Slashdot Mirror

This blocks 99% of foreign spam. Sue Mosher wrote about other effective methods for killing spam in Outlook.

After reading the statement on the ASF web sit, I reluctantly had to agree with the Apache Software Foundation on the issue of Sender ID. The "free license" offered to those that support SenderID in open-source software packages has too many pitfalls, too many places where it could encumber open source projects. The SpamBouncer will therefore not support SenderID either until there are fundamental changes in the license.

This is a shame. Meng Weng Wong's original idea for SPF was quite good, and I was planning to support it.

Eventually, I switched to Spambouncer, which can send auto-replies (I assume other filters can do that, too). SpamBouncer classifies mail in three buckets: Legitimate, Bulk (likely but not necessarily bad) and Spam. Now I delete both, Bulk and Spam, but every Bulk message triggers a response, informing the sender that the message didn't get read (and instructions on how to bypass the filter).

I know, this is against the old rule "never respond to spam, Spamers will pick it up and use it for spamming". But at this point, it feels it's too late anyway (and I use a special email address for this). At least I have the peace of mind that a legitimate recipient knows I didn't see the mail.

SpamBouncer had the capability to simulate a bounce (in the hope to fool Spammers into thinking that the email got disabled). But that feature got removed.

Since you're already using procmail, why not try SpamBouncer? It's a nice set of procmail filters for both spam and virii. It's freeware and the author has been doing a good job of keeping on top of new virus variants lately.

i installed spamassassin last april (v. 2.53) and spent quite a while "configuring" it, trying to get it to reject some quite obvious spams, such as the barrage of mails from e-gold.com. in the latter case, i finally gave up, spamassassin just kept delivering them to my inbox so i put a recipe in my .procmailrc to get rid of them. or, the case of a daily newsletter that i received that SA consistently labelled spam, in spite of my having added it to my whitelist more than 1/2 dozen times (and not even an html newsletter, plain text!). again, i finally had to resort to procmail to get it into my inbox.

i'm about to ditch "SA" and go back to spambouncer, possibly during my vacation this week. i just don't have the time to spend here, every night, adding dozens of new spams to the blacklist. installing SA was kind of supposed to get me out of that position.

my experience with SA is that it is overrated, while it has been getting a large number of the mails, when the failure rate puts 15-20 or more spams in my inbox every day, that is not an acceptable performance. that represents a substantial investment of effort to update the software ... and even then, the update process doesn't always work.

mp

"a barrage of pop-up advertising and e-mail."
Now what kinda 'computer programmer' hasn't heard of mozilla and procmail with spam blocking?

Maybe it's time for some vigilante justice.

Blocklists are vigilante defense, if not vigilante justice. Vigilante justice is justice meted out by self-appointed individuals or groups. Blocklists aren't, for the most part, trying to punish/mete out justice to spammers. They're just trying to block the flow of spam.

But they are self-appointed and work according to a set of informal rules that they adhere to voluntarily. That sounds like vigilante to me.

I'm not saying this as criticism, but simply as a description of what is going on. I maintain a procmail-based spam filter with a fair number of users, and it supports various blocklists. I'm not anti-blocklist, to put it mildly.

At the same time, I think most anti-spammers would like to see a less chaotic means of fighting back against spam. Most of us are just trying to hang on until various governments wake up and realize what spam is doing to the Internet, and start taking it seriously as a conversion of resources that the spammers do not own. Theft, in other words. :/

Uppage there are a few of the expected calls for government regulation of email that we see every time there is a story about spam, and there are the obligitory anecdotes about the hundreds of spam emails that some poor souls find every day in thier inbox.

So here is my usual post about how asking the government to regulate everything is a bad idea, and how I have little sympathy for the poor saps who are getting flooded with thousands of spam emails a day that makes it difficult for them to see the one or two legitimate emails that thier friends might send them each year.

First law. Bad idea because it won't work. As long as there are different countries with seperate governments that have differing attitudes towards the internet, commerce, and law it will be impossible to legislate spam out of existance. That is not to say that I am supporting the idea of one government rulling all peoples or that I am advocating any sort if international treaty on regulating email and the internet.

Far from it.

What I am saying is there are good methods of reducing the flow of spam to your in-box to a trickle, possibly blocking the spam flow completely.

Use a provider that is as concerned about stopping the spam as you are. That means no AOL, no MSN, no Hotmail, etc. These companies are notorious for not only allowing you to get spam flooded, but for allowing thier customers to send spam and not discontiuing accounts that are being used as fake "reply to" and "from" addresses. There are other companies that are just as irresponsible as the ones I mentioned, so you should not think that I am saying that these companies are the only ones that should be avoided.

If you like using the same email and access provider (I've been hijacking friends access accounts for years now), then you should know that smaller access providers often are more responsive to user's (knowlegable and legitimate) complaints than large companies. As an added bonus, thier access rates tend to be low, and they are as if not more reliable than thier corporate competitors.

If you like using a separate provider for email, ask around, do some searches, and choose one that has effective filtering/blocking of spam included in thier basic package.

You can filter the mail yourself with one of the many spam blocking services or filters that are readily available on the internet. Here are some links to some of the blacklists and filters that I know about:

ORDB

MAPS

junkfilter

Bogofilter

SpamCop

SpamBouncer

There are others, some services are free, some charge money. If you are going to use a filter on your own machine that is not part of a service, I highly reccomend that you stick with Free Software so you can learn something about how it works.

You should learn as much about the problem and potential solutions as possible by reading articles about spam that may be not quite as sensational as the currently popular "spammer hunting" genre, but are a little richer in detail and technique. Here is a good primer including some good links, and there's lots of good info on dealing with spam around the web.

You should attempt to encourage your provider to take an active role in helping users avoid spam troubles, either by providing information on how users can filter spam on thier own machines, by providing spam blocking/filtering service, or by allowing users to install thier own .procmailrc in thier shell account (if they provide thier subscribers with a shell acc

Spam is a social problem, just like any other type of fraud.

Yes, often the goods and/or services promoted through spam are fraud, but spam itself is not fraud. It is advertising.

As for the problem, I see it as a technical problem, as in "Why can't my damn service provider reject email with forged headers, from unsecured servers, from ISP's that are notorious for hosting spamers, and is obviously and easily recognised as spam by even the most half-assed filters? I guess I'll have to get my service somewhere else or check and filter it myself."

I haven't been "on the 'net" all that long (about seven years), but I still wonder when it happened that my fellow "netizens" started begging to be regulated. If you have a spam problem, do something about it. Learn something about the problems with open relays, irresponsible ISPs and how touse procmail to filter spam.

Help others learn by pointing them in the right direction.

Encourage your provider to take proper measures to stop spam from entering or exiting thier domain, and put pressure on other providers to do the same.

Don't use services that encourage spammers (Hotmail, AOL, MSN, Mail.com, etc)

Stop asking lawmakers who don't understand the problem to do something about it.

While this will cut your spam down to virtually nothing, you are limited in that the method you describe is accepting only messages that you whitelist. You will lose e-mail from anyone who you havn't whitelisted, even if it is a legitimate message.

Without further working this would make most mailing lists be filtered into spam, as well as anyone who was trying to contact you for the first time.

I've found that using something like SpamBouncer or MailScanner is much better in regards to not losing AS MUCH legitimate e-mail than a pure whitelist is. Of course you add a whitelist beyond using the various spam filters, but a whitelist alone is way too restrictive to use in a corporate (or even personal IMO) environment.

I can just imagine the outrage if this happened to the bush administation.

'what do you mean no one got my emails?'

'It seems your.. uh... last name is causing some issues with spam filters sir'

'That's it.. lets bomb the spammers'

A culmination devoutly to be wished, but I suspect the response would more likely be, "Let's bomb the spam filter authors." <wry grin> In the U.S., both the Republican and the Democratic national committees have spammed, and a number of lawmakers, including, recently, Sen. Joseph Lieberman. Most politicians define spam as, "unwanted email sent by somebody else." :/

Spammers have made filtering necessary, of course. Further, to the best of my knowledge (and I do know something about spam filtering ), mail filters always and inevitably result in a non-zero rate of false positives. The rate can be extremely low with good technology, but never zero.

But I doubt very much that most people in Washington, or in London, or in Berlin, or in Beijing, or in Moscow, or... will realize this.

Do any spam filters work (as in NOT throwing out legit mails) other than ourselves?

I use spambouncer, which, over the months I've used it, has blocked about 7k spam messages. It has a fairly complex filter, and good whitelisting capabilities, so I get the mail I want. I've had a few spams make it through, but it's fairly simple to add the domains to the list. It takes a while to configure the whitelists to get them working well, but since then, I've had a grand total of about two or three false positives (out of 12k e-mail messages total). I keep half an eye on it during the workday, and totally keeps my personal email clean of garbage.

Home users don't run mail servers.

Let's face it: the only attraction of UCE for spammers is its cost: sending the same message to thousands, or even millions, of people costs them close to nothing.

Which is why spammers will never adopt a solution such as this one: it would reduce the pool of potential clients (read: complete idiots) willing to receive UCE and it would raise their costs in an unacceptable way.

So? Who cares whether spammers adopt it or not? That's the whole point -- the individual who adopts this wants spammers to go away in disgust! (You didn't really think this was yet another way to make money fast, did you?) ;>

Since the system described in Fahlman's article allows people to whitelist the email address of anyone that they want to hear from, that takes care of family, friends, mailing lists, etc. The remaining issue is with email a person wants that comes from an unexpected source.

For example, a businessman with an ecommerce web site can't safely adopt Fahlman's system on the web site's contact addresses. I also doubt that an ISP could adopt it for a role account, such as abuse@, without offending people and courting bad publicity.

I've been maintaining a spam filter for a good many years now ( The SpamBouncer ), but all that filters do is allow users to manage the spam onslaught a bit better. They don't solve the problem of spam. Neither will this, but it could provide another tool to manage it.

I'd be willing to try it with my private email address, at any rate. So anyone who builds this system -- let me know about it. You can find my email address on the SpamBouncer web page or my personal home page. (But a word to the wise -- that is NOT a safe address to spam.) ;>

I love this idea.

Among my other activities, I maintain a spam filter . Like most other people who do spam filtering, I rely upon my own spamtrap addresses, reports by my users, and then crosscheck with news.admin.net-abuse.sightings and a few private mailing lists used by anti-spammers. A canonical archive of spam, however, would be a wonderfully helpful tool.

I can see a number of issues that will need to be managed with a list like this, however. Here are a few:

• Where will the spam come from? Where will the Spam Archive get its spam, and how will it ensure that only spam, and not legitimate bulk email, is included?

• This is not a trivial issue. Relying on reports of spam from random individuals almost guarantees that some of your "take" will be legitimate, solicited email. Some spammers report legitimate email as spam in order to make a spam filter ineffective by polluting it. Some anti-spammers consider all commercial email to be spam, whether it was solicited or not. Other users sign up for an email list and then forget that they did so -- lots of people are trigger happy these days because of the deluge of spam. (I'm not making this up -- this has happened to me more than once.)

• How will spammed email addresses, particularly spamtrap addresses, be protected? Spam is sent to specific email addresses. One of the best sources of "clean" spam -- spam that you know is spam -- are spamtrap addresses deliberately created and planted for spammers to find, which are never used for any other purpose.

• However, if people submit spam sent to a spamtrap address to the archive, spammers can then access the archive and remove those addresses from their mailing lists, or "listwash" them, making them less useful. In addition, troublemakers can feed those addresses to web sites or subscribe them to legitimate mailing lists. This ruins these addresses for their intended purpose. It can also result in mailbombing spamtrap addresses with a flood of confirmation messages for properly-run email lists.

• How will you classify and cross-reference the database? To be most useful, a database of this type needs to be searchable. It will rapidly grow large enough to require a supercomputer to search unless the maintainers set it up properly. (Even if they do, I foresee them needing several very powerful computers.)

• How are they planning to pay for the resources they will need? If by donations, they need to set up a non-profit organization, and solicit donations. I'd be happy to donate, but I suspect that they'll need more money than I and a few geeks who like the idea can afford. :)

I'm sure I'll think of other concerns as time goes on, but this should get some discussion started. I can think of some ways I'd handle these issues, but I'd like to hear what other Slashdot readers have to say....

Actually, I use spambouncer to filter my e-mail after I run the e-mail through my custom filters. I've been considering making my custom filters available for anyone to use, but I'm not sure anyone is interested. With most people going the way of SpamAssassin, procmail filters seem to be dying.

Mixing Spambouncer with a couple DNSBL's I'm down to about 1 spam message per *MONTH* in my inbox. Everything else gets filtered to my spam folder. When i do get that one e-mail in my inbox I just forward it to the maintainer of spambouncer and she adds another filter to catch the person who sent that one.

Never sign up anywhere with a real email address.

Or, just use your own email address wherever you damn well please, and use SpamBouncer. :-)

I would highly recommend SpamBouncer... it's a procmail-based system, but highly configurable... currently it's at around .5% mis-diagnosis... one valid email id'd as spam, and one piece of spam id'd as email, out of over 400 messages. I'm very satisfied with its performance.

I've been using spambouncer for quite a long time and I've found that it catches more spam than Spam Assassin does.

As with any anti-spam measure you have to keep an eye on it when you set it up that everything is working and you aren't blocking legitimate mail. Any anti-spam software you use will either let some spam through, or catch legitimate mail. Add some procmail scripts to catch any mailing list mail you are on into thier folders, block To: Friend@Public.com and the like and you have a pretty robust system.

I've also found that blocking messages with malformed headers helps alot on spam... For example, the following Procmail recipe blocks all messages that are HTML only without a charset, which is common on spam mailings, and has never caught a legitimate mail for me:


* ^Content-type: text/html
* ! html; charset=
* ! from hotmail
| ${FORMAIL} -A"X-Spammers: text/html only message"


Your Milage May Vary

check out spambouncer at www.spambouncer.org. i've been using it for quite some time now, and it catches most all of my incoming spam. there's some stuff it catches that it shouldn't, but that can be tailored with custom procmail rules and a quick check over the bounce.incoming folder once in awaihle. and it's free and open source, of course.

Something that I want to do is add a rule to my .procmailrc file that will trigger if the incoming message is not from a sender in a list of approved senders.

SpamBouncer is a set of procmail recipes to filter spam.

'cause we use spambouncer...

You've got it backwards - there are mail packages such as Spam Bouncer that let you filter based on character set - if you never want to receive email in Korean, Chinese, or Russian, you can discard it all based on character-set headers. If you never want to receive email from Korea, you can even block that too. (That's a bit less reliable, because it's possible that there's someone in Korea you'd want to talk to, but you could probably set an autoresponder rule that tells Koreans that you're blocking email from there due to heavy spam levels, so they should use a non-Korean email system such as Hotmail/Yahoo/etc. to send you mail.)

I've been using spambouncer for a while and it works pretty well but I'd be interested to know if there are significant differences between the two.

... was to install Spambouncer, which is a large set of procmail filters.

Before installing it, I got ~20 spam messages a day. Now I get at most 1-2 a week. Spambouncer does come with very restrictive default settings, though. For example, you must specify if you want to receive email from free web mail services like Yahoo and Hotmail, otherwise it'll filter those out.

It also logs everything it does and has the option of sending blocked email to a file instead of /dev/null in the case it filters something it shouldn't.

In my case the only inconvenience was it blocked legitimate email from Amazon.com and eBay -- these are filled with disclaimers and have HTML, which Spambouncer doesn't like to see. In any case, it's easy to mark those domains as safe and start receiving their email again.

I must say if you are having alot of problems with Spam and have procmail on your mail system you can use Spambouncer. It filters out Chinese, Korean, blacklists, and various other spamhosts easilly. Since November 29 when I rotated my procmail-log It has filtered:

10:49am (chrisf@borg) /home/chrisf (38) cat antispam/procmail-log | grep procmail-filtered |wc -l
346

messages. In that time I've received 2 spam's to my inbox. I don't know what I would do without it.

I get twice that in spam a day. (Which never reaches my inbox thanks to Spambouncer)

Total e-mail, I get ~1000 a day, only 2-3 of which actually go into my inbox. The rest being filtered by procmail into various mailing list folders to which I subscribe. Out of those 2-3 at least one is a forward from my mother which has 10 pages of AOL addresses and a little poem on the bottom which tells me to forward this to 10 people and my cat will have puppies.

But thats a different complain altogether...

I'll post my usual public service announcements here:

SpamCop is a great service for reporting spam; just paste the spam message into the web form, and it'll automatically figure out where the smap came from and send complaints off to the appropriate people.

The Spam Bouncer is a procmail-based personal spam screening tool. It's got some interesting features, but I haven't used it in a long while.

The way I avoid spam is to have my mail client screen out any email which contains any of these phrases:

to be removed
to be permanently removed
to get removed
to get off the list
to get off this list
to be taken off
to remove yourself
removal instructions
remove in subject line
"remove" in subject line
remove in the subject
"remove" in the subject
'remove' in the subject
S.1618
S. 1618

This list by itself catches about 80% of the spam I get.

I'm personally using SpamBouncer, a procmail-based spam filter. Works fine for me.

Just try out http://www.spambouncer.org/ and you will have little to no spam problems. I've used it for 2 months now and it's succesfully filtered 700+ pieces of spam, only once flagging some mail from a friend (who used all BCC receipients), and only twice letting spam through.

If it's bad to share a list of open relays, wouldn't sharing a procmail script be just as bad?

If I tell you how to automatically delete email with subjects like "MAKE MONEY FAST", how am I different from someone telling you that some ISP has an open relay? After all, if I publish a list of subjects that spammers are likely to use, am I not denying their right to send me email just as if I didn't accept email from their domain?

And BTW, I use spambouncer (a set of procmail recipes) to block spam. It's trapped 190 email messages since October 1. I think 3 have slipped past.

I guess this doesn't solve the problem of server resources getting stolen, but it certain saves me from having to look at the crap.

-matthew

I don't know about anyone else here, but I use the Spambouncer procmail filter to ferret out my inbox. It checks MAPS, ORBS, parses the message for obvious 'spam'-type words and phrases (Make Money Fast!!!) and then allows you to either route the mail to /dev/null, bounce it, report it or both bounce and report... Not too hard to configure for your individual users or on a global system-level either.

just a quick plug for a great spam blocker.

it's linux/procmail. It blocks *almost* all spam, and *almost* never misfires.

• Procmail.org
• Getting started with Procmail at spambouncer.org

You can get procmail filters which use the RBL to filter after the mailbox. Here is one example.

> I just wish there was a spam filter that you can
> use that would return unknown user like an
> account died, so the spam programs would
> automatically remove the user.

There is: Spam Bouncer
It is a procmail filter and it works VERY well.

The Spam Bouncer, a procmail script to identify incoming spam and either tag it, move it to a different mailbox file, or bounce it.

SpamCop, to file official complaints about the spam that gets through.

Sugarplum, to stick lots of irrelevant fake email addresses (and the addresses of other spammers) up on my web pages. If spammers want to harvest addresses from MY pages, they're going to fill up their databases with useless data and end up spamming each other.

And finally, Web Ad Blocking is a site which provides a new 'hosts' file which redirects major web page ad sites to 127.0.0.1, which removes a whole lot of banner ads from web pages.

I've used tarpitting to reduce the flow of spam through my mailserver, and it seems to work pretty well. There are patches out there for QMail (awesome) that seem to do the trick. There are other various recipes and such for procmail that work well. If you're looking to poison their spamlists, take a look at sugarplum, a spamlist poisoner for webservers. On a totally unrelated note, but on the same vein (poisonbots), take a look at peachpit, a censorware spider trap.

I found a procmail recipe set called "SpamBouncer" which has catches for most common spams and can read from RBL and other sources for more spam goodies. Besides being able to install as either a machine-wide or a individual user setup, it can also have several options for dealing with spam: /dev/null, bouncing the mail back to the domain for possible spam dealings, or, my favorite, dumping all spam to a specific mailbox. This way, I can read through the spam that was sent and see if any messages were truly legit (and in a list of subjects which is mostly spam, it's easy to pick out the legit headers, as opposed to picking out spam headers in a bunch of legit mail).

Only drawback with this is that it is processor heavy; a long overdue fetchmail that pulled up a 100 messages got my CPU usage on a 200MHz to 15+. But the program is actively maintained, usually with weekly updates.

Spambouncer has been running on Linux since at least the 2.0 kernel days.

• http://www.ecst.csuchico. edu /~atman/spam/adblock.shtml: This site provides you with a hosts file which maps dozens of web ad banner graphic sites to 127.0.0.1. The net affect is that many banner ads won't load at all, and instead will show up in your browser as broken images. This really speeds up the loading of web pages, especially if you're on a modem connection.

• http://spamcop.net/: SpamCop is a great site! For free, it lets you paste a spam email into its form, and then it analyzes the spam, decides who the appropriate ISP's are to complain to, and sends those people a detailed complaint with all the info they need to find and shut down whoever violated their terms-of-service. It also keeps stats on the worst spam offenders, and makes this information available to ORBS. I swear by it, and it's immensely gratifying when I (frequently!) get email from an ISP thanking me for my help and letting me know that the offending account has been terminated.

• http://www.spambouncer.org/: I haven't used SpamBouncer myself yet, but it's a procmail-based way to screen spam out of your mailbox. I've heard it's good.

(I got one spam recently that actually ha a return receipt attached; it was a pyramid scheme and Eudora beeped and told me 'The sender has requested notification that you read this email.' What gall!)