Attacking back at the Spammers

Some of my friends and acquaintances know that I am have been experimenting with a new scheme to control spam email.  Like many people, I have had to abandon email addresses in the past due to over-abundance of spam.  When you open a new email address, there is no spam.  But as you continue to use the box, eventually the knowledge that you are actually using a particular email address gets out.  Once your email address becomes known to the spammers there is no sure way to get them to forget it.

A verified email address has value, and lists of email addresses are traded and bartered in the spam underworld.  Even a non-verified but potentially valid email address has value.  Sending a piece of spam does not cost much, but it has a cost.  Sending to all possible email addresses (start with aaaaaaaa@aaaaa.com, then aaaaaaab@aaaaa.com, etc) is not viable.  Spammers want an email address that is known or at least likely to work.

You could say that a particular email address has value because it is so much rarer than a completely random email address.  A list of 1000 addresses that reaches 1000 people is the same value as a list of 100,000 addresses that reaches 1000 people.  From a spammer’s perspective, you would like every email address to be valid (reach a person) forever, and have no addresses that go to dead ends.  When people change their email address, there is a cost (albeit small) to the spammer, because the old email address become invalid.  My goal then is to frustrate spammers by filling their lists with invalid email addresses.

The Answer

The value of my email address is due to its relative rareness.  I can decrease the value of a particular email address, by increasing the number of email addresses I use.  The idea is this: I can use thousands of email addresses out of a pool of billions of possible address.  I can use a unique email address for (almost) every occasion.  All of the email addresses deliver mail to me.  Imagine the extreme: I print my business cards with a unique email address on every card.  Anyone who uses the address has no problem sending email to me.

It is possible that in the course of normal email interchange, an email message with that address on it, gets posted to some sort of web page (e.g. email forum archive) and the spammers pick it up from there.   The anti-spam feature is that whenever I start to receive spam on a particular email address, I turn off (disable) the address.

What if a legitimate party was using that address?  What if that is the email address I gave to my mom to use to contact me?  This would block email from her as well.  Part of the scheme has to be keeping a record of who I have given the address to.  When I turn that email address off, I go back to the legitimate person that I gave it to (e.g. mom), and give them a new email address to use.

You might be thinking correctly that this is onerous to have to tell people to use a different address.  But keep this in mind: if I have given unique addresses to each of my hundreds of correspondents, then all of those addresses except this one remain unaffected.  In the past, I have had to abandon entire email inboxes to ALL correspondents, and send them ALL a new address.  Since there is no way I can remember all of them,  I undoubtedly lose a many along the way.  The need to abandon an email address is rare in general, and contacting one person to switch is painful, but far better than contacting all your contacts.

Version 1.0

About 6 months ago I put in place a plan to experiment with.  It turns out that the XPDL.ORG site, which I help run, has unlimited free email forwarding.  So what I did was create new cryptic email addresses, and forward them all to my regular email inbox.  For example:

kds_Why54TzrvyZfgzNqqerf@xpdl.org

Every time I signed up for some sort of online service or account, I would create a new forwarding address. I created a private wiki page where I recorded the cryptic address, who or what I gave the address to, and when I did that.  The idea is that if I ever have to turn that forwarding off, I can get back in touch with whomever I gave it to.

The email address must be long so that it can not be guessed.  For example if I just use “keith1″, “keith2″, etc. it would be too easy for the spammers to guess other valid email addresses.  This could cause me to have to turn off many many addresses inconveniently.  If I make the address long and cryptic, then it is very very hard to guess other legitimate addresses, making those addresses relatively safe.

Most of these email addresses are entered into online forms, and used by those services, without anyone actually having to read them, or type them, so it really does not matter how long and complex the email address is.

It is not perfect…

What about “from” address on email?  On my standard email, I created a new cryptic address as my “from” address every month. It does not matter how long or complicated an email address is when people simply use the “reply” button.  Cycling every month is not perfect because if someone puts that email in their address book, and it also gets on a spam list, I might turn it off, and I don’t know who using that address, so I don’t have any way to let them know a newer address to use.  Creating a new unique address for every email might be better, because this decreases the chance that someone would hang on to an address that also got on a spam list, but that causes other difficulties.

Some services require you to log in using your email address.  If you really want to keep your “real” address private, then you have no choice but to give them and use the cryptic on to log in.  Typing that long and meaningless address is a pain, so in those cases I have to create an address that is easier to remember and type, which unfortunately decreases its security.

Because you are using many email addresses simultaneously, it is possible to start getting multiple copies of a message.  For example, if a message comes to you using address “a”, and you reply to it using address “b”, then both addresses become part of the ongoing email address.  Some email in-boxes are smart enough to eliminate the duplicate, but not all are.

Every time you sign up for a mailing list, you use a unique cryptic email address, but again this can cause message multiplication when the message is addresses to multiple lists which have different email addresses for you.

In the six months that I have been doing this, I have not had the opportunity yet to turn off an email address.  This is because it takes time to get on those spam lists, so as far as I know, none of my “new” email addresses that are less than 6 months old are on any lists yet.    So it is really too early to tell.  It is also true that going to the admin interface and creating a new cryptic email address, recording what I am using it for, and then using that in the sign up form, makes signing up for any service quite a bit more trouble.   Sometimes I am too lazy, and just go ahead and use the fixed address because it is easier.

Version 2.0

I just found out about a new service called otherinbox.com.  This is the service that I have been looking for, and it is aimed at exactly this problem.  (Scott Francis: you mentioned this service to me a while ago, but it took me this long to investigate.)

You get an account ($20/year – trial accounts are free) and it gives you an infinite number of email addresses which all go to you.  It has all the capabilities described above, including the ability to block an address at any time in the future.  You can record notes about a particular address to remind you of who you gave the address to, and when.

There is one particular improvement over my old scheme: you don’t have to set up the address in advance.  When signing up for an account at Barnes and Noble I can create a suitably cryptic address on the fly, and it will automatically create the inbox for that address without extra work from me.  Usually such services start by sending an email for you verify that you own the address, so I can go to the otherinbox.com, find that new email address, and set the address to be forwarded.  This is so much nicer to do later instead of having to do it before you sign up, particularly when you are not on line.  You can even make up an address while filling in a paper form with a pencil, and eventually the account is created for you — if needed.

They have a lot of other features for filtering and such.  Email can be forwarded, or picked up directly from their web or IMAP interface.  If you want, you can let the email pile up there, and receive only a digest of the email once a day.  That might be really handy with some of the email lists I am on.

Contemplations

Perhaps this seems like a lot of trouble, to have to set up and manage a bunch of different email addresses so that you can have the option to cut one off if necessary.  To be honest: it is lot of trouble.  OtherInBox looks like a lot less trouble than my initial way, but it is still more trouble than just being able to give out a single address forever.  Some of the need for this might go away if we had widespread cryptographic signing of email messages so we could know who the email came from, but there are many forces working against that.  Signed messages would not help in a mailing list situation when you are exchanging messages with people you do not know.   There are some possibilities that social software will offer some benefits in this area, once they have matured a bit more. So for now given the current infrastructure, this looks like the best hope for combating spam.

A single solution with a single console, McAfee Total Protection for Enterprise reduces the complexity of managing your enterprise security. It delivers comprehensive threat prevention, centralized management, and scalable network access control. This integrated approach enables you to protect data and ensure business continuity by proactively blocking known and unknown attacks, and controlling noncompliant endpoints.

The unified management platform makes your operations more efficient and effective through centralized deployment, configuration and policy setting, and strict monitoring of your enterprise-wide security posture from within the easy-to-use console. As the industry’s first truly integrated security solution, it provides significant licensing savings and one point of support for your entire enterprise.

Mcafee total protection for endpoint essential

This package is actually the budget version of the suite. It includes the Anti Virus for Enterprise, Anti Spyware for Enterprise, Desktop Firewall, Host Intrusion prevention for desktops and Site Advisor for Enterprise Plus for safe searching and site blocking. The software can easily be deployed and managed with McAfee Epolicy Orchestrator. Because of the small scale on which Endpoint Security is being implemented in Suriname, this is the application that most Local Companies use.

The on-access scanner for spyware, malware and PUPs prevents malware, spyware, and potentially unwanted programs (PUPs) from installing and spreading on your system. The behavior based technology also prevents hackers from inserting malicious code into systems during buffer-overflow attacks.

 Mcafee total protection for endpoint standard
The standard edition includes all of the features from the essential edition, but also adds in a powerful Email scanner which scans all of your inbound and outbound email for spam, viruses and inappropriate content. It quarantines suspicious emails to protect the system from continuously evolving threats.

 Mcafee total protection for endpoint advanced
This version adds additional Network Access control to the application. It is designed for complete endpoint security for today’s popular endpoint operating systems.

A honeypot used to collect spam is called a spamtrap. Spamtraps are usually e-mail addresses that are created not for the purpose of communication, but to lure spam. In order to prevent legitimate email from being invited, the e-mail address will typically only be published in a location hidden from view from the legitimate user, such that an automated e-mail address harvester, generally web page scrapers and bots, used by spammers can find the email address, but no sender would be encouraged to send messages to the email address for any legitimate purpose. Since the owner of this spamtrap e-mail address solicits no e-mail, any e-mail messages sent to this address are immediately considered unsolicited and hence rejected as spam.

For example, we can take the email address as “spamtrap@mydomain.org”. If we take this address and embed it in our source HTML page then the user would not be able to see it but the spammer would be able to access it through his web page scraper or bot and would send a message to this address which is an indication that a spammer has send it. This information can further be used for further analysis and building secure networks.

Transparent SMTP proxies are specialized Mail Transfer Agents (MTAs) that,pass SMTP sessions through to other MTAs. They differ from regular MTAs in that they neither pass on e-mail via store-and-forwarding nor delivering the e-mail to mailboxes. Instead, when they receive an SMTP session request, they open up another SMTP session to a target MTA. Any errors/status information from the target MTA will be passed back to sending MTA through the proxy.

SMTP Proxy allow to combat spam in real time,combine sender’s behavior controls,provide legitimate users immediate feedback, and eliminates the need for a quarantine.

In general, using Blacklists to control spam is a highly ineffective and innaccurate choice.  And that’s mainly because of the sites like the NoMoreFunn or No-More-Funn list. 

If you want to incorporate Blacklists, the best way is to use that information very minimally, as 1 method of detecting spam.  For instance, if there are multiple characertistics of spam then adding the use of a Blacklist can help.  Or if a domain is on multiple Blacklists, that can be an issue. 

But when you are checked against 99 Blacklists, and your domain is only listed (erroneously) on ONE blacklist, then the odds are that you are on the error-prone NoMoreFunn list who adds entire blocks of addresses to his list.  At my office, this is what we generically refer to as “a guy in his garage”.  It’s the guy who can fix some cars…in his garage.  He can play some music…in his garage.  A lot of people are frikkin’ geniuses, in their garage.  

When I examined the listing, he said he’s blacklisting an entire block of IP Addresses from my ISP - not my mail server, not my IP address – an entire block.  An ISP has thousands and thousands of addresses with thousands of customers.  To arbitrarily make these false accusations against companies is not just ineffective but it’s irresponsible (it’s interfering with work).  It’s like saying you got of piece of junk mail from company “x” in New Orleans, so the most effective way to eliminate junk mail will be to block all the mail from New Orleans.   The NoMoreFunn lists weakens the entire world of Blacklisting.  Because he lists entire blocks, a mail server can never send a single piece of spam, yet still be listed on Dr. Mash’s NoMoreFunn list (a Blacklist that contains non-spamming mail servers is a completely useless list).  Like it says when you attempt to remove yourself from his list: If you don’t want to get listed again, don’t send spam.  As though that’s the only way anyone gets on that list. 

NoMoreFunn is NoMoreGood

So that is why Blacklists are ineffective and that is why Dr. Mash’s NoMoreFunn Blacklist is the most ineffective list of the 100 lists it was compared with by MXToolbox. 

One of  the best ways to identify and authenticate your mail server is to use Sender Policy Framework (SPF).  It uses existing infrastructure (DNS) and it’s FREE.   When shopping for SMTP Security / Anti-spam services, be sure to look for systems that can take multiple actions based on SPF validation.   The use of DNSBL or RTBL should not be relied on. 

If you’re using Blacklists, I’d recommend that you (A) Don’t reject messages solely based on these lists and (B) Don’t rely at all on the NoMoreFunn list. 

The guy running the blacklist provides some information about himself - if your System Administrator is letting your business’s communications rely on this guy’s blacklist, then your System Administrator might be an idiot.  

I’m living with my wife, Berit, and our cats Louis, Lauritz and Agnes at Nøddeboparken in Vallensbæk, south of Copenhagen, Denmark.
 
When I’m not working or trying to sell my house, i’m probaly e-mailing, drinking beer, drinking more beer, bowling, playing backgammon.

Generally, we’ve had trouble with RoadRunner account – looks like those idiots aren’t sure how to effectively fight spam.  We’ve encouraged our business customers to get a host who is more effective than RoadRunner.  We’ve also had trouble with one or two small companies (under 5 people).  All of the mid-size and up companies have IT personnel on staff who can weed out useless blaklists like No-More-Funn.

If you want to check up to 147 Blacklists, go to http://www.mxtoolbox.com/blacklists.aspx

Callback verification, also familiarly known as callout verification or Sender Address Verification, is a technique used by SMTP software in order to certify e-mail addresses. The most common target of verification is the sender address from the message envelope (the address specified during the SMTP dialogue as “MAIL FROM”). It is mostly used as an anti-spam measure.

Since most of the spam uses forged or invalid (“sender”) addresses some of it can be detected by checking whether the “from” address is valid or not. The sender address can be verified by making an SMTP connection back to the mail exchanger for the address, similar to creating a bounce, but stopping before any email is sent.

Though callback verification is compliant with SMTP RFCs, it has many disadvantages. Since a large proportion of spam has forged return addresses, nearly all callbacks are to innocent third party mail servers unrelated to spam. Also concurrently, there will be numerous false negatives due to spammers abusing real addresses and some false positives.

One of the side effects of being the most popular operating system on the market is being the biggest target for viruses, worms, trojans, and other malicious software. In Microsoft’s case, some would also argue that the Windows code is more vulnerable to malware than other operating systems, and that Microsoft’s business practices have made it more of a target than, say, Linux or Apple.

Anyway, the impact is that when you buy a new Windows computer, the first thing you have to do is install some security software, mainly an antivirus program and firewall, and maybe anti-spyware and anti-spam software as well. Several vendors like Symantec (Norton) and McAfee offer complete Internet security suites that bundle the above applications, and a lot more, into one package, making it easy to protect your computer; these set you back $50–$80 for a 1-year subscription.

I’ve used Norton Internet Security and ZoneAlarm Internet Security before, and they both seemed to keep my computer safe. Unfortunately, $50–$80 a year is way more than free. Even though there isn’t a free Internet security suite like Norton or McAfee, there are plenty of free solutions out

there that address any one (or two) of Windows’ issues (virus protection, firewall, etc.). With that in mind, when my ZoneAlarm license ran out over a year ago, I decided to assemble my own Internet Security Suite by installing some of the better freeware solutions out there. The components I had to find are:

• An antivirus program, preferably with real-time scanning;
• A software firewall;
• Some kind of spam filter; and
• A spyware scanner/remover.

After trying a few different applications in each of those categories, here’s what I currently have installed on my computer:

• AVG Anti-Virus Free Edition 9;
• GhostWall FireWall 1.150;
• Mozilla Thunderbird 2;
• Mozilla Firefox 3.5.

The first 2 programs are fairly self-explanatory as far as what they do, but Thunderbird and Firefox might not be so obvious. With Thunderbird, you get an email client somewhat like Microsoft Outlook Express/Windows Mail, but with a great spam filter built right in. Firefox of course is probably the best browser available, and one of many reasons is its security features. Firefox warns you if you’re about to visit a site known to contain viruses, worms, trojans or spyware, and it also warns you if you’re about to visit a phishing (fraudulent) site.

I’m not 100% satisfied with this setup, but I’m not aware of any infections since I’ve had it in place, and I can’t complain about the price.

In the next couple of posts, I’m going to go over each component in more detail, and discuss some other options that I’ve tried, or am planning to try, for each.

As of October 31st, 2009, the attackers were DDoSing InBoxRevenge website again. This is where the IBR anti-spam forum is hosted, though the content is definitely offline at this time.

Early morning 11/1/09 it was reported by @themarkgiles Twitter user that IBR was under a flood attack from 750 bot IPs at a rate of 50/second. Source IP countries: TH (Thailand), IN (India), BD (Bangladesh), RU (Russia), BR (Brazil), PH (the Philippines), etc.

The spammers are hitting the IBR website with IPs that are compromised and under control of a botnet. Obviously some spammer is not happy with the reporting we do of  cybercriminal activities.

We will continue to post more information as it comes available.

UPDATE on 11/1/09

Taken from the most recent IBR Blogspot entry:

Good news — DDoS attacks not over

Members may have noticed another recent outage for several hours. It was another confirmed DDoS, via a method called “syn flood.” In the past, these sorts of attacks have gone on for weeks. We just roll with it.

Why is it good news? It lets us know our efforts are worthwhile, because making internet crime less profitable is exactly what we’re trying to accomplish. If we weren’t making criminals want to attack us, we’d have to wonder what we were doing wrong. We never expect to achieve the amazing level of spammer ire that Blue Security suffered in its famous 2006 attack, but then we aren’t planning to try to keep the site on line during the attacks. We just fall back to the alternate methods of spreading information. If our attackers would like to try to simultaneously take down Google, Microsoft, Twitter, WordPress, and all the other sites we’ve established a presence on, they’ll get themselves a lot more law enforcement attention than they’re currently planning on.

Comments are open for this blog, though they have to be approved by a moderator. And if you have a comment that seems to merit its own “thread,” we can repaste it as a blog post that can get its own comments.

Remember that SiL also has his two blogs, which also accept moderated comments:
http://ikillspammers.blogspot.com
http://spamitmustfall.blogspot.com

And we have our other sites for announcements:
http://twitter.com/inboxrevenge
http://inboxrevenge.webs.com
http://inboxrevenge.blogspot.com
http://spamtrackers.org
http://inboxrevenge.spaces.live.com

As always, the best response to retaliation is to continue to do the reporting you were doing before — but to do more of it.  At the time of this post update, the IBR website loads as a 403 error as of 18:00 GMT on 11/1/09.

There are a tiny number of organizations that offer IP Whitelisting and/or licensed tags, which can be placed in an email for a fee to assure the recipients that the messages thus tagged are not spam. This system relies on the fact that the tag should have a legal value. The intention is for the email administrators to whitelist messages bearing the licensed tag. One of the difficulties associated with this is that the organizations that offer these licenses are actually interested in increasing the number of users who purchase these licenses rather than effectively enforcing the license. This would have an adverse effect since more and more spammers send spam by obtaining the license and may hence get away with that. However, as in a circle, the value of the license itself would come down and the motive to increase the profits by strictly enforcing them would increase. Habeas warranted that their organization was sending only “good email” by strict enforcement of their licensing criteria. Habeas was founded in 2003 and is now purchased by ReturnPath. Anne P. Mitchell, Habeas’ first CEO went on to found the Institute for Social Internet Public Policy. Habeas mail classing system further addresses this issue by classifying email according to origin, purpose, and permission.

Us faig cinc cèntims del sistema anti-spam “Greylist” que pot ajudar a radicar la plaga de l’spam que afecta a internet globalment.

• Què és un Greylist?
És una tècnica per el control de missatges Spam. És un mètode de defensa que bloqueja la majoria de correus spam. Intenta determinar que el servidor originari del missatge és un servidor de correu i no pas un sistema d’enviament massiu de spam.

• Com Funciona?
Quan s’envia un missatge de correu al servidor la primera vegada, aquest el rebutja, informant l’altre servidor d’enviament que en aquell moment no el pot processar per que està ocupat. Tots els servidors estan programant per tornar a enviar el correu diverses vegades, si això passa, el servidor receptor considerarà que aquesta prova ha estat superada i continuarà amb la resta d’avaluacions antispam.

L’spam no reenvia un correu per segona vegada.

Això només passarà la primera vegada que té relació amb un servidor de correu. Per exemple: el servidor correu.cat passa aquest procés anti-spam, a partir de la segona vegada que un correu d’aquest servidor entri al servidor, aquest ho farà directament , ja que el considerarà el servidor correu.cat com a segur. (Això també passa amb els dominis hotmail, yahoo, gmail, però degut a que aquests dominis disposen d’un gran nombre de servidors i que aquesta tècnica funciona per servidor, no es pot garantir la recepció immediata dels mateixos…).

• Conseqüències:
Durant el procés de l’enviament d’un correu per primera vegada, la recepció no serà instantània sinó trigarà uns minuts, dependrà de la configuració de cada servidor. En el 80% de les vegades, aquest es rebrà entre 10 a 15 minuts, i en el pitjor dels casos alguna que altre hora.

Hi All !!!

Participo da Rede Social da Revista Exame PME e surgiu uma nova discussão sobre o funcionamento ou não do anti-spam e a perda de mensagens importantes por causa dos falso-positivos. Resolvi postar a pergunta e resposta para compartilhar com todos vocês.

Enjoy!

—————————————————-

Content filtering techniques are based upon a specification of a list of words or regular expressions that are not allowed in mail messages. Hence, if a site receives any advertisement like “herbal Viagra” the administrator should place these words in the filter configuration. The mail server would then reject any message containing these words.

Header filtering consists of inspecting the header of the email, the part that contains information about the contents of the message. Spammers may often spoof fields in the header to conceal their identities, or make the mail look more legitimate; but many of these spoofing methods will be detected. In addition, the messages that do not confirm to the RFC 5322 standard are frequently rejected.

But the disadvantages of filtering are three fold: First of all, it could be time-consuming. Secondly, it is prone to false positives. Third, these false positives are not equally distributed since legitimate messages related to products frequently related to spam are rejected.

Spammers often change the spellings of the terms they use meaning more work for the administrator. However, these also have some advantages for the spam fighter. If the spammer spells “Viagra” as “V1agra” or Via_gra, it would be difficult for the spammer’s intended audience to read it. In addition, if the spammers try to trip up the phrase detector by inserting an HTML comment in the middle of the word, it would be easily detectable and is an indication that the message is spam. In addition, considering the case where in the sender sends only images instead of any text then the fact that there is no readable text in the body can be detected and the message can be flagged as spam.

Content filtering can also be applied to the URLs present in the message. This type of filtering is much tougher to disguise since the URL has to resolve to a valid domain name, which is difficult for the spammer.

Extracting and comparing a list of such links to published sources of spamvertised domains is a simple and reliable way for eliminating a chunk of spam via content analysis.

Beveiligen tegen spam is eenvoudig.

Doordat informatie via het world wide web overal te zien is, betekent dit internet een fantastisch promotie-medium. Reclame, in casu direct mailing, via het web is aan strikte regels gebonden. Maar niet iedereen houdt zich er aan. Vaak sturen bedrijven, organisaties of malafide groepen ongevraagd en ongewild e-mails rond. En dan kom je al snel op het domein van de spam. Hier volgen enkele eenvoudige tips om je computer tegen spam te beveiligen.

Wat is spam?

Van Dale definieert spam als ongevraagde e-mails of sms’jes, vaak met reclame. Een andere definitie spreekt van ongevraagde post of reclame (ook orec genaamd) of e-mail die op grote schaal en ongevraagd wordt verstuurd.

Hiermee wordt de essentie van spam alvast duidelijk. Ze zijn ongevraagd en worden massaal (geautomatiseerd) verstuurd. Het hoeft dus niet noodzakelijk platte reclame te zijn. De informatie kan best interessant zijn voor bepaalde doelgroepen. Maar toch hangt er een gevoel van ergernis vast bij de meeste mensen van wie hun postbus regelmatig overstelpt worden door spamberichten.

Wat kun je doen om spam te vermijden?

Niet alle oplossingen kosten veel geld. Een paar eenvoudige, praktische ingrepen volstaan vaak om het grootste deel van de ongevraagde post te weren.

1. Laat je e-mailadres niet overal achter.

Wees voorzichtig met het gebruik en de verspreiding van je e-mail adres. Hoe minder je het doorgeeft, in het bijzonder op het Web, hoe kleiner de kans is dat jespam zult ontvangen.

Natuurlijk komt je e-mailadres op bepaalde plaatsen vrij voor. Denk maar aan de wettelijke vermeldingen op je website als je aan online verkoop doet. Of gewoon bij je bedrijfsgegevens. Zorg er voor dat de mensen wat moeite moeten doen om je e-mailadres te vinden op je site. Haal het weg van de homepagina en laat de mensen een paar keer klikken vooraleer het te voorschijn komt. Want wie je echt wil bereiken, doet graag een beetje moeite daar voor.

Laat mensen via je website reageren door een berichtenbox in te vullen. Zo doe je ze toekomen zonder dat de correspondent precies weet wat je precies mailadres is en kun je via deze weg ook niet op groepmail-lijsten terecht komen. Zijn het boodschappen die voor jou interessant zijn, dan antwoord je natuurlijk persoonlijk. Dan krijgt de geadresseerde natuurlijk wel je e-mailadres.

2. Beantwoord enkel betrouwbare e-mails.

Beantwoord geen e-mails waarvan de oorsprong of de verzender je twijfelachtig lijkt. Gebruik hier het simpele principe dat wat je niet gevraagd hebt niet van jou van belang is en wie je niet kent ook geen antwoord hoeft. Spammers weten immers dat wie reageert ook effectief het bericht heeft gekregen en gelezen. Vaak volstaat het om alle ongevraagde berichten een aantal keren simpelweg in de prullenmand te kieperen om de spam te laten opdrogen.

3. Gebruik een inventief e-mailadres.

De meeste webeigenaars gebruiken een algemeen e-mailadres dat begint met info@, administratie@, contact@, enz. Dat weet iedereen die een beetje met het internet werkt. Kent men het e-mailadres niet, dan is het eenvoudig om zo’n algemeen voorvoegsel voor de domeinnaam te zetten. In meer dan 80 procent komen de mails inderdaad terecht. Er bestaan ook webprogramma’s die automatisch e-mailadressen samenstellen op deze basis.

Het is dus een goed idee om wat creatief te zijn met je algemeen e-mailadres. Voor een winkel kan je net evengoed shop@ gebruiken, of ideetjes@. Bedrijven kunnen b.v. vraag@ of wat@ instellen. Dat is veel minder evident en beveiligt je inbox vrij doeltreffend omdat het niet voor de hand liggend is. Zorg er dus voor dat de mensen met wie je in contact wilt staan, je e-mailadres moeten krijgen en niet gemakkelijk kunnen raden.

4. Camoufleer je e-mailadres.

Als je je e-mail adres publiceert op een website, camoufleer het dan, bijvoorbeeld door de “@” te vervangen door “at”. Je adresnaam@bedrijf.be wordt dan naam(at)bedrijf.be. Je kunt ookspaties toevoegen net voor of na de @. Dat zorgt ook voor foutboodschappen bij e-mailautomators.

Nog een vaak gebruikte techniek is om een controlewoord te laten invullen vooraleer je e-mailadres te voorschijn komt. Dat gebeurt vaak vooraleer je een bericht met een berichtenbox kan versturen. Maar je kan dit net evengoed doen als vooraleer je je mailadres toont. Even effectief en automatische programma’s kunnen hier geen weg mee.

5. Gebruik degelijke beschermingsprogramma’s.

Laat niet eender wat op je computer binnenkomen. Bescherm hem door filters te gebruiken. Installeer een Firewall (software dat je computer beschermt tegen indringers via het internet) en een anti-virus programma. En gebruik de functies van uw e-mailprogramma of computersoftware. Vergeet ook niet je software (systeemsoftware inbegrepen) regelmatig te updaten zodat deze doeltreffend en up-to-date blijft.

Hou hier ook rekening mee bij het kiezen van een hostingfirma voor je website. De betere webhosters, b.v. SiteHosting te Merelbeke, beveiligen hun eigen internet- en mailservers immers goed met programma’s die malaware, spam of hackers tegenhouden. Dat is een eerste buffer die je gebruikt om de grootste hoop storende boodschappen te filteren voordat ze je inbox bereiken.

En vertrouw niet echt de “gratis” beveiligingsprogramma’s die je her en der vindt. Ofwel bieden ze slechts een beperkte bescherming of ze lopen wat achter in het beveiligen van de nieuwste virussen. Of heel erg, het kunnen zelfs placebo beveiligingsprogramma’s zijn van malafide bedrijven die zo op je computer kunnen binnen geraken.

Besluit.

Het beveiligen van je e-mailadres en het vrijwaren van je inbox tegen spamberichten hoeft niet steeds erg duur te zijn. Door een aantal eenvoudige, praktische richtlijnen toe te passen voorkom je massale spam en hou je de instroom van ongevraagde mails beperkt.

Michael Geist provides a gallant service following and analyzing the legal developments in the Canadian Parliament relative to internet, privacy, DRM. His current focus is the ECPA that is having its Commons review completed Monday.

Electronic Commerce Protection Act (C-27) (Posts on Michael Geist site re this topic)

The ECPA is basically intended to be an anti-spam bill. This should include opt-in only relative to advertising. It has become mired in the minutiae of cookies, tracking, email address collection and such things. The opposition Liberals appear to be taking the opportunity to side with the lobbyists from the advertising world to create exclusions.

I have little faith in such legislation. The future will be in self protection, and online tools that assist. The comments in the latest post on copyright lobbyists are well worth the read.

[Note: This is not specifically a Usage Based Billing problem, but it certainly needs some attention.  Also I don't usually re-post so much of anyone else's posts, but since time is short and disseminating this information is so important, I'm doing a lot of cutting & pasting here. Some of my thoughts are interspersed between the quotes... quite frankly this still feels surreal. I am just amazed that this could really be happening. I shouldn't be but I am.]

Oh! Canada

CANADA, we have a problem…

Bill C-27: The Electronic Commerce Protection Act

It started with our government’s attempt to pass anti-spam legislation. Seems like a good idea, right? Harmless enough. What can go wrong?

But wait– we’re talking about politicians here. So…

Seems there’s a problem with The Canadian Marketing Association. Well, yes, they’ve known about it and didn’t have a problem as long as its been in the works… since June. Hey, they’ve only had four months to mull it over… so, well, they’ve changed their minds now. Since the law will probably pass on Monday, the Canadian Marketing Association Attacks Anti-Spam Bill.

Well, that’s not too much of a surprise, is it? I mean. this is a marketing lobby group. Of COURSE they want to be able to send as much spam as possible. Um.

Well hey, they only want one little change… they just want to rip the heart out of it, that’s all. The core of the proposed legislation is “a requirement for express opt-in consent”, in other words, it is illegal to send us spam without first getting our permission. This, after all, is the whole point of the law. They want it changed to give them the right to send us as much spam as they can until we tell them “no.”

Well, we’ve all seen how effective the CRTC telephone marketing “Do Not Call List” worked out. Thousands of people on the Do Not Call list, thousands of complaints, yet the CRTC could only find it in their hearts to find fault with three telemarketers, and then backed out of prosecuting two of them. (By this point I’d bet the third guy walked too…) Uh huh. So, no, I don’t think there is any point to even bothering, if they disembowel the legislation, right?

So Professer Geist’s take on it is that we have to fight for it if we actually want a law with teeth. He also provides a lits of links to the committee that is supposed to be getting this law passed, with the suggestion that we email all of these good folks and let them know how we feel about eviscerating the law.

So today is Friday, time for weekend wind down to get started… but wait. I’ve been looking forward to getting my next alphabet post finished and on line, but this annoying but not particularly urgent story about C-27 isn’t such a big deal except…

it turns out that was just a sideshow… the main event is far more chilling..

In Michael Geist’s sidebar:

“ RT @doctorow: CANADIANS! Hollywood & telcos want right to install spyware, delete apps, snoop; contact MPs TODAY! ”

Both Michael Geist and Cory Doctorow are clearly agitated about something that sounds like it is straight out of Little Brother.

You can read it on boingboing:
boingboing: Telcos and Hollywood ask Canadian govt for right to secretly install spyware, listen in on your network connection — ACT NOW!

You can read it on Michael Geist’s blog:
Michael Geist: The Copyright Lobby’s Secret Pressure On the Anti-Spam Bill

But this isn’t fiction, it is happening in Canada RIGHT NOW.

So instead of doing what I planned to do with my life today, I’m plunging into this incredible …conspiracy. That sounds so absurd, like bad fiction.

Here’s my attempt at making sense of this. This Copyright pressure group is trying to influence Canadian anti-spam legislation:

“The copyright lobby’s interest in the bill has been simmering since its introduction, with lobbyists attending the committee hearings and working with Liberal and Bloc MPs to secure changes. The two core concerns arise from fears that the bill could prevent surreptitious use of DRM and block enforcement initiatives that might involve accessing users’ personal computers without their permission.”
–Michael Geist

This is incredible. Who’d a thought?

Turns out Bill C-27: The Electronic Commerce Protection Act covers more than just anti-spam.

It was written to include a requirement that software cannot be installed on a user’s computer without consent, as an anti-spyware provision.

What a good idea.

Its about time. For the same reasons it isn’t nice to put unwanted software (like for example viruses) on corporate computer systems, it will give individuals the same sort of legal protections for our personal computers that are extended to corporations. This law will make it illegal for companies to put software you don’t want on your computer without getting your permission.

Because no one should have the right to put software on my computer without MY permission.

Just as no one should have the right to put software on YOUR computer without YOUR permission. It is, after all, YOUR computer. You bought it to do what you wanted or needed it to do. Why should anyone have the right to put things on your computer? It isn’t THEIR computer.

what is spyware?

Spyware is like a virus because we don’t put it on our own computers. Someone else does. Spyware is software which is sneaked into our computers. Without our permission. Without our consent. And then like a virus, it does something we don’t want it to do. Because, after all, if we wanted it to do what it was doing, no one would bother to sneak it onto our computer in the first place.

Devices like cookies allow spyware to keep track of what we do and where we go. The information the spyware it finds out about us is then reported back to the the company responsible for putting it there.

Java script can be very dangerous as well, since it can contain executable code. This means java script can start up a program without your consent– like spyware — and make it run on your computer.

When someone puts a program on your computer without your knowledge and consent, there is a very good chance that these programs are doing things you don’t want them to do.

NoScript offers protection for internet use.

Protecting Ourselves

There has been an increase of software programs allowing consumers to protect ourselves from cookies, javascript and spyware. These programs usually stop the thing we don’t want from happening, but give us the option of allowing it. In this way we can decide whether the thing we want to do is worth the risk of allowing the cookies, javascript and spyware to do their thing.

One of the protections I use all the time is called NoScript. Whenever anyone sends me a link to something on YouTube, I must first give YouTube permission to run javascript or I can’t see the video clip. Except for my bank, no matter how often I go to I site, I only give “temporary permission”. Some websites don’t work well or at all without cookies or java script. With this kind of protection, I get to choose if the website is important enough for me to risk running these things.

So far nothing really bad has happened, but if something did, I’d be much better able to figure out which website caused the problem, and be able to avoid it in future. A wonderful piece of anti-virus software I use always is called AVG. As well as keeping my computer virus free, AVG prevents software on my computer from connecting to the internet without my permission.

Of course this information is also very valuable to con artists and scammers.I’ve just publicly given out the information that (a) I use NoScript and (b) AVG. Since NoScript is a Firefox add-on, I have also told the world that I use Firefox rather than Internet Explorer or Opera. Who cares? Obviously somebody does, or spyware wouldn’t exist. The more a company knows about me, the easier it is for them to know how to sell me something. The more information they have, the better they know what spam to send to who.

AVG logo

Companies who wanted to find out this kind of information about us used to hire market research firms who would do surveys or run focus groups. Usually the respondents would get some kind of gift or per diem for sharing their information. Better yet, people KNEW that they were being asked. Obviously it is much more economical for companies to just take this information they want to know about us without our permission. I consider this theft. Of course “respectable” companies are not the only ones trying to “mine” consumers for our personal and behavioral information. Spammers, identity thieves and con artists are out there trying to get the exact same information for even more nefarious reasons.

Firefox Browser Logo

Really, that’s what is so scary about spyware… some company is essentially stealing information about our lives. This is not the same as a survey, because we know we’re talking a survey. This is more like we’re being secretly followed, and now wiretapped as well. If we allow ANYONE to add software to our computers without our consent, what could happen?

I wonder: how many people have web cams on their computers? I have one. One Christmas I made a point of giving web cams to several far flung family members to try to make sure we could all stay connected. All these web cams may not be turned on all the time. Most are only turned on for holidays. It is becoming more common for laptops to have built in web cams. What happens if some spy ware is software that secretly activates our webcams, or even just the microphones we keep hooked in just in case Great Aunt Petronella initiates a VoiP contact from her trip to Bulgaria?

If companies want to spy on our computer activities at the very least they should be providing us all with free* computers.

(*Free as in beer; obviously computers given to us by corporations wishing to spy on us would not be “free as in speech”.)

But as long as we buy our own computers, we OWN them. WE get to decide what we put on them.

last minute amendments

Michael Geist’s news is that the copyright lobby wants to ensure their software will be able to trespass on our equipment and through our files so they can target “violation of a user agreement or alleged copyright infringement.” The copyright lobby is concerned that this legislation will block attempts to track possible copyright infringement through surreptitious electronic means. They want our government to give them the right to invade the privacy of all Canadians just in case there is a copyright violation.

“ Even more troubling are proposed changes that would allow copyright owners to secretly access information on users’ computers. ”
– Michael Geist

The copyright lobby is concerned that C-27 will “block investigations that involve capturing user information on computers without knowledge or consent.”

Do we want c-27 to be Pro-Spyware?

C-27 was making the copyright lobby unhappy so…

“…the Liberals have tabled a motion that would exclude Section 7(1)(b) from C-27 – effectively restoring the exception in these circumstances.”

“On top of these provisions, sources say the Liberals have also tabled motions to extend the exemptions for telecom providers. “

Using the Internet = Privacy Invasion

If this law is passed, and you ever connect to the internet, the internet carriers (Bell/Telus/Rogers/Shaw/Sasktel) will have the right to remove things from our computers or add things to our computers. This law will go much farther than the CRTC decision to allow Bell Canada to use Deep Packet Inspection, and is an even greater risk to our personal security.

There is a proposed motion that would also create an exception for telecom providers to the requirement to obtain express consent. It states that the section does not apply to telecom providers providing a telecom service, which is defined to include:

“providing computer security, user account management, routing and transmission of messages, diagnostics, technical support, repair, network management, network maintenance, authorized updates of software or system firmware, authorized remote system management, and detection or prevention of the unauthorized, fraudulent or illegal use of a network, service, or computer software, including scanning for and removing computer programs”

This is simply incredible.

This law that was originally supposed to protect Canadian citizens from spam and spyware may be compromised to sacrifice all Canadian computer security to what I’m guessing is a largely foreign copyright lobby. I am making the assumption that the driving force behind this lobby group are the American movie companies. Now, I love movies. I am a huge movie fan. Even so, I’m not willing to sacrifice Canadian rights and freedoms just in case some Canadians may be breaking copyright law.

This is like giving a key to allow strangers to enter our homes without permission. Once they have the run of the place, who knows what they’ll do. They remove what they want, and leave a bit of spyware in their wake. Whatever happened to due process of law? There are no warrants necessary. The assumption seems to be that all Canadians are crooks, therefore all Canadians can have their computers searched and altered without permission… just in case we might be doing wrong.

This law will give these rights to corporations. We aren’t even talking about police services here. THEY will still need to get a warrant.

Under these ill advised amendments to the proposed law, if I buy a commercial movie DVD, and put it in my computer, it may have the equivalent of a corporate virus on it. If I log on to the internet, Bell Canada can crawl into my computer and add or subtract software or content from my computer as they see fit. They will have the power under this law to rifle through the contents of my personal computer to investigate just in case I may have broken a law somewhere.

Brazil video cover art

I am getting chills up my spine as I remember a scene from Terry Gilliam’s Brazil, where a home is invaded and ransacked and family members are dragged away in chains by the security forces. When it comes out that they went to the wrong address no one cares. Restitution is not made, the wrongly incarcerated are not released. This is precisely why civil rights are necessary.

If they make this the law they can put this DRM virus software anywhere to affect anything and everything, Linux included. If it is legal for them to remove software from your computer without your permission, it could well be your anti-spyware software or intruder alarm that they take out so that we cannot see their tracks.

Until you put the software or the movie DVD or music CD in your computer you won’t even know if it has DRM set to target anything on your system.

Even if you never introduce a new piece of software or hardware or CD or DVD to your computer again you are still not safe if you go online anywhere near Bell Canada, since the right to trespass in our internet traffic the CRTC gave Bell Canada for Deep Packet inspection was just the beginning. The incredible ability to violate our rights that this law will give Bell Canada is staggering.

If this becomes law, the ONLY way to be safe is to keep your computer pure… no internet, no new anything. Because the second you do, your privacy is at risk.

Our civil rights are being thrown out because?

This is about copyright infringement. So lets look at worst case scenarios here, I mean really: how bad can it be?

Instead of safeguarding Canadian interests by protecting our computers from outside invasion, these last minute changes would result in giving away our right to privacy and computer security by allowing corporate interests to secretly sneak into our computers and do whatever they like. Call me crazy, but it sounds like a really bad deal to me.

Take it further. If these “good guys” can do it, what is stopping the bad guys?

Obviously, the same kind of invasive software deployed by criminals or terrorists will now have a much easier time of it.

How about my idea of a nightmare. Lets say one of the Bell Canada employees is a pedophile. Because this person now has free access to all the Canadian computers accessing the internet, this pedophile will no longer need porn sites… pedophiles in those Bell Canada spying-on-customers jobs will be able to have all the fun they want with any photographs or home movies of our children we were foolish enough to put anywhere near a computer. And hey, it would be child’s play for this same pedophile to be able to find out where our children live and go to school.

Extreme case? Sure it is. But that’s the problem. This kind of law expects citizens to trust people we don’t know with this much power over us. Maybe the head of Bell Canada is a prince of a fellow. But I don’t know that. How many employees does Bell Canada have? Lots. Probably even lots AND lots. I don’t know any of them. They are probably all fine upstanding people. But maybe one of them isn’t. It’s just that one that’s the problem.

Security? Well, lets see… if it is now legal for these computers to access our equipment and data, and these people and corporations are allowed to add things to our systems, or subtract things from our systems, how can they possibly ever bring even the worst copyright infringer to court? Any “infringing” material that is discovered through these techniques is now suspect. After all, it could have been added just as surreptitiously as the spyware.

Canadian Computer Rights

You may not take things from my computer without my permission

I’m not a lawyer, but it seems that we have to be in order to defend ourselves. I don’t know if anyone else has written anything like this but here goes:

The Rights of A Canadian Computer User

No one has the right to put anything on my computer without my permission.
Just as no one has the right to put a bug in my bedroom.

No one has the right to take anything from my computer without my permission.
Just as no one has the right to take anything from my home without my permission.

No one has the right to read my email without my permission.
Just as no one has the right to open my snail mail without my permission.

No one has the right to go through my document folders without my permission.
Just as no one has the right to go through my file cabinet without my permission.

If any corporation feels that they should be entitled to trample on any of these rights by virtue of the fact that I purchased a piece of equipment, software, CD or DVD, just inform me you plan on doing these things BEFORE I purchase the item from you. That way, I can decide if it is worth it to me to put my privacy at risk.

There can be absolutely no justification for doing any of this secretly.

Canada has both laws and law enforcement capabilities.

Canada HAS laws. It has one of which I’m particularly fond:
Canadian Charter of Rights and Freedoms

Canada even has law enforcement agencies.
If the forces of law believe that I am in fact infringing on copyright, let them follow the rules of Canadian Law and do an investigation.

If searches are deemed necessary, let there be search warrants. Remember that Canadian Law I mentioned? It has a bit that promises Canadians:

Search or seizure

8. Everyone has the right to be secure against unreasonable search or seizure.

– Canadian Charter of Rights and Freedoms

The changes to Bill C-27 being contemplated by the committee would actually grant powers of unreasonable search and seizure to corporations.

This is NOT acceptable.

The basic presumption being made seems to be that all Canadians are guilty. We are all criminals. Yet even in Canada the law affords Canadian citizens the presumption of innocence:

“Any person charged with an offence has the right … to be presumed innocent until proven guilty according to law in a fair and public hearing by an independent and impartial tribunal.”
– Canadian Charter of Rights and Freedoms

Anyone who has read my blogs is aware that brevity is not my strong suit.

But that is clearly what is called for here. We need to tell all of these people in no uncertain terms that this is NOT acceptable. So this is the letter I am about to send to all of them:

Re: Bill C-27: The Electronic Commerce Protection Act

I am deeply concerned that the committee working on Bill C-27 is considering last minute amendments to this law (or possibly introducing modifying legislation later) that would make it legal for third parties to surreptitiously add to or remove anything from my computer without my express consent.

Corporations and Internet carriers should not be allowed to invade my privacy because I’ve purchased their movie or used the internet. Allowing corporations and telecommunications carriers to surreptitiously invade the privacy of Canadians flies in the face of provisions of the Canadian Charter of Rights and Freedoms and the Privacy Act as well as being contrary to advice offered by Public Safety Canada.

Don’t be pressured into making last minute ill advised changes without time for serious thought and investigation. Doing this would certainly not be in the public good. Canada deserves good laws.

My computer belongs to me. No one else has the right to put anything on it or take anything off it without my permission.

Sincerely,
Laurel L. Russwurm

As with everything else I have written in this blog, this is clearly placed in the public domain. This means that you are free to copy it verbatim or make any changes you see fit in order to send your own letters.

Because that’s what we need to do. We need to tell them NO.

private files

This is the committee who are putting this law together
(links direct to email addresses)

The Honourable Tony Clement, P.C., B.A., LL.B., Minister of Industry (Conservative)
Hon. Michael Chong, Chairman of the Committee
Anthony Rota, Vice Chairman (Liberal)
Robert Bouchard (Bloc Québécois)
Gordon Brown (Conservative)
Siobhan Coady (Liberal)
Marc Garneau (Liberal)
Mike Lake (Conservative)
Brian Masse (New Democratic Party)
Dave Van Kesteren (Conservative)
Robert Vincent (Bloc Québécois)
Mike Wallace (Conservative)
Chris Warkentin (Conservative)
Along with a lovely link that will help you find your own MP in the event you don’t know who it is.
Find your Member of Parliament

I would think that the Minister of Public Safety would also have a definite interest in these changes to this proposed legislation, since the tabled loopholes will certainly make it more difficult for the forces of Canadian law and order to successfully prosecute perpetrators of electronic crimes (such as con artists, identity thieves etc.)
The Honourable Peter Van Loan, P.C., B.A., LL.B., M.A., M.Sc.Pl., Minister of Public Safety (Conservative)

irony

October is Cyber Security Awareness Month

I’m pretty sure that the politicians being pressured by the big guns of the copyright lobby haven’t thought about the ramifications of this. That’s one of the reasons for pressing for a last-minute addition, it can’t be scrutinized as closely because there isn’t time.

I haven’t had time to read through all of these, and I’m not a lawyer, but here are some Federal Government Online resources that may prove helpful for further investigation– AFTER making sure that the applicable government players not to do this.

Public Safety Canada
Cyber Security
October is Cyber Security Awareness Month
Protect your computer, your information, your family and yourself
Welcome to the Royal Canadian Mounted Police
Scams and Fraud
Reporting Economic Crime Online (RECOL)
Office of the Privacy Commissioner of Canada
The Privacy Act

STOP Usage Based Billing

In computer networking, the determination of a domain name that is associated with a given IP address using the Domain Name System (DNS) of the Internet is known as reverse DNS lookup or reverse DNS resolution (rDNS).

The PTR/DNS records in the reverse DNS can be used for a number of things some of which are:

• Most server software or Mail Transfer Agents (MTA) use a Forward Confirmed Reverse DNS verification method and if there is a valid domain name,place it in the “Received:” trace header field.
• A few of the email Mail Transfer Agents will perform FCrDNS verification on the domain name given in the SMTP HELO and EHLO commands.
• Checking the domain names in the rDNS to see if they are from dial-up users, dynamically assigned addresses or home-based broadband customers. Since most of the email originating from these computers is spam, many mail servers do not allow email with generic or missing rDNS names.
• A Forward Confirmed reverse DNS (FCrDNS) verification creates a kind of authentication that there is a valid relationship between the owner of a domain name and the owner of the network that has been given the IP Address. This authentication is strong enough and can be used for whitelisting purposes since spammers and phishers would not be able to bypass this verification when they use zombie computers to forge the domains.

Esse artigo Mostra as 10 melhores empresas de Hospedagem Grátis.

Provedores de hospedagem grátis com PHP & MySQL

1. Tharsys Informática – Hospedagem grátis servidor Brasil, com 500MB de espaço, 100GB de banda, PHP, MySQL, domínio .com .com.br e Plesk PT-BR .
2. 000WebHost – Hospedagem grátis com 250MB de espaço, 100GB de banda, PHP, MySQL, Perl e Cpanel.
3. 110MB – Hospedagem grátis com 5GB de espaço, 300 GB de transferência, SSL, PHP 5, MySQL e Python.
4. Gigacities – Hospedagem grátis com 20GB de espaço, 300GB de banda, PHP 5 e MySQL.
5. iFastNet – Hospedagem grátis com 300MB de espaço, 30GB de transferência mensal, PHP e MySQL.
6. Lead Hoster – Hospedagem grátis com 250MB de espaço, 6GB de tráfego, PHP e MySQL.
7. 8TT – Hospedagem grátis com 10GB de espaço e 10GB de banda, PHP e MySQL.
8. Orgfree – Hospedagem grátis com 200MB de espaço, 3.5GB de banda/dia, PHP e MySQL.
9. Zend Url – Hospedagem grátis com 500MB de espaço, 15GB de banda, PHP e MySQL.

After reading some of the responses I got to my previous video I figured it might be nice to show some techniques for reducing the spam in Aion.

Esse artigo Mostra as 10 melhores empresas de Hospedagem Grátis.

Provedores de hospedagem grátis com PHP & MySQL

1. Tharsys Informática – Hospedagem grátis servidor Brasil, com 500MB de espaço, 100GB de banda, PHP, MySQL, domínio .com .com.br e Plesk PT-BR .
2. 000WebHost – Hospedagem grátis com 250MB de espaço, 100GB de banda, PHP, MySQL, Perl e Cpanel.
3. 110MB – Hospedagem grátis com 5GB de espaço, 300 GB de transferência, SSL, PHP 5, MySQL e Python.
4. Gigacities – Hospedagem grátis com 20GB de espaço, 300GB de banda, PHP 5 e MySQL.
5. iFastNet – Hospedagem grátis com 300MB de espaço, 30GB de transferência mensal, PHP e MySQL.
6. Lead Hoster – Hospedagem grátis com 250MB de espaço, 6GB de tráfego, PHP e MySQL.
7. 8TT – Hospedagem grátis com 10GB de espaço e 10GB de banda, PHP e MySQL.
8. Orgfree – Hospedagem grátis com 200MB de espaço, 3.5GB de banda/dia, PHP e MySQL.
9. Zend Url – Hospedagem grátis com 500MB de espaço, 15GB de banda, PHP e MySQL.