> This is nothing new. We've monitored this type of abuse for several
> years now. Bad coders are as much to blame as the spammer.

So have we, but we have never seen this amount spewing out this fast. The
spammers automated this hole because they saw no one would/could do
anything about it in the antispam community. My samples imply at least tens
of thousands of bad websites. It is also hard to get anyone to do anything
about their exploitable web form unless they face a blocklist or some other
penalty.

Meanwhile, every secretary who fancies herself a programmer decides she can
do web page design and the insecure website problem continues to grow and
grow and grow ....

I Hate Form Spams wrote

> least tens of thousands of bad websites. It is also hard to get anyone
> to do anything about their exploitable web form unless they face a
> blocklist or some other penalty.

Great idea. Penalise the innocent, not the spammer.

> Meanwhile, every secretary who fancies herself a programmer decides
> she can do web page design and the insecure website problem continues
> to grow and grow and grow ....

I'm sure plenty women could show you a thing or two.

--
Charles Sweeney
http://CharlesSweeney.com

Fleeing from the madness of the No thank you jungle
Charles Sweeney <EMAIL REMOVED> stumbled into
news:news.admin.net-abuse.email,alt.www.webmaster,alt.spam
and said:

> ...
> I'm sure plenty women could show you a thing or two.

any[thing|one] in mind?

/just curious you understand

--
William T***o

http://williamt***o.com/words/what-is-usenet.asp

William T***o wrote

> Fleeing from the madness of the No thank you jungle
> Charles Sweeney <EMAIL REMOVED> stumbled into
> news:news.admin.net-abuse.email,alt.www.webmaster,alt.spam
> and said:
>
>> ...
>> I'm sure plenty women could show you a thing or two.
>
> any[thing|one] in mind?
>
> /just curious you understand

)...both...and I ain't saying publicly!

--
Charles Sweeney
http://CharlesSweeney.com

In article <Xns989FE7CD24A9Dmecharlessweeneycom@130.133.1.4 >,
Charles Sweeney <EMAIL REMOVED> wrote:

>Great idea. Penalise the innocent, not the spammer.

If you drive home drunk from the office party, it does not matter
whether you ***umed the office party punch was not that strong or
you're some other kind of drunk driver.

People operating open PHP relays, trojan proxies, or any other spamware
are not innocent. Those who send unsolicited bulk email are spammers.
Whether the sender writes it or a third party who is also a spammer
originates it is irrelent. When the spam is relayed, it is irrelevant
whether the relaying spammer is paid in money or the satisfaction that
comes from donating bandwidth, CPU cycles, etc. to the good of Internet
Commerce and the SuperHypeWay.

Your ambition to get rich quick by operating an Internet Retail Store
in your home office but without paying for the education or third party
expertise to avoid being a spammer does not entitle you to consideration
from the victims of your spam. Failure to exercise due diligence is
not an affirmative defense.


Vernon Schryver EMAIL REMOVED

Vernon Schryver wrote

> In article <Xns989FE7CD24A9Dmecharlessweeneycom@130.133.1.4 >,
> Charles Sweeney <EMAIL REMOVED> wrote:
>
>>Great idea. Penalise the innocent, not the spammer.
>
> If you drive home drunk from the office party, it does not matter
> whether you ***umed the office party punch was not that strong or
> you're some other kind of drunk driver.

Correct but your analogy fails. The punch drinker knows there is some
alcohol in the punch. The innocent form user does not know that the
form can be used by spammers. "innocent" being the key word here. I
don't have to define it, do I?

> People operating open PHP relays, trojan proxies, or any other
> spamware are not innocent.

Many are. (Looks like I might need that definition.)

> Those who send unsolicited bulk email are spammers.
> Whether the sender writes it or a third party who is also a spammer
> originates it is irrelent.

I see. If someone makes a nuisance phone call, the telephone company is
also making a nuisance phone call. I'm getting it now. If someone
sends objectionable material through the post, the mail company is
equally guilty. New to the real world?

> When the spam is relayed, it is irrelevant
> whether the relaying spammer is paid in money or the satisfaction that
> comes from donating bandwidth, CPU cycles, etc. to the good of
> Internet Commerce and the SuperHypeWay.

So you believe in shooting messengers?

> Your ambition to get rich quick by operating an Internet Retail Store
> in your home office but without paying for the education or third
> party expertise to avoid being a spammer does not entitle you to
> consideration from the victims of your spam. Failure to exercise due
> diligence is not an affirmative defense.

???????????????

Too much Christmas sherry?

--
Charles Sweeney
http://CharlesSweeney.com

Vernon Schryver wrote

> In article <Xns989FE7CD24A9Dmecharlessweeneycom@130.133.1.4 >,
> Charles Sweeney <EMAIL REMOVED> wrote:
>
>>Great idea. Penalise the innocent, not the spammer.
>
> If you drive home drunk from the office party, it does not matter
> whether you ***umed the office party punch was not that strong or
> you're some other kind of drunk driver.
>
> People operating open PHP relays, trojan proxies, or any other
spamware
> are not innocent. Those who send unsolicited bulk email are spammers.
> Whether the sender writes it or a third party who is also a spammer
> originates it is irrelent. When the spam is relayed, it is irrelevant
> whether the relaying spammer is paid in money or the satisfaction that
> comes from donating bandwidth, CPU cycles, etc. to the good of
Internet
> Commerce and the SuperHypeWay.
>
> Your ambition to get rich quick by operating an Internet Retail Store
> in your home office but without paying for the education or third
party
> expertise to avoid being a spammer does not entitle you to
consideration
> from the victims of your spam. Failure to exercise due diligence is
> not an affirmative defense.

There is only ONE guilty party, and that is the spammer. I would
imagine that spammers would be delighted that you are not giving them
your full attention and are blaming others for their spam.

--
Charles Sweeney
http://CharlesSweeney.com

Charles Sweeney wrote:
> Vernon Schryver wrote
>> People operating open PHP relays, trojan proxies,
>> or any other spamware are not innocent.
>
> Many are. (Looks like I might need that definition.)

Incompetent, negligent?


--
E-Mail Sent to this address <EMAIL REMOVED>
will be added to the BlackLists.

In article <3Mmih.35709$EMAIL REMOVED> ,
E-Mail Sent to this address will be added to the BlackLists <EMAIL REMOVED> wrote:

>E-Mail Sent to this address <EMAIL REMOVED>
> will be added to the BlackLists.

Cool! That way I can blacklist any email address I can fake!

EMAIL REMOVED wrote:
> BlackLists wrote:
>> E-Mail Sent to this address <EMAIL REMOVED>
>> will be added to the BlackLists.
>
> Cool! That way I can blacklist any email address I can fake!

? (Shrug)

I doubt the "email address" would have much affect on
filter tuning.

For the most part I stick to BlackListing by IP
/ CIDR range / ASN.

I see little value (to you) to get IPs you can send spam
through blacklisted; if they are abusable services,
open relays, ... and you abuse them, they belong listed;

If you use IPs under your control, or the SMTP servers
provided by your ISP to send Spam, they also belong
listed for doing so (I'm not sure how much your ISP
would appreciate it).

The domain part of the "email address" could end up in a
URI bl (seems to happen a lot to forged froms, including
domains I deal with).


You could make your own blacklist of "email address",
domains, IPs, message content & purple dinosaurs if you
wanted to, it would likely have more value to you.

--
E-Mail Sent to this address <EMAIL REMOVED>
will be added to the BlackLists.