Newscripts

A tale of spam battles

Chemist Brad Madison tells of his recent adventures battling e-mail spam. At the time, he was managing his department's computer center at the University of Wisconsin, Madison.

Several years ago, Madison discovered that the department's main mail server was swamped with relay spam--spam sent to his server for relay to addresses at other locations. He says he spent an entire Saturday morning removing the intrusive mail from the queue. He also figured he'd have to do something to stop short the relay spamming.

The standard advice, he says, is "secure the mail server"--that is, configure it so that it won't accept relay spam in the first place. He had problems doing that, so he chose a different approach: Accept the illicit e-mail, but never deliver it.

That system worked, and he got an unexpected bonus. Spammers find open relays by brute force: They test a large number of Internet protocols (IPs) by trying to send a relay message through each of them, with the message addressed back to the spammer. Because Madison was accepting illicit e-mail but not delivering it, he began to trap many such messages. After a while, he realized that if he delivered just the illicit messages, the spammer would figure he'd found another open relay and would follow with spam.

That logic worked almost 100% of the time for the spammers, Madison says, and they took no precautions. If an IP relayed a test e-mail message, the spammers considered it an open relay. When Madison forced delivery of a message, the system received spam, and lots of it. Over the system's lifetime as an open relay honey pot, it stopped spam to several million recipients all over the world.

Madison says he and his mail server are now both retired, but others pursue the practice and continue to trap large amounts of spam. He mentions, but declines to identify, one such system at another department of chemistry. Since Dec. 26, 2003, that system has trapped spam to more than 1.9 million recipients.

More recently, Madison goes on, a second type of honey pot--the open proxy honey pot--has arisen with great success. Spammers hide their true location by sending spam through open proxy systems. Typically, however, they do not hide their location from the open proxy system. They send spam directly from their own system to open proxy systems. Again, he says, that's probably because the conventional wisdom is "secure the open proxy." The spammers count on the operator of any open proxy to secure it when he learns that it's being abused. The spammer simply quits trying to use the system, with his anonymity intact.

For the fake open proxies, though, the spammer gives away his own IP. Once that is known, a complaint can be sent to the Internet service provider responsible for the network segment from which the spammer operates--and the spammer loses his account. He almost certainly gets a new account somewhere. But if he tries relaying through the system he was using before--the one that reported him--he'll get reported again.

In short, Madison concludes, "If spammers rely on systems vulnerable to abuse to be able to send spam, then countermeasures that impede the spammers' ability to do the abuse help stop spam." Or something like that.

Nan-O-Moles make dandy toys

At the ACS South Florida section's National Chemistry Week family day at the Museum of Discovery & Science, Fort Lauderdale, Tegan M. Eve of the University of Miami and his wife acquired two ACS Nan-O-Moles, small, fuzzy moles sporting safety glasses. The moles quickly vanished from the kitchen table. Then the Eves found their two cats trying desperately to retrieve them from under the couch.

Once retrieved, the moles proved nonstop fun. For a 60-cent toy, Eve says, the Nan-O-Moles beat out "any other cat [distraction] we have come across to date; this rather surprisingly includes catnip-doped mice, which are specially designed for cats. Current rate of turnover is about four to five moles per month."

Eve adds, "Now for something I am sure my lab students ... thought they would never hear me say: Should any other cat owners care to try out the Nan-O-Moles with their own pets--I fully advocate removal of the moles' safety glasses prior to experimentation!"