[Dovecot] Getting more spam
Hi
I am taking part in writing an anti spam filter for my uni project.
However at the moment I am not getting much spam to my mail server - running dovecot and postfix :)
Do you have any suggestions for getting more?
Thanks Tom
On Wednesday 21 March 2007 1:47 pm, postmaster@webisp.co.uk wrote:
However at the moment I am not getting much spam to my mail server - running dovecot and postfix :)
You need to be really careful about this. It turns out that getting a *clean* spam feed is quite challenging. You want to make sure it's:
- Verbatim spam (not forwarded, classified, or otherwise messed with)
- 100% spam, in other words you want to be absolutely certain that a "legitimate" email didn't slip in, for instance, you want to make sure people aren't able to taint it by redirecting real email from their mother-in-law
- An accurate representation of the sort of spam you're interested in. For instance, do you care about things that postfix could drop by checking the hostname given with HELO? Are you interested in spam resulting from usenet posts, web spiders, or something else?
I have a spam sink--currently turned off--that I can re-enable for you if you aren't too picky about the last point. Better, I think, would be for you to seed your own spam sink, but that takes time and maybe you can't wait.
Neale
Hi
Thanks for the offer.
What is a a spam sink, can you redirect it via MX records?
I am interested, as you say, in genuine spam, but not too bothered what the source is.
I do not use this account for anything else, so there are no non-spam messages in it.
Thanks Tom
Neale Pickett wrote:
On Wednesday 21 March 2007 1:47 pm, postmaster@webisp.co.uk wrote:
However at the moment I am not getting much spam to my mail server - running dovecot and postfix :)
You need to be really careful about this. It turns out that getting a *clean* spam feed is quite challenging. You want to make sure it's:
- Verbatim spam (not forwarded, classified, or otherwise messed with)
- 100% spam, in other words you want to be absolutely certain that a "legitimate" email didn't slip in, for instance, you want to make sure people aren't able to taint it by redirecting real email from their mother-in-law
- An accurate representation of the sort of spam you're interested in. For instance, do you care about things that postfix could drop by checking the hostname given with HELO? Are you interested in spam resulting from usenet posts, web spiders, or something else?
I have a spam sink--currently turned off--that I can re-enable for you if you aren't too picky about the last point. Better, I think, would be for you to seed your own spam sink, but that takes time and maybe you can't wait.
Neale
Also, I am running a custom smtp proxy in front of postfix to log all SMTP transactions, and postfix is configured to be very lenient in terms of checking.
Tom
postmaster@webisp.co.uk wrote:
Hi
Thanks for the offer.
What is a a spam sink, can you redirect it via MX records?
I am interested, as you say, in genuine spam, but not too bothered what the source is.
I do not use this account for anything else, so there are no non-spam messages in it.
Thanks Tom
Neale Pickett wrote:
On Wednesday 21 March 2007 1:47 pm, postmaster@webisp.co.uk wrote:
However at the moment I am not getting much spam to my mail server - running dovecot and postfix :)
You need to be really careful about this. It turns out that getting a *clean* spam feed is quite challenging. You want to make sure it's:
- Verbatim spam (not forwarded, classified, or otherwise messed with)
- 100% spam, in other words you want to be absolutely certain that a "legitimate" email didn't slip in, for instance, you want to make sure people aren't able to taint it by redirecting real email from their mother-in-law
- An accurate representation of the sort of spam you're interested in. For instance, do you care about things that postfix could drop by checking the hostname given with HELO? Are you interested in spam resulting from usenet posts, web spiders, or something else?
I have a spam sink--currently turned off--that I can re-enable for you if you aren't too picky about the last point. Better, I think, would be for you to seed your own spam sink, but that takes time and maybe you can't wait.
Neale
On Wednesday 21 March 2007 2:01 pm, postmaster@webisp.co.uk wrote:
What is a a spam sink, can you redirect it via MX records?
It's just a mail account that gets nothing but spam (I hope). It seems to be well-seeded on the spam CDs so I'm sure to get the same kind of spam that a real person would get, just that this account gets nothing else. I don't know if it gets a truly accurate sampling of spam though: by now the address may have been removed from the more expensive spam CDs, despite my efforts to keep it secret. Or maybe somebody's trying to poison it with custom-crafted spam, in an attempt to throw off training data. I kind of doubt it but who knows.
I can't turn the firehose on to you with MX records, sorry. For a while I had a mail list set up that people could subscribe to, in order to get a mirror, but that turned out to be a bad idea. If you (or anyone else reading this) would like to get at my spam I'll need to have some assurances that you're not a spammer looking to somehow taint my precious river of pure spam.
What a crazy world.
You're probably best off following Jay's suggestions. It won't take long for spam to start coming in. Another suggestion is to surf a lot of porn and sign up for as much "free porn" as you can. Not only do you get loads of spam, you also get to surf for porn and call it classwork!
Neale
Sadly, I have to take exception to the suggestions to "reply to spam with your contact address" and "sign up for free porn". By the loosest definitions, you are "asking" for spam when you do this.
The other suggestions, posting to bugtraq and usenet, are excellent ideas.
Also, An excellent way to get more spam is to unsubscribe from spam with the target address. This seems to work REALLY well.
-ejay
-----Original Message----- From: dovecot-bounces@dovecot.org [mailto:dovecot-bounces@dovecot.org] On Behalf Of Neale Pickett Sent: Wednesday, March 21, 2007 4:53 PM To: dovecot@dovecot.org Cc: postmaster@webisp.co.uk Subject: Re: [Dovecot] Getting more spam
On Wednesday 21 March 2007 2:01 pm, postmaster@webisp.co.uk wrote:
What is a a spam sink, can you redirect it via MX records?
It's just a mail account that gets nothing but spam (I hope). It seems to be well-seeded on the spam CDs so I'm sure to get the same kind of spam that a real person would get, just that this account gets nothing else. I don't know if it gets a truly accurate sampling of spam though: by now the address may have been removed from the more expensive spam CDs, despite my efforts to keep it secret. Or maybe somebody's trying to poison it with custom-crafted spam, in an attempt to throw off training data. I kind of doubt it but who knows.
I can't turn the firehose on to you with MX records, sorry. For a while I had a mail list set up that people could subscribe to, in order to get a mirror, but that turned out to be a bad idea. If you (or anyone else reading this) would like to get at my spam I'll need to have some assurances that you're not a spammer looking to somehow taint my precious river of pure spam.
What a crazy world.
You're probably best off following Jay's suggestions. It won't take long for spam to start coming in. Another suggestion is to surf a lot of porn and sign up for as much "free porn" as you can. Not only do you get loads of spam, you also get to surf for porn and call it classwork!
Neale
Ejay Hire schrieb:
Sadly, I have to take exception to the suggestions to "reply to spam with your contact address" and "sign up for free porn". By the loosest definitions, you are "asking" for spam when you do this.
The other suggestions, posting to bugtraq and usenet, are excellent ideas.
Also, An excellent way to get more spam is to unsubscribe from spam with the target address. This seems to work REALLY well.
-ejay
-----Original Message----- From: dovecot-bounces@dovecot.org [mailto:dovecot-bounces@dovecot.org] On Behalf Of Neale Pickett Sent: Wednesday, March 21, 2007 4:53 PM To: dovecot@dovecot.org Cc: postmaster@webisp.co.uk Subject: Re: [Dovecot] Getting more spam
On Wednesday 21 March 2007 2:01 pm, postmaster@webisp.co.uk wrote:
What is a a spam sink, can you redirect it via MX records?
It's just a mail account that gets nothing but spam (I hope). It seems to be well-seeded on the spam CDs so I'm sure to get the same kind of spam that a real person would get, just that this account gets nothing else. I don't know if it gets a truly accurate sampling of spam though: by now the address may have been removed from the more expensive spam CDs, despite my efforts to keep it secret. Or maybe somebody's trying to poison it with custom-crafted spam, in an attempt to throw off training data. I kind of doubt it but who knows.
I can't turn the firehose on to you with MX records, sorry. For a while I had a mail list set up that people could subscribe to, in order to get a mirror, but that turned out to be a bad idea. If you (or anyone else reading this) would like to get at my spam I'll need to have some assurances that you're not a spammer looking to somehow taint my precious river of pure spam.
What a crazy world.
You're probably best off following Jay's suggestions. It won't take long for spam to start coming in. Another suggestion is to surf a lot of porn and sign up for as much "free porn" as you can. Not only do you get loads of spam, you also get to surf for porn and call it classwork!
Neale
to unsubscribe from spam is are really funny idea, thx for that joke *rofl
Mit freundlichen Gruessen Best Regards
Robert Schetterer
https://www.schetterer.org Munich/Bavaria/Germany
Hi
I am taking part in writing an anti spam filter for my uni project.
However at the moment I am not getting much spam to my mail server - running dovecot and postfix :)
Do you have any suggestions for getting more?
Thanks Tom
Oh, Doggy, do I ever:
First, set up a few tagged addresses.
Post to usenet with some addresses from your server.
Respond to a few spams listing your email address as the contact information.
Remove all the spam filtering rejection rules from Postfix-- i.e. don't require FQDN for anything, use none of the RBLs, etc...
Make a post or three to BugTraq.
Post to Slashdot with an address from this domain.
Click on popups (in a sandboxed environment-- no point in being stupid!) and give an address at that domain for contact info.
This is what my users do, and then wonder why they get spam...
-- Jay
Request mortgage information, again with that email adress
participants (5)
-
chandler.lists@chapman.edu
-
Ejay Hire
-
Neale Pickett
-
postmaster@webisp.co.uk
-
Robert Schetterer