Slashdot Mirror

← Back to Stories (view on slashdot.org)

Collateral Damage in the Spam War

Posted by Hemos on from the when-defensive-measures-go-wrong dept.

MarkedMan writes "The link points to a well researched article on Spam lists and those innocently appended to them. I have seen this myself with MailWasher. A posting will come through as potential spam, with the the bounce already red-flagged, but it is actually from a legitimate source. Only happens once or twice a month but still cause for worry. " I've found that Spam Assassin has made life easier, but I still have to ban domains like yahoo.com, hotmail.com, mail.com - and *.ru and *.cn. I sort through the spam periodically, but the collateral damage is still there.

2 of 350 comments (clear)

  1. SpamBouncer Spam Assassin by Binestar · · Score: 5, Informative

    I've been using spambouncer for quite a long time and I've found that it catches more spam than Spam Assassin does.

    As with any anti-spam measure you have to keep an eye on it when you set it up that everything is working and you aren't blocking legitimate mail. Any anti-spam software you use will either let some spam through, or catch legitimate mail. Add some procmail scripts to catch any mailing list mail you are on into thier folders, block To: Friend@Public.com and the like and you have a pretty robust system.

    I've also found that blocking messages with malformed headers helps alot on spam... For example, the following Procmail recipe blocks all messages that are HTML only without a charset, which is common on spam mailings, and has never caught a legitimate mail for me:


    * ^Content-type: text/html
    * ! html; charset=
    * ! from hotmail
    | ${FORMAIL} -A"X-Spammers: text/html only message"


    Your Milage May Vary

    --
    Do you Gentoo!?
  2. Re:Network Solutions, One domain per user? by mjh · · Score: 5, Informative
    Depending on which MTA you're using, you can do this with address extensions too. Sendmail uses + as it's address extension, and postfix/qmail use - for address extensions. So for my email, for example, mark-foobar@hornclan.com will get delivered to the same mailbox as mark@hornclan.com. The MTA simply ingores everything after and including the extension delimiter.

    TMDA takes advantage of this sort of thing. So it does what you're talking about, but it also adds a cryptographic hash onto the extension to verify that you infact were the person who generated the extension. So my equivalant of what you're doing would be:

    mark-keyword-slashdot.abc123@hornclan.com
    mark-keyword-msn.a1b2c3@hornclan.com

    The generation of the hash depends on a secret 140bit key that only I know. Thus I can create these things whenever I want and use them without modification to my mailsetup and be confident that no one else can generate these things that will get into my mailbox.

    Other types of addresses that tmda generates:

    • Dated addresses - addresses that will work for a certain amount of time, and then expire. Great to use when posting to USENET, and as the default for all outgoing email.
    • Sender addresses - addresses that will work if used by a particular sender. Great for subscribing to mailing lists with.

    Anyway, I'm pretty pleased with TMDA, although, as I say in another post, it can impact one's ego.

    --
    Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.