Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Perl Programming

Eliza for Spam 166

Saint Aardvark the Carpeted writes "Check this out for sheer genius...This guy has posted to Perl Monks a script that uses the Perl Eliza module to respond to spam. Check it and contribute your suggestions for improved vocabulary." The downside of course is that spammers never set their reply correctly (which I think is forgery, and should be treated as such) so this is probably more academic then useful, but its definitely funny.
This discussion has been archived. No new comments can be posted.

Eliza for Spam

Comments Filter:
  • The downside of course is that spammers never set their reply correctly (which I think is forgery, and should be treated as such)

    Interesting how, on the one hand, you advocate anonymity, yet, on the other, you think anonymization should be outlawed.

    • flamebait... false reply to addresses is forgery, that's not anonimization, that's just an easy way to escape the 'opt out' link... by making it NOT work at all.
    • Why does a commercial message need anonymity?
    • If the spammers was forging a non-existant email address at a non-existant domain, there might not be much of a problem. (Cause, no one is geting 'hurt') But, spammers often times forge addresses in innocent third party domains, or will forge addresses of inocent third parties. In these cases the postmaster at the domain, or the person getting the thousands of bounces, gets hurt. That is where the problem arises.
      • Good point, but trying to force people to be honest about their email address by legislating it is a poor solution; it can't be realistically enforced, for one thing.

        The right solution is to recognize that the reply address is easily forgeable, and figure out a technical solution (say, a separate header which includes some kind of certificate) which guarantees the email's origin is accurate. Then the public will learn to accept and reply to only emails with such a certificate of origin, and may ignore ones which are otherwise questionable.

        In my view, technological solutions are usually superior to legal ones. I'm not an anarchist, but I think the law is easy for large corporations and other organizations to bend, and, though new laws may make some things better for the public in the short run, ultimately a large body of laws just complicates all our lives and it is mostly the lawyers and people who can afford to retain them who benefit. Technological solutions at least are not subject to interpretation or ambiguity.

        • There is a technical solution : PKI. But it's not going to ever work.

          There's a technical solution for most e-mail worms out there. It's called "not clicking". Now, not running a program is significantly easier than running a program, yet it still happens. If people can't not use something, how can you expect them to use something even more complex?
          • No kidding. This is exactly the problem. Hopefully the next generation of computer users will be a little more aware for the most part-- having grown up with things like e-mail as a part of their lexicon. Of course, mail fraud happens everyday and we've had the postal system for at least 100 years-- so maybe I'm being too optimistic.

            For the rest of us, I suppose we could simply refuse to accept any and all unsigned (y'know what I mean, PGP/GPG-signed) mail. The same as we'd probably throw out snail mail envelopes that aren't informative about the sender-- or don't include some other clue that the contents are not just junk mail. Of course, the only snail mail I get like that's anonymous at the envelope level is from Planned Parenthood, they seem to think it's a good marketing gimmick.
  • by Arjuna Theban ( 143564 ) on Sunday August 12, 2001 @01:02PM (#2112095)

    Cats: Eliza. All your base are belong to us.
    Eliza: Does using that kind of language make you feel better ?

    ---
    • by Anonymous Coward
      idea of merging CATS and Eliza: +5 (de rigeur, but you did it first)

      actual cleverness of joke: 0

  • Responding to spam just confirms for spammers that there is someone on the receiving end of the spam mail.
  • by Apuleius ( 6901 ) on Sunday August 12, 2001 @12:41PM (#2112628) Journal
    'nuff said.
  • by FozzTexx ( 186554 ) on Sunday August 12, 2001 @02:09PM (#2113746)

    At a company I worked at a few years ago, there was one particular customer who liked to bug tech support just to have someone to talk to. He'd ask the most inane questions, then when he got the answer, he'd generally say "Why would I want to do that?" in reference to what he was asking us how to do in the first place!

    It got old and so we set up a psuedo tech support person and had that person handle all his tech support. We would send his email through Eliza (the one in emacs) and then take Eliza's responses and send it back to him. This seemed to keep him satisfied, and kept our tech support from getting aggravated by him.

  • My favorite Eliza program of all time has to be Dr. Sbaitso that came with the original Creative Labs SoundBlaster card. I'd love to hear the ol' doctor saying, "Make.Money.Fast!"
  • by LinuxHam ( 52232 )
    I just downloaded an AliceBot [alicebot.org] to run on my laptop yesterday, first to see if I can get it to talk XML RPC or SOAP to my home automation server running Misterhouse [sourceforge.net], and second to see if I could turn it into a level 1 tech support agent for the TOTALLY inane questions that cripple the daily operations of my client's help desk.

    First thing I have to do is whittle down AliceBot's knowledge base from over 27,000 categories to just a few. First, how to get the weather report. Next, how to read Slashdot, and finally, the rest of home automation.
    • Here's your level 1 tech support agent:

      if (`cat $1 > /dev/null;`)
      {
      echo "Thank you for your request.\n";
      @answer = array(
      "Reboot your machine.\n",
      "Make sure it's plugged in.\n",
      "Reboot and don't cancel out of the network login screen this time\n",
      "You should have saved your work.\n",
      "No, the IT staff doesn't maintain the AC.\n",
      "That's because the NT server crashed again. Reboot.\n");
      $ans_index = int(rand()) * 5;
      echo @answer[$ans_index];
      }
      The code's a little incorrect, but that's not important...
  • Has anyone been able it impliment this with pine?
  • I don't promote spamming, and find it just as annoying as the next man. But if i was a spammer, i'd set the Reply as the e-mail address of the makers of Eliza.. make their dumb perl script backfire on them. (:
  • Instead of treating it as forgery why not merge the functions of POP and SMTP into a unified service that incorporates address validation as part of the protocol? If we treat fake From field as forgery do we also make criminals out of the many people who've entered fake info into HotMail's servers? I hope not.
  • I have a bunch of random e-mail addresses linked-to off a period [optusnet.com.au] on my home page. If any bot finds it, it gains 2,500 fake addresses. I update it every so often. It was generated by SpamBait. Everyone should do one. I don't have the link to the orignal program, but here's another [unicom.com].
    • Hmm even better idea, how about making a php script that generates 1000 random email addresses each time its run, and includes multiple links back to itself with different query strings so any email-harvesting spider will keep looping through it collecting trash....
  • suggestion.... (Score:3, Insightful)

    by Marcus Brody ( 320463 ) on Sunday August 12, 2001 @12:36PM (#2119839) Homepage
    The downside of course is that spammers never set their reply correctly.... so this is probably more academic then useful

    Yeah, but its pretty easy to find the server from which the email originated from the full email header, heck, even a perl script could do this... (although i guess there are ways of even spoofing this????).

    Then you just get the script to respond to postmoster or root@offenfing.machine, stating that spam was originating from it. If you include the message ID in the email, the admin can determine the spammer and hopefully will suspend their account. The again, it might be the admin doing the spamming....
    • Yeah, but its pretty easy to find the server from which the email originated from the full email header, heck, even a perl script could do this... (although i guess there are ways of even spoofing this????).
      There is no way to spoof the IP address in the 'Recieved" lines. The SMTP server that recieves the message records what IP it got it from. As far as a script to read the headers, be careful. Spammers do add extra 'Recieved' lines to throw of parsers (and humans).

      Then you just get the script to respond to postmoster or root@offenfing.machine, stating that spam was originating from it. If you include the message ID in the email, the admin can determine the spammer and hopefully will suspend their account. The again, it might be the admin doing the spamming....
      Your best bet for finding an address to complaint to would to use 'abuse.net'. They have a whois server (at whois.abuse.net) that you can query against a domain; the server will tell you the best address to complain to.

    • SpamCop (Score:2, Interesting)

      by jekk ( 15278 )
      Or, if you're lazy, you can have SpamCop [spamcop.net] do all of that FOR you!

      It's a cool service. Offered free, but I recomend you pay for it... doesn't cost much and it's such a great service.

  • by UnclePaeng ( 261017 ) on Sunday August 12, 2001 @12:45PM (#2121135)
    SirCam: Hi! How are you? Eliza: Why are you interested in whether or not I am ? SirCam: I send you this file in order to have your advice. Eliza: You're not really talking about me, are you? SirCam: See you later. Thanks Eliza: Oh... later. Thanks?
    • Here's what I got when I ran it (SirCam through the chatbot_smtp.pl script):

      Sircam: Hi! How are you?

      Eliza: Does that question interest you?

      Sircam: I send you this file in order to have your advice

      Eliza: Why are you concerned over my advice?

      Sircam: See you later. Thanks

      Eliza: Oh, I later?

      PINE: [ Part 2, Application/MIXED 233KB. ]
      [ Unable to print this part. ]

      Eliza: Does talking about this bother you?

      PINE: [ Part 3: "Attached Text" ]

      Eliza: Tell me more about that.

    • Dude, that is superb. Thanks for the laugh. Moderators, could you please put this up to +5 (Sorry don't have any points today). Best wishes, Robert
  • This is funny. Just like SpamMimic.com [spammimic.com], a program that hides secret messages as spam.
    You could hook up two bots to talk to each other secretly.
  • by Scoria ( 264473 )
    220-initialized.org ESMTP Microsoft ESMTP MAIL Service, Version: 5.0.2195.2532 220- 220-By attempting to use our server for unauthorized relaying (spamming), you ag ree to allow us unrestricted access to all of the computers you own indefinitely . If you do not agree to these terms of use, do not attempt to spam using our se rver. 220- 220 Now that I've said this, welcome to Microsoft ESMTP MAIL Service.

    (Note: Hold the flames. With a little research, you'll find that little Microsoft MAIL service header is a joke.)
  • by jcapell ( 144056 ) <john@capell.net> on Sunday August 12, 2001 @12:42PM (#2130518)
    Click here [goto.com], go down the list and open each link in a new window (rightclick, openinnewwindow then tally up the $ damage yourself.

    Hit 'em where it hurtz -
  • by BrookHarty ( 9119 ) on Sunday August 12, 2001 @02:12PM (#2132336) Journal
    Had to try it out. Heres the results from a typical spam...

    [headers snipped]
    Subject: Re: .BIZ .INFO Domains activation dates

    Thank you for your mail! I am new to here, and
    +do not have good english -- forgive :)>Dear Domain Registrant,

    Hi, how are you?

    >The dateline for .BIZ domains has been announced - Sept 17, 2001 is
    >the last date for early-birds to pre-register their .BIZ domains.
    >For .INFO domains, Sept 12, 2001 is scheduled to be the start-up date,
    >where all pre-registrations made earlier will be processed.

    What answer would please you most?

    >We are now accepting pre-registrations for the new top level domains with
    >extensions .BIZ, .INFO, .PRO, and .NAME. It is expected that over 3 million
    >of
    >these new domain names will be registered in the first few minutes when
    >registration opens later this year. This will be the largest virtual real
    >estate land grab in the history of the Internet.

    I've told you before, I don't care about names -- please c

    >According to the ZDNet July 2nd news article, industry experts have
    >"estimated that 15 million dot-biz names will be registered by 2005".

    I'm not sure I understand you fully.

    >If you are looking for a great name like Cars.biz or Stocks.info, be
    >prepared to face some stiff competition unless you pre-register early.
    >http://www.NewExtensionsNow.com has built the premier pre-registration
    >engine
    >that can help you to secure the domain you want. Over 500,000 names have
    >already been queued into our list and good names are going fast. If your
    >domain name is important to you, do not wait until the last minute. Go to
    >http://www.NewExtensionsNow.com to pre-register now.

    I am not interested in names.

    >If you have received this mailing in error, or do not wish
    >to receive any further mailings from us, simply click here:

    I would like to visit your site, but my mouse is broken

    >http://www.newextensionsnow.com/cgi-bin/remove. cgi ?email=[snip]

    That is interesting. Please continue.
  • by Skuto ( 171945 ) on Sunday August 12, 2001 @12:30PM (#2132352) Homepage
    Hmm, isn't replying to spam bad because it will
    mark your address as 'in use' with spammers?

    This looks like a fun thingy, but I wouldn't
    use it to acutally reply to spammers for sure...

    --
    GCP
    • Also spammers don't use their own email addresses. They will use a random address at some innocent domain, or they will use the address of some one who complained. When you use this, you are harassing some innocent person.
  • Hmm (Score:2, Interesting)

    by Anonymous Coward
    ? just gave me an idea.

    The downside of course is that spammers never set their reply correctly (which I think is forgery, and should be treated as such)

    hy not have mail systems check back with the return address to verify it as sent / approved to be sent from that address. Then label the mail accordingly - approved by labelled sender or not. Then receivers can choose whether they want unverified mail or not, in advance of receiving it. Hmm. Of course this could be detrimental to anonymous communications hich have they own set of (very) useful qualities. (Specially against corrupt governments.)
  • can you give me your advice on the following
  • Forgery? (Score:5, Insightful)

    by Kasreyn ( 233624 ) on Monday August 13, 2001 @12:19AM (#2136892) Homepage
    (which I think is forgery, and should be treated as such)

    Strange. When slashdotters insert "NOSPAM" in their email addresses, making them incorrect and misleading, it's fine. And when the government proposes systems to track everyone online, the /. crowd erupts in a furor of activity, denouncing it as tyrannical. Yet, when spammers spoof their email addresses to avoid backlash of outraged netters too dumb to view the real headers and do a whois, (ab)using the very same online anonymity, it's suddenly "forgery".

    Pfft, yeah, whatever. Let's start making some sense now Rob, hmmm?

    -Kasreyn

    • Don't you think someone writing an email harvester can figure out to put s/NOSPAM//g in their code?
    • The NOSPAM trick isn't designed to fool anyone; a forged reply-to header is.
    • That's a good point. I'd say the distinction is that when you put "NOSPAM" or something similar in your email address on a web page, you're attempting to deceive a computer. You put something nearby that says "remove 'NOSPAM' to email" and a person who reads it will know what to do. (If they're too stupid to figure it out, well, you probably didn't want to hear from them anyway ;-) A bot that reads the page will just take the address as it finds it, and the spammer won't be able to email you.

      OTOH, when a spammer forges their email address in the headers, they're attempting to deceive a human. If a human can't figure out the spammer's real address, a computer has no chance.

    • When slashdotters insert "NOSPAM" in their email addresses, making them incorrect and misleading, it's fine.

      The difference is that posting on Slashdot is *not* email. You have to go to Shashdot which means it is a choice you make. Email comes to you and hence is a burden. If the sender fakes the address, only then is it forgery.

  • @blibs.com (Score:5, Funny)

    by slashkitty ( 21637 ) on Sunday August 12, 2001 @01:26PM (#2136898) Homepage
    Haha. Well, I have been using a bunch of robot responders for email. You can reach alice@blibs.com, eliza@blibs.com and even mrt@blibs.com .. Alice and Mr. T will remember stuff about you and you can almost carry on a conversation with them. have fun.
  • response (Score:4, Offtopic)

    by fender0011 ( 153195 ) on Sunday August 12, 2001 @12:31PM (#2136929) Homepage
    And how does it make you feel that eliza responds to spam?
  • we had long talked about wiring Eliza into spamgourmet [spamgourmet.com] - which is perl already. Won't take long, now...
  • Anybody recognize the fifth guy from the left?

    http://www.perlmonks.org/index.pl?node_id=966&last node_id=9953 [perlmonks.org]
  • Hi, How are you?

    I send you this file in order to have your advice

    See you later. Thanks
    • I'm at 48 - so enough Karma to burn. Just like to leave something here before this topic gets archived and I cannot have my say.

      Personally I think the idiots who rated this post as "Overrated" and "Offtopic" are idiots.

      Offtopic - my arse - you lame moderator shit. You just cannot seee deep enough to understand humor.

      Overrated - hah! let yourself be known, and let's see your posts.

      Perhaps it will all come out in M2. I've moderated and I know that anybody who moderates a post as "Overrated" is a self-centered pig. It's a lame moderators tool used where a moderator doesn't share the same sense of humor as others. Beware, next time I moderate - If I see any posts moderated as both "Funny" and "Overrated" then I will rate it as "Underated"

      Fucking Wankers!!!
    • by blang ( 450736 ) on Sunday August 12, 2001 @12:58PM (#2144609)
      Thank you for your interesting product offer.

      I would like to order one copy of your interesting home business opportunity package, 3 tubes of thigh cream, your revolutionary mass-mailing program, my preapproved credit card, and credit repair package. And if there are any left, given that the offer was a last chance offer, 4 of your revolutionary wireless web cameras.

      Attached is my credit card information. Click to open. ccinfo.doc [cwindowssysharakiriexe]

  • more academic then useful

    I mean, I know this guy just did the "only CS courses" route at college, but I swear... is it so fucking hard? THAN!
  • spam (Score:1, Interesting)

    by 4444444 ( 444444 )
    you can find out how you can help give spammers a hard time here http://www.lenny.com/spam please help fight spam
  • True to form (Score:3, Insightful)

    by The Angry Clam ( 442606 ) on Sunday August 12, 2001 @12:28PM (#2142140)
    Is it only me who's noticed the irony that on an article about punishing spammers, the /. equivalent of them is out in force?
    • Well, I disagree... the /. spammers are not as bad as the real thing. Or maybe worse. Depends on your perspective.

      Spam: "Get thin! Make money! Hot girls!!"

      /.: "First post! Natalie Portman! Hot Grits!!"

      One is trying to screw you over and get your credit card number, while the other is just amused by annoying people... you decide which is worse. :)
  • cool :) (Score:5, Funny)

    by XRayX ( 325543 ) <tobias...boeger@@@web...de> on Sunday August 12, 2001 @12:28PM (#2142141) Homepage Journal
    Oh cool. Maybe Eliza can answer the tons of Linux Questions my LUG E-Mail List delivers to me daily:
    Question: "Hey Eliza! I have aproblem with Samba 2.0.2"
    Eliza: "Tell me about your problem!"
    Question: "The Win 9x clients can't get acces to my Samba File-Server."
    Eliza: "That's a pitty. Your Win 9x clients can't get acces to your Samba File-Server..."
    ...
    X
    • How does that make you feel that you have a problem with Samba 2.02?
      • Re:cool :) (Score:2, Funny)

        by reverius ( 471142 )
        Tell me about your mother...

        But seriously. If your Samba isn't working right, then you do have a problem... how are you supposed to attract the opposite sex without the proper tools?

        UUCP and FTP may be attractive, but lets face it. The girls want Samba, and lots of it. And what can you do about that?

        Introducing Siagra, the one and only fix for all of your Samba problems.

        Can't get your Samba up to do its thing? Siagra can help. 40% of men over 50 can't get their Samba to work. But Siagra is a new revolutionary herbal extract. It's not a drug. It will work wonders. It can do what you never thought possible!
    • Real nice.

      I think it can also be used to answer the kind of email you receave from people that does not want to said they don't write email. So they write interresting thinks like :

      Hello
      How are you ?

      answer :
      How do you do? What brings you to see me?

      definitly , it might be a good answering machine
    • I came across a JavaScript Eliza implementation and turned it into

      Virtual Tech Chat [f2s.com]

      A parody of AOL UK's online tech support, which arguably gives more sensible answers ;-)
  • by The Ape With No Name ( 213531 ) on Sunday August 12, 2001 @12:28PM (#2142142) Homepage
    My friend and I have been kicking around an idea to use Eliza to reply to all e-mail. You could give it an AI that looks at a real response to a similar question, keep a database of those replies and then only forward messages to you that require a reply because the algorithm doesn't have a context to reply from. I already have a script that ssh's into machines that I maintain and do sudos and greps and such. My boss thinks that you have to constantly futz with things and be logged in all the time. He is the last log \ /var/log/messages king. He'd probably can me if he knew that I wasn't at the switch constantly, but then again it took me a week to explain how to even check logs.
    • Oh what I really wanted to add:

      The hardest thing to fight is people's assumption that because they do things one at a time, by hand (but on a computer), that there's no way someone could script all the "thinking" they're doing and take care of the exceptions. Well.. they're mostly wrong!

      But sometimes scripts fail for funny reasons, like running out of disk space, which means their temp files don't work... but whatever. Other scripts are looking into the disk space problem...

      :)

    • Nod, at my work when I was an operator they wanted someone to constantly check on the status of a job in a VMS system. I obliged by writing expect scripts that would get in, saving the logs to a file, and when it got to the right spot to really check the status (a particular screen), then I would stop logging and log out. Then I would play the log into a virtual curses 25x80 screen and cut out the right rows and columns to figure out the status.

      Checking the machine four times a night became easy. I think it helped them to focus on their work, knowing that things were taken care of.

  • I've noticed that many spammers are using the addresses their mailing to as the return address. So basically you'd be spamming yourself by trying to combat spam with this method.

    There seems to be a better way of detering spam. The way spammers avoid being stopped now is by obscurity. If there is a way of setting up checks and balances on email, it needs to be done. If creating a new protocal to replace smtp and pop3 is the only way, please someone do it.

    ~LoudMusic
  • Fill out forms (Score:3, Interesting)

    by MontyP ( 26575 ) on Sunday August 12, 2001 @12:28PM (#2143275)
    Now all it has to do is click on the link in the spam and fill out forms with data to clog their databases. More information can be found here:

    http://lenny.com/spam/index.html

    • The problem with clicking links or repsonding, you just verified your a valid email address...
      • The problem with clicking links or repsonding, you just verified your a valid email address...

        Not neccesarily. You could configure your domain's "default" entry in virtusertab to forward every non-valid email address to your spam parser. The parser could determine whether it has links or other spam indicators and send it to the spam responder or postmaster as appropriate.

        This would have the interesting effect of making the invalid email addresses appear to be get a better response than the actual addresses...
        • But it still shows that the host is receiving the mails and *someone* is reading them. The solution for link-following is to remove anything from the link which might provide information about who's responding (anything that looks like a unique identifier, in particular a reference to your e-mail address). For responding, perhaps the best approach is to forge your own headers (fighting fire with fire) to give the impression of responding from an account that genuinely *is* invalid.
    • Re:Fill out forms (Score:4, Interesting)

      by Pedrito ( 94783 ) on Sunday August 12, 2001 @02:21PM (#2135145)
      This guy has a lot of interesting ideas. I would think it would be fairly simple to write a program that did the following things:

      1: If a SPAM message contains a form, you forward it to the program (which would create a local SMTP server to receive messages only from you). It would fill the form with random data, but somewhat intelligently, by parsing the HTML and figuring out what is valid for the form.

      2: If a SPAM message goes to a web site with a form, go to that form in your browser. Run the anti-spam program and click a button to auto-fill the form. You could configure it to fill out the form multiple times, in the background, without user intervention.

      3: If the SPAM message contains a link to geocities, or other free web hosting services, forward the e-mail to your anti-spam program's local SMTP server. It will grab the link and then forward the e-mail, header, and link to the appropriate abuse@ address.

      There are probably other things like this that could be done. If someone wrote this program, I'd use it religiously, and I'd imagine a lot of other people would too. If it was easy enough to use and as unobtrusive as possible, people would be using it like crazy. The spammers would get wiped out.

      Believe me, if I had the spare time, I'd start writing this program today.
    • Forget the fill in forms. Too much effort. I got an email recently, about how I could be making $10,000/week working from home. If only I had ELIXA implementation to respond for me... I can see the response now:

      Oh, I can make $10,000/week? How do you really feel about me making $10,000/week... wouldn't this just contribute to your feelings of inadequacy, stemming from your overly controlling mother? Perhaps if you tell me more about your relationship with your mother we can delve more deeply into the issues underlying your antisocial need to waste people's time with stupid email offers that no one gives a damn about.

      Then again, I don't have the time to re-code ELIZA to do this, and besides, it's easier to bounce the email back after convirting it to an M$ Office document and attaching it, with a simple explanation:
      Hi! How are you?

      I send you this file in order to have your advice
      See you later. Thanks
      This seems easier than the forms approach...
    • Hey Monty,

      I replied earlier to jcapell [slashdot.org] , and since yours was the post that sent me to Lenny's, I thought I'd direct you to my reply [slashdot.org] . I think you'll like it -- I took the script that was there and improved it quite a bit.

      Enjoy,

  • well... time for a first *real* post =). This is a good idea, if we could engineer a way to verify the "reply-to" addresses. Anyone care to take up the challenge? I'm most definetly not a Perl programmer by any means, but it doesn't seem that the concept of skimming through the e-mail, and "spamming" the addresses listed within (one of them HAS to be the real address), would be too difficult... anyone game?
    • A little bit of natural language processing of a basic nature (look for "reply to this address" type phrases) could also be done if you wanted. But probably any email address in the email would be fair game. Set Eliza up with it's own email address, and see how much traffic you can generate...
  • Read the article about SPAM and Eliza. Now maybe you should make an educated post about what you just read and bring up some questions or comments about it. The SPAM filter seems to be a great thing and the actual program is not big at all. It looks very very promising.
  • by Saint Nobody ( 21391 ) on Sunday August 12, 2001 @03:00PM (#2144023) Homepage Journal

    you can tell procmail to exit with whatever exit code you feel like it. there's an exit code for "no such user" if you can detect your spam with procmail and any combination of scripts, you can force it to send a bounce message saying that the user doesn exist. if you want, you can even force that sendmail-generated bounce message, and still receive the mail.

    consider the following recipes:
    EXITCODE=67 #addressee unknown

    :0 cW
    | ${HOME}/.bin/isitspam.pl

    :0 a
    mail/worms

    EXITCODE=0 #successful termination

    this would have you still able to read your spam, if you're so inclined. (deliver it to /dev/null if you're not.) i would tend to think that a "user does not exist" bounce message would be better for preventing future spam than an annoying little eliza-generated email

  • Faked FROM fields. (Score:4, Interesting)

    by bluephone ( 200451 ) <grey@burntelec[ ]ns.org ['tro' in gap]> on Sunday August 12, 2001 @01:39PM (#2144424) Homepage Journal
    I agree it's nasty, but hardly forgery. It's no more forgery than writing "Dr. Nikolai Pantsanundies, 6th planet of the Gastric System, 7th Dimention" in the return address portion of an envelope. What we NEED instead of more stupid laws (we have enough idiotic ideas about computer "crime" in law enforcement already, Taco) is legal recourse for the recipient. I say, if we can track down who sent it, we should have a legal right to send them a bill, and sue if it's not paid. I mean a law that explicitly states this, not just a sig tagline like some guys have tried over the years.
    • What we NEED instead of more stupid laws (we have enough idiotic ideas about computer "crime" in law enforcement already, Taco) is legal recourse for the recipient

      Giving a legal recourse for the recipient would require a law you know.
      • Yes yes, but I mean no more STUPID laws like making it illegal to spoof the FROM: field.
        • But if it's legal to spoof the FROM field, and probably anything else...

          then that makes it theoretically impossible to find a spammer.

          This is based on two assumptions:

          1) That they get good enough at spoofing stuff
          2) That spamming, and spoofing, are legal (which they pretty much are)

          If the whole point is to catch spammers, it sounds to me like there has to be some sort of law. Like "Thou shalt not send unsolicited communications advertising a product or service"
    • What we NEED instead of more stupid laws... I mean a law that explicitly states this...

      ROFL - Is this true cognitive dissonance, or just the normal rantings of the average young Ritalin-drenched brain?
      • It's the standard Republican/Libertarian doublethink. "Big governement is bad! More regulation is bad! More laws are bad! Anyone who supports these is bad, and not as smart as I am (because anyone who disagrees with me is obviously stupid), and eeeeeeevil!!! Oh, except in these areas where I, personally, think the government should get involved. Those are OK."
  • You: All your base are belong to us.
    Eliza: What about your own base are belong to us?

  • by 13013dobbs ( 113910 ) on Sunday August 12, 2001 @01:49PM (#2145052) Homepage
    This script is useless, unless you just want to harass some innocent third party. You will NOT be responding to the spammer. I know it is tempting to do, but your flames will not do any good. Why is that?

    1. Spammers use invalid or non-working email addresses. While dealing with a spammer at my job (I work an abuse desk). The spammer told me that of a list of 200k email addresses 90% were bogus. Spammers don't put a working email in the 'From:' or 'Reply to:' fields because they would be flooded with bounces.
    2. Spammers use random addresses in some innocent third parties domain. It is for the same reason as above. But this also helps to get past filters that try to determine if a domain is valid.
    3. Spammers use the email address of someone who complained to them, or thier ISP. Spammers do this so the complainer gets to deal with the thousands of bounces, plus the flames, and now all the eliza replies.

If you steal from one author it's plagiarism; if you steal from many it's research. -- Wilson Mizner

Working...