Hi,
As part of our BluePedia project, we've set up a list (updated regularly) of GeoCities-based spam sites, based on what we see in the spam our user community reports to us. http://community.bluesecurity.com/bluepedia/DataFeeds/geocities_sites.tx t
At the time of writing there are 2,175 live sites in our list, which is a pretty big number. GeoCities remains the #1 spamvertised domain in the spam we receive. What're your directions on how to tackle this phenomenon?
Regards,
Guy Rosen Lead Analyst, Operations Team Blue Security http://www.bluesecurity.com/
AIM: guyrrosen (double R) ICQ: 294712217
On Sunday, January 29, 2006, 4:31:29 AM, Guy Rosen wrote:
As part of our BluePedia project, we've set up a list (updated regularly) of GeoCities-based spam sites, based on what we see in the spam our user community reports to us. http://community.bluesecurity.com/bluepedia/DataFeeds/geocities_sites.tx t
At the time of writing there are 2,175 live sites in our list, which is a pretty big number. GeoCities remains the #1 spamvertised domain in the spam we receive. What're your directions on how to tackle this phenomenon?
I would recommend forwarding them to abuse@yahoo.com with an explanation of where they came from, etc. Yahoo does read their abuse mail.
Jeff C. -- Don't harm innocent bystanders.
Jeff Chan wrote:
[...]
At the time of writing there are 2,175 live sites in our list, which is a pretty big number. GeoCities remains the #1 spamvertised domain in the spam we receive. What're your directions on how to tackle this phenomenon?
I would recommend forwarding them to abuse@yahoo.com with an explanation of where they came from, etc. Yahoo does read their abuse mail.
That's a waste of time.
They only remove the sites after at least 72H (if at all), well after their 'useful' life.
Their spam support service really rocks !
If you want to see how easy it would be to pre-screen and throw away spammy sites have a look at : http://nospam.mailpeers.net/alive_spammy2.txt
AOL did it, Tripod did it, and spammers moved away.
It's not a technical problem, it's a 'pink contract' problem.
Regards
Eric.
Jeff C.
Don't harm innocent bystanders.
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
Hi!
I would recommend forwarding them to abuse@yahoo.com with an explanation of where they came from, etc. Yahoo does read their abuse mail.
That's a waste of time.
They only remove the sites after at least 72H (if at all), well after their 'useful' life.
Their spam support service really rocks !
Not really true. They use it also to track down ips and other info. They are not fast but i know whey are onto this.
AOL did it, Tripod did it, and spammers moved away.
It's not a technical problem, it's a 'pink contract' problem.
The size of Geocities differs a little and makes it harder for them to search and destroy... Dont say its right, but i do understand.
Bye, Raymond.
Raymond Dijkxhoorn wrote:
Hi!
I would recommend forwarding them to abuse@yahoo.com with an explanation of where they came from, etc. Yahoo does read their abuse mail.
That's a waste of time. They only remove the sites after at least 72H (if at all), well after their 'useful' life. Their spam support service really rocks !
Not really true. They use it also to track down ips and other info. They are not fast but i know whey are onto this.
What is not really true ?
They've been 'onto this', tracking down ips and other infos for more than a year !
See the result for yourself.
Hint ... all the IPs are on their own servers and the main relevant 'info' they can collect is unhappy recipients / honeypot email addresses for listwashing ...
AOL did it, Tripod did it, and spammers moved away. It's not a technical problem, it's a 'pink contract' problem.
The size of Geocities differs a little and makes it harder for them to search and destroy... Dont say its right, but i do understand.
Geocities is bigger, so they could easily have proportionnally bigger ressources if there was a will.
They don't need to scan everything at all times.only recently changed index pages. Since they process all pages (to insert the ads) I simply can't believe they don't have some form of blacklisting system integrated. Whenever a page changes, they can run the test once.
When there's a will there's a way.
Sorry, but they have *no* excuse.
Eric
Bye, Raymond. _______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
On Sunday, January 29, 2006, 7:26:02 AM, Eric Montréal wrote:
It's not a technical problem, it's a 'pink contract' problem.
Except that Geocities accounts are free.
Maybe they get ad impression money or something, but they don't get payment from the spammers.
Jeff C. -- Don't harm innocent bystanders.
Jeff Chan wrote:
On Sunday, January 29, 2006, 7:26:02 AM, Eric Montréal wrote:
It's not a technical problem, it's a 'pink contract' problem.
Except that Geocities accounts are free.
Maybe they get ad impression money or something, but they don't get payment from the spammers.
It is my understanding that pink contract means: "contract from an Internet service provider to a spammer exempting the spammer from the usual terms of service prohibiting spamming."
It usually involves money but I think it's not very likely here (can't rule that out either). The service being offered for free or for a fee to non spammy customers does not prevent the same service from being sold to spammy with added 'pink' clauses.
However, I think this is more of a mutual benefit thing. Spammy is free to use the service for his redirections and Yahoo gets a huge brand exposure for it's Geocities trademark.
As I wrote earlier, as long as the recipient of the spam thinks that Geocities is an unwilling victim of the spammer, the effect of such widespread brand exposure is good for them.
Changing that perception would put an end to it.
A few media outlets reporting about Yahoo's continued unwillingness to solve the issue and you can bet what was impossible for more than a year will be solved in less than a day !
Eric.
Jeff C.
Don't harm innocent bystanders.
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
Hi!
At the time of writing there are 2,175 live sites in our list, which is a pretty big number. GeoCities remains the #1 spamvertised domain in the spam we receive. What're your directions on how to tackle this phenomenon?
I would recommend forwarding them to abuse@yahoo.com with an explanation of where they came from, etc. Yahoo does read their abuse mail.
Make that abuse@yahoo-inc.com
We also have some direct contacts there, so if you are sure the complete list is still active we can point them towards...
Bye, Raymond.
Raymond Dijkxhoorn wrote:
Hi!
I would recommend forwarding them to abuse@yahoo.com with an explanation of where they came from, etc. Yahoo does read their abuse mail.
Make that abuse@yahoo-inc.com
We also have some direct contacts there, so if you are sure the complete list is still active we can point them towards...
It is accurate, alive and redirecting !
I just finished a test run through my detection script (could not resist the temptation !), and here's the result: http://nospam.mailpeers.net/bluesecurity_alive_spammy2.txt
The tests were not tweaked in anyway for this list, yet on average, they catch 94% of them, so false positives, if any are very few and far between.
As Guy Rosen mentioned, there is exactly 2175 confirmed alive sites.
Here are the 'real' targets hidden by the redirectors (except for encoded scripts) with hosting country name: http://nospam.mailpeers.net/bluesecurity_spammy_targets.txt
and the RIP list: http://nospam.mailpeers.net/bluesecurity_rip_spammy.txt
However, removing after the fact is ineffective because it's way too slow ...
Eric.
Bye, Raymond. _______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
Guy Rosen wrote:
Hi,
As part of our BluePedia project, we've set up a list (updated regularly) of GeoCities-based spam sites, based on what we see in the spam our user community reports to us. http://community.bluesecurity.com/bluepedia/DataFeeds/geocities_sites.txt
I have been maintaining a similar list, with detailed information about each target for 2 months, so far, I have about 800 sites and a .cf ruleset for them.
At the time of writing there are 2,175 live sites in our list, which is a pretty big number. GeoCities remains the #1 spamvertised domain in the spam we receive. What're your directions on how to tackle this phenomenon?
From what I understand, Yahoo is quite happy with the brand exposure for Geocities. Average users will see their brand many times a day, and they don't care if it's in spams as long as they appear to be a victim of the spammer.
We all know they're not victims but a true spam resource provider. As I wrote in my Dec. 21 message in the board, their support for spammers is so entrenched that the only way we are going to get rid of it is by attacking their corporate image in the press. I does have to be ugly, but solid and thoroughly researched to outweigh their gains in brand exposure.
Next step would be to gather support from major anti spam organizations and issue a documented press release sharply criticizing Yahoo for their continued and growing spam support.
Regards,
Eric
-
Eric Montréal -
Guy Rosen -
Jeff Chan -
Raymond Dijkxhoorn