Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Anti-spam techniques?

  1. #1
    Junior Member
    Join Date
    Feb 2011
    Location
    New England, USA
    Posts
    6

    Anti-spam techniques?

    Hi all. Yes, I'm a newb. I consider myself to be more informed than the general population in regards to computer sciences, but obviously not an expert.

    I would like to know if it is possible and if so, how, to find spammers/phishers. I am sick of getting spam, and am on a mission to find the *******s who are sending it to me and bring them to court.

    I realize that some of you may be involved in spamming/phishing yourselves. All I can say is that I hope you aren't sending it to me, because I am determined to find every single person who is sending me this crap and sue them! That being said, I'd appreciate any/all help on the subject.

    I am sure there is a way to find someone's contact information even if all you have is a fake email address... Is it possible to figure out what IP address the individual was at while creating an "anonymous" email? If you could figure that out, can't you find their physical address, name, phone number, etc with that info?

    There MUST be a way to find these guys...

    Thanks in advance for any help.

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I am sure there is a way to find someone's contact information even if all you have is a fake email address... Is it possible to figure out what IP address the individual was at while creating an "anonymous" email? If you could figure that out, can't you find their physical address, name, phone number, etc with that info?
    No, there isn't..................most of this stuff comes from compromised machines that are part of a botnet. Even if you could find out the the true IP address it would not lead you to the real sender.

    The rest probably goes through anonymous proxies. Spammers certainly do not use their own equipment to send spam.

    Also, the information you mention would not be divulged by the ISPs unless you are a law enforcement agency.

    If you are sick of spam perhaps you should ask yourself how they got hold of your e-mail address?

    As for suing them...................what makes you think that they operate within your jurisdiction?....................botnets know no frontiers.

  3. #3
    Junior Member
    Join Date
    Feb 2011
    Location
    New England, USA
    Posts
    6
    I can't believe that it's impossible to track down this info. Everything you do online leaves a trail. Even I know that. I'm sure it isn't easy, but there HAS to be a way to follow that trail back to the original source.

    And I don't believe that EVERY spammer is some kind of evil genius. Besides, if they're sending you information about an actual company, there HAS to be a way to at least track down the contact info for that company. I'm fairly certain that it's possible to bring the company to court in the place of the individual who actually sent the email, because they are acting as a representative of the company.

    Am I wrong/naïve for thinking any of this is possible? Or does anybody here really care to help me at all?! lol

  4. #4
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    Welcome to AO.

    nihil made a good point by saying:

    Also, the information you mention would not be divulged by the ISPs unless you are a law enforcement agency.

    You could possibly track one of these emails back to the infected computer that is sending them, ask the people at that house if you can take their personal computer for your own inspection, run wireshark on it for a few days/weeks, and wait for the C&C commands to come through to it, then log into that IRC channel [if they are using IRC for C&C], try to get the bot masters IP address, contact that ISP [probably in Russia or China] and ask them who was using that IP address at that time, which may be a university computer, or something like that... Then go and get that computer, check the logs to see if someone had accessed it without permission, or if the person was actually sitting at it at the time... If they accessed it without permission, you would have to get the address they were coming from, and then start that process over. If it was someone actually at the [most likely] public computer, you could see if there are cameras, and then try to get the government to run facial recognition scans on the person... or it could have been a wireless cafe, and you could hope that the person didn't spoof their MAC address while they were using the free wireless... then track down the vendor, and find out who they sold that particular network device to... probably dell or lenovo... then call Dell, find out what system it was put into, and I am sure they will hand you the information on the person that purchased it. Then you can go and beat them with a sock full of quarters.

    Or, you could get a better spam filter.

    Just sayin' ...
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Am I wrong/naïve for thinking any of this is possible?
    I am afraid so. Look at it another way? spamming is illegal in many countries, but how many arrests and convictions do you see? If law enforcement agencies can't do it with all their statutory powers and resources, how can an individual hope to?

    I'm fairly certain that it's possible to bring the company to court in the place of the individual who actually sent the email, because they are acting as a representative of the company.
    How do you prove that they were authorised and that it wasn't just the work of a rival trying to cause trouble? Plausible deniability?

    I can't believe that it's impossible to track down this info. Everything you do online leaves a trail.
    Yes, but can anybody follow it?................if I use a compromised private computer the answer will be "no", particularly if I go through a daisy chain of proxies that don't keep logs.

    If somebody compromises your machine and plants a spambot that fires off its crap then self-destructs, will you be any the wiser..............in a word, "no" You may well see some circumstantial evidence that it was there, but that's about all.

    The best way to deal with spam is to avoid getting it. For example if you belong to a social networking site don't put your e-mail on it, or your website for that matter. Use a separate e-mail account to subscribe to websites etc.................

    Incidentally, do you think that you are the only person in the World bothered by spam...................if it were feasible to do something about it, you can bet that someone would already have done so?

    EDIT:

    And I don't believe that EVERY spammer is some kind of evil genius.
    In which case why don't they get caught? Actually I believe there are different levels in the spamming "industry":

    1. Those who pay to have the spam sent.
    2. Those who compromise machines.
    3. Those who manage the botnets' actual spamming operations.

    #2 & #3 would be the evil geniuses
    Last edited by nihil; February 17th, 2011 at 11:39 PM.

  6. #6
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    The best way to deal with it is to use emails such as hotmail, which have a setting that only allows emails from your contacts to reach your inbox. All the other free emails I'm aware of allow spam to get through, except that one. Not a single piece of spam, ever.

    The anonymity of the web and the global nature of it makes it impossible to hold spammers accountable. The best we can do is, if we know anyone personally who visits or buys from a web site that spammed them, beat them senseless. They're the real culprits. If there were no profit margin in it, it wouldn't happen.

  7. #7
    Junior Member
    Join Date
    Feb 2011
    Location
    New England, USA
    Posts
    6
    I don't mean to sound like a jerk here, but...

    It seems like you guys are just polishing your knuckles here... I'm sure you're all very confident in your abilities as hackers, or whatever you want to call yourselves, especially as a community. I'm sure all these crazy techniques you guys are talking about that spammers/phishers use to scam people are all very impressive.

    So, what you guys are essentially saying is that either you think these techniques you describe are completely flawless, or that you just don't have any idea how to do what I'm talking about?

    Again, I'm not trying to be a jerk. I'm just calling it like I see it. I realize that the purpose of all the techniques you are describing were developed specifically to ensure anonymity (or at the very least "plausible deniability"). I'm sure it took a long time to discover and perfect all these techniques. I'm also sure that it is more interesting to people to try to do these types of things because of the lure of excitement/profit.

    Are you telling me that nobody thinks there's ANY money to be gained by figuring out how to trace these idiots, or that there's not enough glamor involved in cracking these puzzles for it to be considered "worthwhile" by most "hackers?"

    I tell ya what... I'm a quick learner. I'm dedicated to this concept. I may not be independently wealthy, by any stretch of the imagination, but I do know that there is money to be made, and that developing a technique to find the people who do this would get SOMEONE at LEAST fifteen minutes of fame.

    So here's my call to all you technical geniuses out there who love a challenge and aren't too busy working on "less-than-ethical" projects: Let's get together and hack the hackers!

    Oh wait... I'm not going to post any personal contact info here! lol

    Whatever. Thanks, anyway...

  8. #8
    Junior Member
    Join Date
    Feb 2011
    Location
    New England, USA
    Posts
    6
    Quote Originally Posted by JPnyc View Post
    The best way to deal with it is to use emails such as hotmail, which have a setting that only allows emails from your contacts to reach your inbox. All the other free emails I'm aware of allow spam to get through, except that one. Not a single piece of spam, ever.

    The anonymity of the web and the global nature of it makes it impossible to hold spammers accountable. The best we can do is, if we know anyone personally who visits or buys from a web site that spammed them, beat them senseless. They're the real culprits. If there were no profit margin in it, it wouldn't happen.
    I hereby officially nominate this response to be considered the best yet!

    Thank you for your thoughts!

    I'm a bit of a spaz sometimes, so I'll probably just forget about this in a day or two, but it still pisses me off immensely. I posted an advertisement for services on craigslist, and the only responses I got were all spam. Luckily, craigslist anonymizes your email, so I don't have to worry about any more spam now that the post has been taken down. I actually have a fake email address that I use specifically for signing up to questionable sites. It's "hahafakeemailaddressforspam@[a free email provider].com!" lol

  9. #9
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    The majority of spam isn't sent out by the people that want it sent. The majority of it comes from zombie machines who aren't even aware they're being used for that purpose. Spammers control huge networks of such zombie machines worldwide. You can trace them if you want but it's just going to lead to some stooge who's not even aware it's going on.

  10. #10
    Junior Member
    Join Date
    Feb 2011
    Location
    New England, USA
    Posts
    6
    Quote Originally Posted by JPnyc View Post
    The majority of spam isn't sent out by the people that want it sent. The majority of it comes from zombie machines who aren't even aware they're being used for that purpose. Spammers control huge networks of such zombie machines worldwide. You can trace them if you want but it's just going to lead to some stooge who's not even aware it's going on.
    So, the real fix is to convince Microsoft to fix all the crazy security issues with Windows, convince everybody with a computer that's connected to the internet to use Tor, and develop (unless one already exists?) an open-source firewall program that prevents machines from being susceptible to these kinds of attacks, which you would have to then convince everybody (or at least a good chunk of people) to use it?!

    Sounds good! Let's get started... haha

Similar Threads

  1. Email security & anti spam software
    By securityphreak in forum Product / Book / Training / Conference Reviews
    Replies: 4
    Last Post: November 1st, 2007, 05:14 PM
  2. Replies: 0
    Last Post: April 10th, 2006, 07:27 PM
  3. A little about adware/spyware and Spam - just for you StopSpam
    By valhallen in forum The Security Tutorials Forum
    Replies: 0
    Last Post: September 30th, 2004, 03:45 PM
  4. Spam problem
    By FamStars&Straps in forum Miscellaneous Security Discussions
    Replies: 2
    Last Post: October 12th, 2003, 05:33 AM
  5. Build a spam firewall with Linux
    By problemchild in forum The Security Tutorials Forum
    Replies: 2
    Last Post: April 3rd, 2003, 12:11 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •