-BinderDundat (July 03, 2007, 03:42 PM)

hamradio

  • Charter Honorary Member
  • Joined in 2006
  • ***
  • Posts: 828
  • Amateur Radio Guy
    • View Profile
    • HamRadioUSA.net
    • Read more about this member.
    • Donate to Member
I will note however that most whois servers doesnt allow automated lookups with programs. You actually got to go to the site and do it.  Most also state that if they see you doing automated lookups they will ban your ip from it.  So that is something to consider also...

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Isn't this what SPAMCOP.NET does, and you can sort of automate by using MAILWASHER

I have used this in the past and the way it works is that you can filter incoming mail according to rules and already known spam (and also heuristics). You can then visually check that what you see listed as spam is actually spam and when you click process you can set up an option to automatically send all the spam to spamcop. You may be able to write (or get someone to write) a script to automatically process these emails - but you probably won't be popular at spamcop as there will be a lot of false reporting.

They don't have an automated system at spamcop (and you need to register there to use their service - there is a free version and a more flexible paid for version) and so you get an email with the details of each spam message. Click the link in the message and then follow the links on the webpage.

Spamcop then do all the work of processing headers and extracting suitable people to report abuse to, but it can't be automated as a lot of spam is well disgused or spoofed so that the spammers identity and source is hidden (there are a lot of emails sent out via bots on other people computers and also a lot of spammers run their own mail servers so that they aren't easily traced or reported). This means that before you report you have verify that the abuse trace has actually identified the real culprit and not just some poor shmuk who has had their email address spoofed.

Just to give you an idea - I (and I'd guess anyone with their own domain names) get innundated with spam which is formatted to appear that it comes from my domain - I even get a lot of complaints. This is nothing to do with me and there is nothing I can do about it. All the header details in the emails are spoofed so that the origin of the emails are obscured so I can't take action, and complaints mostly get checked at me which just increases the amount of junk mail I receive.
« Last Edit: July 04, 2007, 07:04 PM by Carol Haynes »