Slashdot Mirror

← Back to Stories (view on slashdot.org)

Collateral Damage in the Spam War

Posted by Hemos on from the when-defensive-measures-go-wrong dept.

MarkedMan writes "The link points to a well researched article on Spam lists and those innocently appended to them. I have seen this myself with MailWasher. A posting will come through as potential spam, with the the bounce already red-flagged, but it is actually from a legitimate source. Only happens once or twice a month but still cause for worry. " I've found that Spam Assassin has made life easier, but I still have to ban domains like yahoo.com, hotmail.com, mail.com - and *.ru and *.cn. I sort through the spam periodically, but the collateral damage is still there.

4 of 350 comments (clear)

  1. SpamBouncer Spam Assassin by Binestar · · Score: 5, Informative

    I've been using spambouncer for quite a long time and I've found that it catches more spam than Spam Assassin does.

    As with any anti-spam measure you have to keep an eye on it when you set it up that everything is working and you aren't blocking legitimate mail. Any anti-spam software you use will either let some spam through, or catch legitimate mail. Add some procmail scripts to catch any mailing list mail you are on into thier folders, block To: Friend@Public.com and the like and you have a pretty robust system.

    I've also found that blocking messages with malformed headers helps alot on spam... For example, the following Procmail recipe blocks all messages that are HTML only without a charset, which is common on spam mailings, and has never caught a legitimate mail for me:


    * ^Content-type: text/html
    * ! html; charset=
    * ! from hotmail
    | ${FORMAIL} -A"X-Spammers: text/html only message"


    Your Milage May Vary

    --
    Do you Gentoo!?
  2. SpamCop chain test by Animats · · Score: 4, Informative
    One of the better features of SpamCop is the "chain test". SpamCop's header parser looks at all the "Received:" lines and figures out which ones are fake. It matches DNS names and IP addresses, and checks those "Received A from B", "Received B from C" relationships. The point at which the chain ceases to be valid identifies fake headers.

    This is essential if you want to report spam to the sender's ISP. Otherwise, you report addresses being abused by spammers. It's also a useful filtering tool; an e-mail with inconsistent headers is probably spam.

  3. Have to be careful with your e-mail address. by RobinH · · Score: 4, Informative

    When I was in university and making web pages and stuff, I used to get tonnes of spam. When I posted to newsgroups I got tonnes of spam. However, these days, I just have two addresses... one for personal email, and the other for work email, and I rarely ever get spammed.

    My personal email address is a yahoo account, and work email is provided from the company I work for. I give out my email addresses to friends and lots of contacts from work (and it's printed on my business cards).

    I NEVER do these things:
    -post to newsgroups with a real address,
    -put my personal address on a website,
    -give a real address when filling out surveys, etc. online
    -sign up for newsletters
    -give my email to anyone who asks over the phone ("Sorry, I don't have a computer, but yes, I'd like to order that CD-ROM drive")
    -give my email address to Radio Shack
    -enter my personal info into my browser

    Basically, I just refuse to allow my email address to proliferate. If I do happen to get spammed, I just don't reply, and it tends to go away, but it's really rare anyway.

    Of course, if I ran a website, I'd create a unique email address just for that purpose, and I'd expect to have the sh!t spammed out of it, but at least it would be separate from my real addresses.

    --
    "I have never let my schooling interfere with my education." - Mark Twain
  4. Re:Network Solutions, One domain per user? by mjh · · Score: 5, Informative
    Depending on which MTA you're using, you can do this with address extensions too. Sendmail uses + as it's address extension, and postfix/qmail use - for address extensions. So for my email, for example, mark-foobar@hornclan.com will get delivered to the same mailbox as mark@hornclan.com. The MTA simply ingores everything after and including the extension delimiter.

    TMDA takes advantage of this sort of thing. So it does what you're talking about, but it also adds a cryptographic hash onto the extension to verify that you infact were the person who generated the extension. So my equivalant of what you're doing would be:

    mark-keyword-slashdot.abc123@hornclan.com
    mark-keyword-msn.a1b2c3@hornclan.com

    The generation of the hash depends on a secret 140bit key that only I know. Thus I can create these things whenever I want and use them without modification to my mailsetup and be confident that no one else can generate these things that will get into my mailbox.

    Other types of addresses that tmda generates:

    • Dated addresses - addresses that will work for a certain amount of time, and then expire. Great to use when posting to USENET, and as the default for all outgoing email.
    • Sender addresses - addresses that will work if used by a particular sender. Great for subscribing to mailing lists with.

    Anyway, I'm pretty pleased with TMDA, although, as I say in another post, it can impact one's ego.

    --
    Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.