terms of service

Discussion of items in the "What's New" log.

terms of service

Postby info » Fri Jan 07, 2005 9:16 pm

One thing we noticed that contributed to our recent difficulties was an increase of spamgourmet users causing great numbers of disposable addresses to be created (apparently via scripts) -- this is in contradiction to the terms of service: "(o) in a way that consumes resources in a manner grossly disproportionate to that of other users of the service, including, but not limited to the use of scripting or other automated means to create large numbers of accounts or addresses over a short period of time." Don't do this!!! It jeopardizes the service. So far, we've dealt with these problems manually, but it's getting to the point where we'll probably need to code in some protection against this.
info
Site Admin
 
Posts: 100
Joined: Thu Aug 28, 2003 12:54 pm

Postby Guest » Mon Jan 10, 2005 8:50 am

I say destroy them by any means necessary. If you can figure a way to detect the script in real time, delete the account right then and there, and blacklist the forwarding address.

A clever thing to do would be to 'issue a warning' at first, while secretly recording the activities of the miscreant [within limits of your storage]. As the scriptor tests methods to evade your security, you can use him to find unknown bugs in your safety mechanisms - then you can delete him.

I have a confession to make.

I use many disposables, one for each person or company that I have contacted on the Internet - 67 at last count. Through these spamgourmet has forwarded approximately 400 legitimate emails since I first started using spamgourmet in September of 2003.

In addition, the few disposables that HAVE fallen into spammers' hands have eaten approximately 28,000 spams (adding up all the numbers in the 'deleted' column); I estimate this as a total spam load of about 70 per day (actually a little less than the 100 per day to my actual email address before spamgourmet).

This has worked out as an absolutely superb system. I have been able to track exactly who traded which of my disposables to whom, found an email harvesting program in a relative's computer, caught a 'legitimate' company violating an opt-out request, etc.

There are even a few disposables which were never used by the intended (civilian) contact, and were NOT recorded, traded, or otherwise likely to receive spam. These could be safely deleted, if your system permitted it.

I would expect other spamgourmet users operate the same way. Are WE contributing to your problem?
Guest
 

Postby Guest » Tue Jan 11, 2005 10:47 pm

Anonymous wrote:
I use many disposables, one for each person or company that I have contacted on the Internet - 67 at last count. Through these spamgourmet has forwarded approximately 400 legitimate emails since I first started using spamgourmet in September of 2003.

In addition, the few disposables that HAVE fallen into spammers' hands have eaten approximately 28,000 spams (adding up all the numbers in the 'deleted' column);

This has worked out as an absolutely superb system.

I would expect other spamgourmet users operate the same way. Are WE contributing to your problem?


I hope this is the intended way of operating spamgourmet, because that's exactly how I use it, and I agree that it's wonderful.
I've recommended it to the computer literate members my family - and they all use it too.

Perhaps scripting could be slowed down by rate-limiting the creation of new disposable addresses?
Guest
 

Postby brew » Thu Jan 13, 2005 11:45 pm

That sounds reasonable. Set a limit like 15 new emails in a 24 hour period. I can not imagine that being a problem for a legit user...
Timothy E Brewer
brew
 
Posts: 1
Joined: Thu Jan 06, 2005 3:28 pm

Postby Guest » Mon Jan 24, 2005 3:49 pm

I too create a few addresses too, since I'm always in fear of re-using an address that has expired, I append the date, i.e. 050124thecompanyname.x.myuseraccount@.... but I don't do this manually - not scripts! so a daily limit might prevent this, i guess i don't generate more than 5 addresses in anyone day...
Guest
 

So how many is too many?

Postby stripes » Thu Feb 10, 2005 2:38 am

About 2 maybe 3 years ago I gave up on Usenet news. Before that I would generate a spamgourmet address for each post I made. I may have made as many as 15 posts a day on days I posted, and maybe an average of 3 a day (even then I didn't use Usenet more then a few times a week)

Would that have fit in with the spirit of spamgourmet? (I know it would have violated the letter of it, since I used a script to generate the address and stick it into the header ready to post...then spent 10 to 30 minutes composing my reply)

Currently when I use spamgourmet for stuff on the web I tend to (manually) take the domain name of the web site and reverse it to use as the disposable. If I wrote a plug-in for my web browser that did that when it was autofilling a form and found an "email" field, would that violate the spirit of spamgourmet? (at least part of the form would be filled out manually, generally either a credit card, or a long message)
stripes
 
Posts: 2
Joined: Wed Feb 09, 2005 5:12 pm
Location: CA

Postby josh » Thu Feb 10, 2005 9:31 pm

I don't think there's anything wrong with using some automated help to come up with new spamgourmet email addresses -- It's really a matter of degrees. When we're seeing several new ones per minute (or even per second!) come through, that's what adds up to cause a big headache on our end, and also seems to be motivated by what we could term an 'abnormal' intent -- either a direct denial of service attack, or an attempt to circumvent somebody elses safeguards against resource usage on a large scale.

I think putting some limit on new addresses created per day would probably do the trick.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Postby SysKoll » Thu Feb 10, 2005 9:45 pm

I second that. Same algorithm as we have for the email counter, different values.
-- SysKoll
SysKoll
 
Posts: 893
Joined: Thu Aug 28, 2003 9:24 pm

Postby Guest » Sun Apr 17, 2005 8:24 am

If you can, please let us know when the limit is implemented, and what that limit is, and how to tell if we exceed it.
Guest
 


Return to What's New

Who is online

Users browsing this forum: No registered users and 12 guests

cron