Looks like people are starting to figure out Roy Shestowich's REAL MOTIVE
for his massive amounts of posts to comp.os.linux.advocacy.
It's about time!
On Mon, 27 Nov 2006 15:27:45 -0600, Shelly K. wrote:
> Roy Schestowitz wrote:
> > 'Tis the season to send spam
> >
>
>
>
> Spam from arsehole Roy Shysterwitch who uses Boxtrapper whilst spamming
> Usenet at 22,000/year.
>
>
>
> Results 1 - 100 of about 19,800 from Jan 1, 2006 to Nov 28, 2006 for
> author:Roy author:Schestowitz
>
>
> Message-ID: <e0buhd$2b3i$1@xxxxxxxxxxxxxxxxx>
>
> "I currently have Boxtrapper enabled for 5 mail accounts and I still
> check the
> moderation queues at the end of each month, which makes it seem like a
> rather benign solution. The big pitfall is people who refuse to verify using
> BoxTrapper or do not comprehend the challenge. They get a reply up a a month
> overdue. At least they have the cause/evidence in their box."
>
>
> Message-ID: <d6a51u$95v$1@xxxxxxxxxxxxxxxxx>
>
> "To filter messages for that account I use a boxtrapper, which works like a
> charm. This involves sending a verification request E-mail to anyone not
> already in the whitelist. I also run spamassassin (which is free) on top of
> that. Since these are server-level solutions, I doubt whether they will be
> valuable to you, but remember: more E-mail addresses = more flexibility."
>
>
>
>
> http://schestowitz.com/Weblog/archives/2005/10/18/boxtrapper-failure/
>
>
> "BOXTRAPPERS are a mechanism for stopping large volumes of E-mail spam.
> The key idea is relatively simple as the following paragraph explains.
>
> For each E-mail that comes in, require the sender to post a quick
> confirmation of his/her existence. The server sends the unknown sender a
> stub, which is then replied to as-is to complete verification. Once this
> is done for the first time, the sender is whitelisted and need never
> verify his/her identity again. Under this type of framework, untrusted
> senders must be accepted in order for their messages to be viewed
> immediately and not considered to be spam. And guess what? It works!
> BoxTrappers queues can be viewed periodically, just in case a genuine
> senders did not bother to get themselves whitelisted by replying to the
> verification request.
>
> I have 3 BoxTrappers on this domains, but they are sometimes misused as
> spammers attempt to break them, much as they destroy anything where
> scams, links, and on-line shopping are involved. Spammers will often
> identify themselves using E-mail addresses of real people, who are not
> truly themselves, thereby causing traffic from the BoxTrappers (if not
> abusive mail from the spam recipient) to be sent to genuine innocent
> people and businesses. Moreover, I have recently come to grips with a
> trend where the spammers identify themselves as people coming from my
> own domain. They get whitelisted automatically in this way, so I guess
> they found a BoxTrapper weakness or loophole. Nonetheless, it remains
> easy to filter or identify such spam. It is only a shame that it can
> become visible by escaping the queue and thus be time-consuming.
>
> These days, as I continue to edit this item, the spammers still manage
> to get past the BoxTrapper. Again, they do so by intentionally picking
> up E-mail addresses with my domain name, e.g. register@xxxxxxxxxxxxxxxx
> These come up with message bodies like âPlease change you password, go
> to URLââ and with other username variations to register, e.g. webmaster,
> admin, etc.
>
> As explained before, the domain name gets them automatically
> whitelisted, which is the core and very source of the trouble. These
> repeat almost on a daily basis (several times a day in fact) and I
> wonder how many Webmasters are gullible enough to fall for these scams,
> which I am convinced have become a widespread plague by now."
|
|
