Slashdot Mirror
De-spamming Your Inbox The Hard Way
ajain writes "Even after using precautions like dummy email address in public forums, I have been plagued by the spam mails for long time now. Accidentally, I hit upon a not-so-elegant but effective solution recently: Ever thought of shutting down the mail server temporarily to stop spam to your inbox permanently? Well, it seems to work. In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic! Here are the details and a step-by-step guide to this desperate-method of spam reduction. I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero!"
You might entertain another method - if you have an internet domain of your own. Make use of mail-subdomains that you cycle through regularly.
And only trusted friends give permanent (or ermanent sub-domain) email addresses.
And as for mailing lists, if you use procmail to filter inbound messages on mailing lists, scan for specific things in it, e.g. don't just scan for the recipient, but also for specific mailing list headers. Anything that falls through this sieve you throw away (or, at least, quarantine it in a separate location).
...if you don't mind missing potentially important emails. It's a bit overdrastic and if you're supporting multiple users, it's going to be a totally unacceptable solution.
[insert witty sig here]
Where's the foot icon?
I just block spam at transmission time with a SpamAssassin scan. If anything gets through, it gets sent to SpamCop, etc. This sounds like a temporary fix. A one time rejection doesn't get you removed from lists. I've had domains I bought with pre-spammed email address that still get spam even after they were non-MX'd for years.
How about just shutting off your computer for good?
Or just bounce the emails while continuing to use email normally.
Check out Mailwasher.
Has a great bounce function, although in my experience bounces don't neccesarily always cause a removal from spam lists.
They left out a t.
In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic!
Rumour has it that shutting down your server permanently will result in a 100% reduction in spam traffic.
Manually deleting them one by one is the hard way.
Don't be fooled: there are plenty of stupid ones.
I shut down my e-mail server for a year and a half when I was getting the strange Spanish spams.
When I brought it back online again, I started seeing them again.
Mod me down and I will become more powerful than you can possibly imagine!
Thursday, December 09, 2004
Posted 11:16 PM by Anurag
De-Spamming The Inbox: The Hard Way
Even after using precautions like dummy email address in public forums, I have been plagued by the spam mails for long time now. Two years back it used to be a few per day. And since then it has been a steady increase in the volume. As a result, till last weekend I used to get around 200 spam mails a day on my Institute's life-time email account. Then, one fine day (well, actually we were given notice 3 weeks in advance) our Institute decided to upgrade the Exchange mail server to the latest version. Hence the mail server was shut down for approximately 2 days/48 hours (4th Dec evening to 5th Dec noon). During that time, all the mails sent to my mail account were of course bouncing. Between the time when the system was shut down and the time when the system came back online on 5th noon, something miraculous had happened: My spam traffic had reduced considerably. After John finished with me, he reached over onto the nightstand and brought out what we prepared earlier. Five raw eggs, emptied and drawn into a turkey baster. John excitedly inserted the baster into my ass and squeezed. Thoughts of sanitation quickly left my mind as a rush of pure pleasure came over me. Just when I thought it couldn't get any better, I realized the laxative I had taken just an hour earlier had kicked in. I tried with all my willpower to hold on. I could feel the warmth of John's breathing, and I knew his open mouth was right behind me. After what seemed like an eternity, I just let go. In a split second, a beautiful cocktail of raw egg, excriment, and man-juice erupted from my rear, coating John's face and hair and running down his body. A perfect end to a perfect evening--almost as perfect as when a troll like this gets modded up on Slashdot.
Now I am receiving 'only' (!) 5-6 spam mails everyday! That is a 97.5 % drop in spam traffic! Interesting, eh? So what's happening is that the spammer dudes are dropping the bounced mail IDs like a mad-cow disease affected, well, cow. There doesn't seem to be a second try from spammers: Apparently they don't use the bounced email IDs again. I would assume that after the two-day shut-down/start-up of mail server, my spam traffic would have become zero. My current 'very low' spam traffic is only probably because of my email being available in public domain on webpages where I can not remove it from (damn my early Internet days' Naivete).
Essentially, for this De-Spamming methodology we can draw an analogy with the routine detoxing of the body. Example: On the basis of specific relgious beliefs, people fast once in a while. More than the religious custom, fasting has a scientific reason behind it: It detoxifies whole internal system by a) giving the body some much-needed rest and b) by cleansing the traces of toxins (as there's no fresh inflow, the bodily processes work on the left-over inventory and makes sure that it is digested properly and taken care of to give a fresh start the day after the fast).
So, is De-Toxing (De-Spamming) the Inbox by fasting/starving! (shutting down the Mail Server) a good idea? Well its effetive for sure, but it has its costs. You lose the genuine mail traffic for the duration of shut-down. Hence, if you are in a desperate need of De-Spamming your Inbox, here's what you should do. Let's say you plan to shut your mail sever down on Date T and you plan to bring it back to life after Y days. The question is for how long do you shut down the mail server? Well, I think most mail programs try to re-send the mail for a maximum of 48 hours. If the message doesn't go through even in 48 hours, the mail program gives up and finally returns error to the sender. Hence, to be on the safer side I would say, shut the mail server down for at least 48 hours (2 day). So once you have decided on a shut-down date and duration, here's the how-to guide to shutdown survival and resurrection thereafter!
1) T-30 (days) : Include in your mail signature at the top the "Please
There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
Site was slowing down, so here's the text:
Even after using precautions like dummy email address in public forums, I have been plagued by the spam mails for long time now. Two years back it used to be a few per day. And since then it has been a steady increase in the volume. As a result, till last weekend I used to get around 200 spam mails a day on my Institute's life-time email account. Then, one fine day (well, actually we were given notice 3 weeks in advance) our Institute decided to upgrade the Exchange mail server to the latest version. Hence the mail server was shut down for approximately 2 days/48 hours (4th Dec evening to 5th Dec noon). During that time, all the mails sent to my mail account were of course bouncing. Between the time when the system was shut down and the time when the system came back online on 5th noon, something miraculous had happened: My spam traffic had reduced considerably. Now I am receiving 'only' (!) 5-6 spam mails everyday! That is a 97.5 % drop in spam traffic! Interesting, eh? So what's happening is that the spammer dudes are dropping the bounced mail IDs like a mad-cow disease affected, well, cow. There doesn't seem to be a second try from spammers: Apparently they don't use the bounced email IDs again. I would assume that after the two-day shut-down/start-up of mail server, my spam traffic would have become zero. My current 'very low' spam traffic is only probably because of my email being available in public domain on webpages where I can not remove it from (damn my early Internet days' Naivete).
Essentially, for this De-Spamming methodology we can draw an analogy with the routine detoxing of the body. Example: On the basis of specific relgious beliefs, people fast once in a while. More than the religious custom, fasting has a scientific reason behind it: It detoxifies whole internal system by a) giving the body some much-needed rest and b) by cleansing the traces of toxins (as there's no fresh inflow, the bodily processes work on the left-over inventory and makes sure that it is digested properly and taken care of to give a fresh start the day after the fast).
So, is De-Toxing (De-Spamming) the Inbox by fasting/starving! (shutting down the Mail Server) a good idea? Well its effetive for sure, but it has its costs. You lose the genuine mail traffic for the duration of shut-down. Hence, if you are in a desperate need of De-Spamming your Inbox, here's what you should do. Let's say you plan to shut your mail sever down on Date T and you plan to bring it back to life after Y days. The question is for how long do you shut down the mail server? Well, I think most mail programs try to re-send the mail for a maximum of 48 hours. If the message doesn't go through even in 48 hours, the mail program gives up and finally returns error to the sender. Hence, to be on the safer side I would say, shut the mail server down for at least 48 hours (2 day). So once you have decided on a shut-down date and duration, here's the how-to guide to shutdown survival and resurrection thereafter!
1) T-30 (days) : Include in your mail signature at the top the "Please Note" clause stating that during days X to Y, your email won't be available and hence on those days, they should communicate to you on an alternative email ID. This should be highlighted in Bold and in a different color if possible.
2) T-15 (days): Remove all possible traces of your email ID from the Internet, public egroups, discussion boards or any other public forum.
3) T-15 (days): If you have to keep your email ID on a particular webpage in the public domain, encrypt your email ID by using simple HTML Codes for characters.
4) T-2 (days): Send all the people in your contact/address list a "Please Note" notification that during days X to Y, your email won't be available and hence on those days, they should communicate to you on an alternative email ID.
5) T-0: Well, shut the damn thing down!
6) T to Y: a) If you have a girlfriend, take a vacation with her.
b) If you dont have a girlfri
--Brian
Just unplug your ethernet cable and your Windows box will be safe from worms!
Beware the airborne version.
If I'm not mistaken, doesn't KDEMail have the ability to send back "fake" bouncebacks to spam messages? I've been hoping that Evolution would get something like that for a long time, but it would seem like a good idea for just about any email client.
That way, you click a button and send the "bounceback", and hopefully after enough, the spammers would remove you from their lists.
Find out about the Lexus Rx400h Hybrid!
Dummy accounts are basically required to use alot of the "sign-up" sites. My hotmail account gets about 4-500 spams a day. At least they provide the tools to delete them easily =\
I know I'm going to be modded up on this
What are the odds the new mail server he is using put spam filters on there for him and he just didn't notice?
After reception bounces (ie they've hit your inbox) are a BAD, HORRIBLE idea. Most of the information in spam is forged. If you can reject at SMTP reception time, then it's best to use a service like SpamCop to report the offenders.
A few hundred random people received
"The message you sent X was undeliverable"
spam instead.
Nice.
I don't know the meaning of the word 'don't' - J
Will setting up a vacation response do the same? In other words, will the SPAM server see the response as a bounce back?
That might be a more acceptable method.
Forward all spam to malda@slashdot.org
Thats why I by corned beef!
...and cabbage...
...and you thought I didn't care...
And this may just be me but if I was going to upgrade me email server I would put Spam blocking software on them. So I wouldn't turn of my email server till I found out if the there is now anti Spam software on this guys servers cause lets face it two days of bouncing isn't going to purge you from that many lists.
I've got domains that I have left inactive for year then re-added them to dns and set up mail accounts for them and the spam comes in immediately.
Spammers simply aren't diligent when it comes to maintaining their list, they don't remove bounced emails (as they have spoofed all the headers anyway so they don't receive the bounces) they don't remove the address from domains without MX records or no reponding hosts(as they send all the spam from botnets that don't report failures back anyway).
I don't know what this guy did but he is thoroughly mistaken.
----
So this is the equivilant of reinstalling windows every six months on your computer, I guess. I imagine the spam will begin again after a time. "I will be unavailable by e-mail for two days while I de-spamify, contact me later." Of course, you'd like to have that as an auto-reply, but then I guess this wouldn't work. For me, GO GMAIL SPAM FITLER GO!
That sounds to be like a really inefficient form of greylisting.
By the way, I started greylisting on my mail server a couple of days ago, and my spam has gone down to virtually zero.
Under any reasonable (i.e., geometric or Poisson for instance) model, it will take an infinite amount of time for the amount of spam to drop to zero. That's a trivial and useless "optimization".
I'll just give my IT folks a ring and see what they think of that. Mmmmkay.
You want us to what?!?!?!
(Score:-1, Wrong)
I had a domain that didn't have mail service for about 2 years. (it was for an old company that no longer exists) In that time, any and all messages would have bounced.
I re-enabled email on it out of curiosity. Tons of spam started arriving almost instantly.
Spambots don't check for bounces. The majority of them don't have valid reply addresses for the bounce to reach anyway.
I've been using SpamAssassin with a Qmail setup for some time now and I've pretty much filtered out 95-98% of all SPAM. SpamAssassin has a Bayes learning system that can learn between the spam and non-spam messages and it works well.
Beat the computer, program your life.
the fact they might have installed some anti-spam filters when they were upgrading the mail server? duhhh
For now I'll stick to blocklists, tarpitting, and spam filters.
Couldn't we just ask spammers to stop? I'm sure if they were aware that many people didn't enjoy their email messages they would likely find a new way to advertise. They surely wouldn't want to offend potential customers, right?
Simple solutions for simple problems, lol!
Anybody want to help me shutdown hotmail for a couple days?
..perhaps won't slow the flow of spam but will let you know who that bastards are that are selling your email in the first place. Buy a domain name then use a different email address of every site that asks for an email.. for example 'amazon_email@yourdomain.com' if you fill in a form at amazon.com.
You'd be suprised at the sites that promise to protect privacy and don't.
This would require shutting down or disabling backup MX servers also. Or, maybe changing the DNS records to remove backup MX servers.
Regardless, it would be pretty desperate to do that.
BTW, it took 48 hours to upgrade a MTA?! I'm glad I don't use Exchange.
-molo
Using your sig line to advertise for friends is lame.
The article says that the school upgraded to a new version of Exchange during that two day period. IS it possible that during the course of the upgrade they also added some anti-spam features that aren't visible to the end user?
I know that personally I've had my mail server go down for more than two days without a backup relay and had no notable drop in spam traffic.
This sig has been temporarily disconnected or is no longer in service
Stop putting your email address on your blog. And your phone number.
The department line currently says "from the going-to-far dept."
Note that one would assume that the typo was that "to" should have been "too."
Probably OK as a near-term solution (have to fit into dress X and time Y) but probably not going to last much beyond that zero-day date... as candy bars beckon and spam bots retrench.
it's not going to stop brute-force dictionnary-based spam.
I find it especially annoying that gmail forwards me spam (albeit in my spam box) based on variants of "day.of.the.tentacle", eg dayofthe[whathaveyou]@gmail.com (yes, even without the dots between each word).
Thank you Google.
I would much rather spend 2-3 minutes a day deleting those spams that weren't caught by my automated spam filter, then miss even one legitimate business email message.
Share and rate p
Unfortunatly, this solution doesn't work, and only affords a temorary reprieve from spam. I attempted the same thing. The problem is that your email address is on a list that is never *pruned*. It's resold and redistributed again and again, and while your current spammers may have pruned you from their lists, future spammers will check the address and see it as active, and continue spamming.
Sorry, there's no easy way out of spam.
Isn't this just a variant of greylisting? (the link is the first hit on google for 'greylisting')
In case of our university mailserver it worked like magic. I was getting 100 spams per day and now I get 4-5 and these are mostly from 'professional' "spamming houses" (the ones with proper mailing lists and proper mailservers, but which don't like poeople who try to unsubscribe).
Doomie
I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero!
Until spammers will send you a ping email to verify if your box awakes next week. Without any unnecessary top theoretical models...
There you are, staring at me again.
I tried this a while ago too, but it did not help anything. After my server was back up, the spam just resumed. Trying to make this work involves the basic assumption that a spammer only wants to send to real email addresses and is not spoofing the from and reply-to fields. I believe this assumption is false, since it makes no difference to the majority of spammers is some of their spam never reaches legitimate addresses.
That sounds like a more reasonable explanation. I've had domains that got spam which I then didn't host anywhere for years, and then re-hosted, and they still got spam.
Wow. I guess the popularity of web-based email addresses made this technique viable again. Back in the day when almost everyone except AOLers had to configure an email client to send and receive email, proxies that would bounce spam were used. It was effective at first. Then the spammers chose to ignore the bounced emails and just send them anyway. Now that there are so many people online that use the likes of Yahoo, Hotmail and GMail, this might be viable again. Anyone know how to bounce the mails in the Yahoo Bulk mail folder without a POP account?
Seriously, isn't that a bit extreme? Making the service unavaiable is no cure for spam when is unavaiable for everyone else aswell.
Why not just bounce all email for n days but deliver it as well. So you'll have to tolerate the spam and the recievers will have to tolerate the bounces, but the bounce message could include a line saying that it has actually been delivered. That way you avoid shutting down but get the same effects.
I guess I should be surprised that this sort of nonsense made it to the front page, but that's nothing new. (To protest this sort of poor article choice, I encourage you to visit the Jihad.
I've never seen any evidence, in years of running my own mail server, that shutting down for several days stops any spam traffic at all. I run my email domain off my cable modem, so from time to time I will lose service for several days. After it comes back, so does the spam, every single time.
I don't think the author of this article gets it. The spam zombie software that exists on so many people's home computers is not intelligent. It's fire-and-forget. If the message bounces, they don't even issue a "QUIT" command. They just drop the connection. Same goes for 4xx "not right now" style messages. (That's why things like greylisting work so well.
Is this what scientists and researchers investigate these days on the name of science ? Find few more variables and optimize it or find variables and vary them and plot 100 graphs to write in a journal. Weak. -a
I heard this all the time when I worked at a natural foods store. I call bullshit. From QuackWatch.org:
It can be terrifying to believe that one's body is being poisoned by toxins from within. But if this were true, the human race would not have survived, says Vincent F. Cordaro, M.D., an FDA medical officer. "A person who retained wastes and toxins would be very ill and could die if not treated. The whole concept is irrational and unscientific."
Best link I could come up with on short notice.
That said, this anti-spam method sounds interesting. I've been Greylisting on my mailserver for a while now, and it's certainly helped. It would be interesting to compare & contrast and get some hard numbers on how well these (and other) approaches work.
Carousel is a lie!
I've had the same email address for about 6 years and still get virtually no spam.
It's not always been that way, I used to get tons.
I use MacOSX mail.app and made heavy use of the "bounce" function. Many get re-returned due to forged return addresses, but also many go through.
I also used SPAMCOP and reported every single SPAM I got for quiet a period.
It seems that the squeaky wheel gets the oil since I get virtually no spam anymore, probably one every couple of weeks or so from TAPES.COM , which I report every single time, and then bounce. They will get the message.
This is a totaly unacceptable solution in a real-world business environment. Two days worth of bounced emails and even a moderate size company could miss over a $100K worth of online orders. Worse yet they could lose a current customer or, almost certainly, a potential customer. Customers as a rule don't take kindly to bounced orders and then they go to a competitor.
There are drop in solutions out there. Use them if it's a real issue.
I am invisble, and you can't see me.
The spanish inquisition?
I decomissioned a mail server recently. The IP address is empty. The MX record is flat out gone.
Despite this, my packet sniffer still sees ~20 connection attempts per hour to that old address, nearly three months later. They are all bot-infected PCs according to sbl-xbl.spamhaus.org
That address was being mercilessly spammed and under constant dictionary attack.
Ultimately, I was able to use my log files to reconstruct the dictionary they were hitting me with. I put the whole thing under blacklist_to and saw a big drop in junk getting past my filters.
-j
6) T to Y: a) If you have a girlfriend, take a vacation with her.
b) If you dont have a girlfriend, check mails on the temporary alternative email ID.
This just in: Apparently airlines, the U.S. highway system, hotels, parks and other attractions have now opened their doors to people without girlfriends. Also, coffeeshops, bars, music venues, theaters, yoga studios and other local businesses are consdering joining this pilot program on a case by base basis.
Those without girlfriends, then, might be able to take a 48 hour break from the Internet as well.
-b.
I have my own domain, so as an experiment once I temporarily deleted my account for... about a month (sent a temporarly email address to friends and family to use).
A month later, I opened the old account again. Took about 5 minutes to get the first spam. I shut it down again and pernamently switched to the temporary address.
I think that even if the spammers that currently use your address remove you from the list, the problem is you old address will get resold, regardless if it works or not.
I get spam to roughly 3 accounts. www@mydomain, I use that everywhere, usenetMMYYY@mydomain, I rotate that every few months and remove the alias. And the only issue I have with spam is one of my friends decided 4 years ago that I need 12 free CD's and posted my main myfirstname@mydomain on a web site. I'm still getting spam to that address but it comes in spurts. It seems its sold to a new Spam agency every 6 months and I spend about 2 weeks putting more DENY's in sendmail, I get a break for a few months after that. I also use the www address to update my ACCESS list for sendmail.
--
Sacrifice a few days of legitimate e-mail for a drastic reduction in spam, but I'm wondering if it's possible to let some e-mail through while bouncing all the rest - a whitelist approach. This would entail not turning off the server entirely, but responding "no such address" to all but those few names on the whitelist. So you could still hear from Grandpa or Aunt Jo, but all other mail would bounce. Would that be as effective as a complete shutdown? I'm guessing it would, because either way the recipient is unreachable, and thus gets culled from the spammer's lists.
One problem I see with either approach is that the effect may be temporary. You'll get removed from the lists of people sending out mail during those few days you're shut down, but because your address is still in all those "millions of e-mail addresses on CD" lists that the spammers sell to each other, your spam load is eventually going to ramp back up to its previous levels.
Some of us aren't going to be able to use your method, because our mail goes through a forwarder. I buy an e-mail address from pobox.com that forwards to my real address. The SMTP server at pobox.com is always going to look valid to the spammers - unless I temporarily change my alias... and then I risk losing it.
I have an alias that I've been using for nearly 10 years. The beauty of a forwarding service like pobox is that you can keep the same e-mail address no matter what your "real" e-mail address is. The curse of a forwarding service like pobox is that the spam finds you no matter what your "real" e-mail address is. I keep using my e-mail address, clinging to the faint hope that, some day, a solution to the spam problem will arise - one that doesn't include having to change my alias and give the new one to the hundreds of people and web sites that I want to receive legitimate e-mail from.
In the mean time, I use the CRM-114 discriminator. Not ideal, because it gets too many false positives, but until I make the sacrifice of changing to a "clean" alias, it's the best I'm able to do.
It's funny, laugh!
Our Postfix mail server uses Postgrey (click link for graph showing effectiveness), and it's as close to 'magic' as I've seen yet in the antispam category.
-Mark
track down spammers and apply shotgun
A-Day
"I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero!"
Let me guess... I think he'll get the best results when delta t approaches infinity.
I added greylisting to my mail server, and that cut down on both spam and virus messages by a tremendous amount. See http://greylisting.org/ for more info.
From: Sammy Spammy
To: undisclosed-receipient
Subject: Don't buy this: Get it free!
For a limited time you can get the Wally Whizbanger FREE!!!!
...
-- @rjamestaylor on Ello
Fire your network admins, any decent mail-system upgrade should *never* take 48 freeking hours! Guess that's what you get for using Exchange...
-scheides
...is a way to receive email, but reserve the right to send a 'bounce' message sometime in the next, say, 24 hours. So once a day you can go into your server, sort the spam out, and just send out bounce messages en-masse to clear the address out of those lists. It's more work than shutting down the server, but lets you keep the 'good' email coming.
It's /.'d, so I can't RTFA. However, submitter says:
In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic!
Is it just me, or does it seem like one should see a 100% spam reduction after shutting down your mail server.
Additionally, if your mailserver is your laptop, you can actually preserve fertility by using this method as well.
Now, expect an instant change in how spammers handle bouncing email addresses.
i cant seem to come up with a sig.
Mac OSX Mail has a feature which lets you "Bounce" Mail, which essentially mimics the Server Response to an invalid Email Address.
I was recently shocked to find that neither Outlook Express or Outlook have this feature.
Very useful for Spammers and Annoying Ex-Girlfriends.
I setup outlook to only put mail in my inbox from people that are in my contact list.
So if some wants to send me an email, I ask them for theirs first and add it to my contact list.
I never get any spam.
... for about three years. Here is my plan.
I have an account through usa.net. I only give it out to people I trust, i.e., friends and family.
These people gain trust by first using temporary accounts I set up from my ISP (I should point out that usa.net now allows you to create 8 such accounts.) If anyone betrays my trust when using their temp account, e.g., signing me up for crap, giving out my email without permission, sending me "funny" crap, I cut them off. Their temp account is deleted and they never get a new one.
For the internet I set up temporary accounts, e.g., one for Amazon.com and a different one for newegg.com. That way I know exactly who is selling or giving away my account information. For example I started getting spam from an account I set up solely for PCMag's forums, needless to say I now use a fake email address there.
With this system when I do get spam, all I have to do is to delete the account. And because my main account is only used by a very tight group, it NEVER receives spam. Not in the over three years I've used it.
In the past three years I've probably gotten a total of three spams. Which I consider pretty good by any standard.
If someone says he and his monkey have nothing to hide, they almost certainly do.
Well, in my case, a complete shutdown resulted in 100% decrease in spam traffic!
I could not justify my existence if I were a turkey farmer. Would I terminate myself? Undoubtably, yes.
My longtime (and massively spammed) email address was inactive for about six months last year. I reactivated it recently, and the spam poured in just as before (~40 messages/day). I think the people selling/distributing email lists rarely, if ever, purge them for inactives.
As it happens, my ISP is, among other things, in the mobile-radio-communications business, and has a large radio tower. This was struck by lightning a few months ago, and it took them a few days to repair all the systems that were grounded/connected to it. Ever since, I too have experienced a major reduction in spam, but did not know the reason. Their Web site had advertised a free spam-filtering service which I could never get to work, and I thought maybe they had finally fixed it. But perhaps the downtime was the actual cause.
If it was enough to send a copy of the received email to a "legal system" that force the spammer to give you 100$ then spamming would die immediatly. Bear in mind I am not considering as sender the machine that actually sent the Email, to me the sender is the one that "profit" from the Email. Well, ok, not easy as it seems if the spammer is a company based in some remote island...
What kind of IT/MIS group takes a mail server down for two days without using a queueing relay server to avoid creating undeliverable mail on servers all over the place? Who the heck (in their right mind) puts an exchange server directly on the internet anyway (without using a border mail server)? When these guys took their server down, the amount of spam I was getting probably decreased too... Can you say "open relay"?
While people at work spend enormous amounts of time adding stuff to their spam filters, I came up with a solution that also dramatically reduces my spam. All I do is change e-mail addresses about once a year now. My second tip is to register your own domain name, as getting away from a major ISP domain name seems to be the second best way to get a large drop in the volume of spam. And my third tip is, if you have to have a public e-mail address on a web page, make it a temp address and change it about once a month...putting an image of the address on your web page so that you can be reasonably sure e-mail you get at this address came from an actual person.
If you do these three things, you will have almost zero spam.
Usurper_ii
Ron Paul
There are those of us who have been doing this for years. Instead of accepting spam, we reject it at SMTP time as if there was an error. Makes no difference...they send it anyway.
One spammer in particular had a server farm which kept hitting my MTA...so I added a special rule to delay his connection 20 minutes before issuing a rejection notice. It was funny to see 10 of his spamboxes sitting idle....but even funnier that his spamboxes adhered to RFC rules regarding timeouts. It has since stopped.
Virtually all spam email has fake headers, so presumably they would never even get a "your email bounced" message back.
The servers trying to reach you will fail to connect, timeout, wait, try again. They don't try once and then give up.
Standard configuration is for those peer servers to send a note back to the sender after 4 hours ("don't panic, I'll keep trying") and only give up after 5 days (sending another note). Some of the Microsoft servers I've seen are set to be all panicky way too quickly ("d00d, I couldn't reach them after 10 minutes!!!!11! i don't know what to do, here's your mail, it must be their fault,those l0s3rz.")
A two-day outage won't miss anything worth listening to.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
. . . and then optimize the amount of shut-down time required for spam levels to drop to zero!
and finally patent it. Cha ching - you will be adored by this crowd entering the hall of fame with Jeff Bezos (one click fame) and his peers.
This is just an idea, perhaps someone with more knowledge in this area can tell me whether it'd work.
Set the highest priority mail exchanger on a domain to something that doesn't resolve, or something with a firewalled port 25. Then add another mail exchanger (lower priority) to your proper mail exchanger.
As far as I'm aware, more spam systems are designed for speed, not reliability, and many of them seem to do MX lookups and deliver mail directly.. so wouldn't putting a bad exchanger as the highest priority kill a lot of the mail? Maybe not, but just another idea to throw out there.
Many other people have pointed out that this story is a bit odd, that spammers don't manage their lists, so for most people shutting down the server wouldn't produce the effect described in the article. However, even if this DID work, once people started using it, the spammers would adapt.
If people shut down mail servers for three days to get off of the list, the spammers will compensate by waiting four days before really taking you off the list. You can respond by leaving your email off for even longer, with the knowledge that this is, like spam itself, hurting you WAY more than it is hurting the spammer.
--This sig is in beta. Please let us know abut any errors you find.
I got about 65% reduction by turning off HTML in my email. Spammers include images about 4 pixels square that are loaded from their servers. That lets them know that the email address is active. If you turn off HTML, yout email client stops reporting to the spammers that it is active. Big reduction in 4 - 6 weeks.
--Alma
I do that, too. Every spammer that gets caught has to wait around for at least 30 seconds, and usually a minute. Sure, it probably doesn't affect them much, but keeping them busy for a minute means a little bit less they can spam.
Am I to assume that Far is a city? Perhaps a country? It must be a location of -some- kind, otherwise why would someone "go to" Far? I must research this further.
shame on us / for all we have done / and all we ever were / just zeroes and ones
Ahhh, so thats why Microsoft forgot to renew the Hotmail domain! They were trying to reduce spam for their users. How nice!
indierock / punkrock band photos and more... http://www.digitaldefection.net
maybe it started using reverse dns lookups :)
It is now always true, I filed a suit against Avtech Direct and they are still spamming me.
Maybe when the sheriff comes into their offices and takes all their computers to auction -- to pay the $50,000 in judgments from all the lawsuits pending against them), they may stop.
Fight Spammers!
I don't know if you can do something like this in Qmail, Postfix, and the like, but in Sendmail I use a combination of giving diffrent entities different email addresses (spam1@, spam2@mydomain.com, etc.) and putting entries in the /etc/mail/access file to send 550 "user not found" smtp error messages to anyone attempting to send mail to that address.
Essentially I turn my MTA off for that email address. It's suprisingly effective. After a month or two, I can remove an entry from /etc/mail/access and recycle that email address.
And by posting this on slashdot, you've just decreased the chances of it working over the long-haul by 100%.
Spammers can easily adjust to this tactic by retrying seemingly "dead" addresses, only less frequently until it's "alive" again. They are even more likely to do so if it becomes a widely adopted practice.
This solution has no lasting value. Sorry.
No sig.
I was out of the country for about a year and wouldn't you know it, a problem with my DNS prevented me from logging into my personal server at home for about 6 months. This also prevented any e-mail from reaching my server for the same amount of time. As I was receiving SPAM in the neighbourhood of 50 to 60 messages a day, I counted it a blessing. When I returned, I fixed the problem, and was unpleasantly surprised to have SPAM arrive within 24 hours. When the word spread* that my e-mail address was valid again, I started receiving the same amount.
This may technique may work for some, but for those on the lists of persistant spammers it's not going to do much.
*don't ask me how
if(!toilet_paper) roll.replace(new roll);
This is like not eating because you don't want to catch Mad Cow disease.
I am the reader of our official department email address. We've been receiving spams at the rate of about 100 per day. I'm tired of sorting through that in the event that one potential student is in search of information about our department.
Now, I reject all emails with a polite message indicating the new address in a slightly obfusicated form. To date, I have had no problems and the true email queries are getting through and spammers don't (since they don't tend to read the email rejections [yet!]).
If I need to change the message again and point the true address to a different folder (we use the +foldername) to autodirect emails to a folder, I can do so easily.
Try that. It might be a better solution for you.
http://www.your-site.com
They keep a to/from record, and if the to/from record is not found, they add the record to the list and respond 'server busy, try later' to the sending mailer. Most (and there's the rub) legit mail servers will re-try the transmission later. The spambots only try once and give up. The to/from list is aged so old entries drop off eventually.
This has eliminated a huge percentage of the spam mail for us, we went from getting 100+/day to getting 3/week.
The downside is that time-critical messages get through at the mercy and schedule of the sender's retry interval. Stuff like "I forgot my account info, please send it to me" rarely gets through on the first try, although it's a simple matter to ask twice. Also, not all mailers do the retry thing, or they wait a looong time to do the retry (days).
It depends on how many first-time emails you get. If you are doing eBay selling and get 'question for seller' messages, they're going to be delayed, and that isn't a good thing if there is 10 minutes left in the auction. Several folks on the hosting service complained about that aspect and asked to opt-out as a result...
I have folks that scream at me about receiving spam, and I have other folks that demand (under legal action) that I cease and desist all spam-filtering efforts because I am harming their business by blocking emails that lead potentially lead to revenue. Hell, I even have people that don't want virus scanning performed on their emails!
I run several email servers (free/paid/public/private) and i've come to the conclusion that the best thing to do, whatever the approach, is to use the same philosophy/position as the Electronic Frontier Foundation, which essentially boils down to "Do no harm!".
Slashmail.org "The Open Source Email Company"
Spammers, if they're half way competent at what they do, don't give a flying toss if your mail bounces, because ther FROM, REPLY-TO, etc. headers are all fake. While shutting down lke that may result in "legit" email markers taking you off their list, it seems far more likely the new exchange server came with some spam blocking plugins, or there were spammers/viruses using some hole in the old exchange server to spam all the accounts automatically, and they just haven't caught up yet.
I use Spamgourmet for any site that requires an email address.
] @spam gourmet.com
When you register (it's free!) with spamgourmet they ask for a username, password, and forwarding email address. Then when you register on a site you specify a spamgourmet email address like so:
[unique_site_id].[max_email_count].[username
Then all your email gets sent to spamgourmet and they process it based on the rules you set up. If the number of emails you've recieved from unique_site_id is less than max_email_count then it will be forwarded to your real address.
You can change the max_email_count for any unique_site_id after the fact at spamgourmet.com plus get stats on all the addresses you've used. I think the service is perfect.
And best of all the source code is release under the Artistic License so you can use it on your own mail server!
Who am I to blow against the wind? -- Paul Simon
This article mentions how a particular mail server was shut down for a few days to be upgraded. It sort of makes me wonder if possibly some anti-spam measures were also put in place at the same time?
I know that when I began subscribing to a few blacklists, my spam dropped way off. Perhaps they added some sort of SpamAssassin config with automatic deletion? A similar config on my site (with filtering, but no automatic deletion) has cut my spam down so that I only 'see' one or two messages a day.
The author of the original artcle clearly isn't in a position to understand what was actually done to the server, so he is just assuming that an unreachable mail server for two days stopped most of his spam. I have to call shenanigans on this. I'd bet that the Exchange upgrade also included a number of other changes.
"Turn off your server. It worked for me."
Wow. I'm almost speachless. What about all those people that use webmail? What about the spammers that don't look for bounces? Or those that fake the from addresses?
I run a few domains that i have had for years. recently, i was too poor to afford a mailserver. these domains sat idle for aprox 9 months untill i could build a new machine for them.
the day i brought that machine online i recieved spam.
maybe thats covered by the 2.5% of spam that he has allowed for but seriously..
anyways thats my little anecdote for today
I'll just use my special getting high powers one more time...
I'm waiting...
- Kevin
The less confident you are, the more serious you have to act.
I use the Mail program that comes with Mac OS X which uses Bayesian filtering and user defined rules. In the last 26 hours it marked 304 messages as junk and no SPAM/viruses showed up in my inbox. A few weeks ago I started getting 'Rolex' SPAM - I added a rule to classify email with 'Rolex' in the subject as junk and I don't see them any more.
Surely there's some equally good client for whatever OS you use.
No electrons were harmed creating this post, though some may have been subjected to electrical and/or magnetic fields.
My university managed to fuck up and cancel my mail for about 3 months, when I got it back, I was still getting hammered by spam, though the rate had dropped off a bit(it picked back up again without me even doing anything). YMMV
Monstar L
...our inboxes will be filled with "I am detoxing my inbox, please don't email me for 2 days"
I shut mine down for about 2 months. It clears up all the "legitimate" but annoying commercial e-mails that you missed in the fine print, but it doesn't stop the spam itself unfortunately. I guess he just had a lot of legitimate but annoying mailings. On the plus side, I guess it is safer than trying that "click here to remove yourself from our list"
greylisting is a fine idea, but like just about everything else, it's flawed.
There are still many really dumb mailservers out there, and mail clusters which send from various different IPs.
I run a system handling around 15k messages per day on average, with greylisting turned on (and the grey period set to 24 hours!) our support people got enough complaints by phone about really slow email responses (they hadn't got the question yet in most cases) I had to turn it off.
Spamassassin (at the SMTP level), clamav, razor, and a bunch of DNS checks have a near 0 false positive rate, and an acceptably good level of correctness. I get about 20 a day that weren't caught.
Of course it is nice (and easier?) to have an email app that allows you to bounce anything you want in your inbox. Apple Mail app users can do this. There are probably others I don't know of.
This is called greylisting. It will work until spammers adapt and change their mail software to try again.
In the previous article that I read many months ago, the author was attempting to kill off spam by rejecting every message that was sent to him with a non fatal error. Then the sender's SMTP server would attempt to send again some time later. The assumption is that if a message is resent, then it is not a spammer sending the message.
Use pgp and sign there email.
thank God the internet isn't a human right.
Your post advocates a
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which vary from state to state.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires cooperation from too many of your friends and is counterintuitive
( ) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
(x) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
( ) Ideas similar to yours are easy to come up with, yet none have ever worked
( ) Other:
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
( ) Other:
and the following philosophical objections may also apply:
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures cannot involve wire fraud or credit card fraud
( ) Countermeasures cannot involve sabotage of public networks
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
(x) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
( ) Other:
Furthermore, this is what I think about you:
(x) Nice try, dude, but I don't think it will work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Come up with a white list of good addresses, and then reject all others. This way you loose a good amount of mail for the 2 days your shut down, but some important stuff would still get thru. Allow whitelist on border router or host firewall, deny everyone else.
Southeastern Virginia REPRESENT!
Oh, I know. I was replying as AC because I modded the original comment Funny.
But what an idiot... and other idiots...
I've known about this for a while, and yes, it works. But you just announced this as news... so dont expect everyone to bite as much now.
I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero!
Hmmm, shut it off and never turn it back on?
Me use fancy words. Me smart
We discovered this works for your phone line too when dealing with sales calls. We did the cell phone thing for a while then had to get dialup (moved the the country) so we got the land line back. We were able to get the same number since it was only a few months. We noticed a huge decrease in the annoying sales calls as a result.
--Bill
This guy didn't stop and think about things.
In the article he states that they upgraded to a new version of Exchange. New versions of Exchange BLOCK SPAM. So of course he noticed a reduction in the amount of SPAM he received. Also, there will be a window where you will not receive anything because remote SMTP servers have your mail queued because they could not deliver it while the local server was down. Once the queue period begins to expire and all of the servers try to send mail again, he should see his levels of SPAM begin to rise.
The spam may start flowing again. It wouldn't surprise me if there is some time-out b4 a spam relay re-attmpts spaming "dead" hosts.
I honestly don't get any spam on my main email account, my Gmail. Anything that does get forwarded to the Spam folder under Gmail I mark as not spam because it's usually a newsletter. My yahoo account however isn't so lucky. I check it sparingly now and it usually has many spam messages. Yet again, I've had that one for a much longer amount of time.
We have some scripts here that have been monitoring large amounts of mail sent to our servers that appear to be spam. We make this determination when 50 or more messages are sent from a certain domain and then generate 50 or more bounces and when we try to deliver the bounces, the remote server refuses our connection. These are not always spammers and we have to look through the file before we add it to badmailfrom but so far, none of our users have complained about us blocking mail from domains that are important to them. We also use MAPS and these are domains that still make it by MAPS lookup. I offer a copy of the 6,000+ domains that we have collected over the past year or so but want to warn anyone who wants to use it to look it over /search it first to make sure there are not any domains on it that you don't really want to block.
You can find it here:
http://www.freewebs.com/plesk/
Thank you. I'll pass your suggestion to Hotmail.
No no no. DO NOT bounce mail that doesn't pass though spam filter after you accepted it for delivery. You are only spamming someone else.
What you need to do is to reject the email BEFORE you accept it in the queue. That is, after DATA is complete, scan the email and if it fails the test, then reject it at the MTA level. If you accept the email in MTA (ie. after DATA is complete), then DO NOT bounce it because the headers do not have the real FROM: anyway (in case of spam)
Also, if you are bouncing mail after DATA, then your servers will try connecting to some other MTA raising your load. Bad idea.
...Doesn't have a secondary MX declared, or what?
Not a very robust setup...
Who did what now?
It won't work: I deleted my old email address years ago and I still get emails to it.
I don't use Emacs; it uses me.
I have thought of this, but can't live w/o my home email server for that long. Still, I have Spamassasin catching almost all spam, but to give it a hard bounce would eliminate. Wonder if SA 3.0 has some sort of setting for that.
Hmmm...maybe over the weekend I'll just shutdown postfix...
CB
free ipod and free gmail!
When you shut down your inbox, the mail server returns to the spammer that the address was not found. So, this only works with spammers that look for bouncebacks. Well, that's fine, that probably does work for a good number of spammers. If this is the approach you wish to take, why not configure your server to create bounce backs for people outside of your white list or whatever? Seems like it would be a solution without losing potentially important emails.
"Bounces" do nothing to curb spam. Mailwasher used to work by sending fake bounces, but now even legitimate e-mailers don't seem to take you off their list when they get bounces. It's not worth the trouble. One of two things happened here. First and most likely, they put some good filtering on the server when they upgraded. It's likely that it's even the reason why they upgraded. Another possibility is that the software the spammers use may be sophisticated enough to remove addresses from domains without active mailservers, in order to speed up the process (fewer timeouts). Because the bounces don't slow them down at all- they never even see them. But timeouts, that slows them down.
666-607: 6th floor apartment of the beast
I use www.mxlogic.com to deny all medium-high risk spam completely. It intercepts it before it even hits my mail server. I like it.
We are one consciousness experiencing itself subjectively. Back to you with the weather, Bob!
While a lot of sites promise to keep your e-mail private, most also say that they wil share that information freely with their affiliates. And this, my friends, is the lethal catch.
Some companies can have as many as several thousand affiliates, each with their own privacy policies that may or may not promise the same levels of privacy protection. Since the initial policy rarely, if ever, mentions all of these affiliates by name, it's virtually impossibility to know what's happening with your address once you hand it over.
About the only way to be absolutely sure that an e-commerce site is not going to sell your info down the road is to create an individual account for each and every transaction and delete it when your goods arrive (and who wants to do that?).
I'm not tense. I'm just terribly, terribly, alert.
I always wondered if this would work! The truth is, I just assumed that spam/spammers wouldn't look at replies or even the returned mail from daemons. Why would they care? It seems more like a spam-and-run op to me, but if the shoe fits... (and you know what happens when you make an assumption! you make an ass outta you, and Umption!)
========
77 77 77 2e 6d 65 6c 76 69 6e 73 2e 63 6f 6d
The article says that the server was shutdown to install new software. He doesn't say he did it, or that he knows what software was installed...
What do you want to bet that they also installed some sort of spam blocking software during the upgrade?
"DENIAL"-How an optimist keeps from becoming a pessimist- \ \
Postgrey's got a nifty approach of refusing the mail the first time you see it. It returns a "try again later" message when the sender and subject come in and stores that info in a database. Most spam engines seem not to try again later. It does tend to make your mail a couple hours late, though, which might not work for you in some settings. Most of the spams that get through now are "Legitimate" (IE: Marked with ADV) and the occasional 419 scam where the guy went through Hotmail or somewhere. Combined with a low-key filter, I suspect I'd see no spam at all and store a very small amount.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Spammy goodness!!! I love using it to train TBird to filter out and watch those numbers of unread messages in my Junk folder climb like Tenzig Norgay...
To stop spam we need to find that 0.001 % of people who freaking respond and make it profitable...
Who the hell are these people and why have they not been rounded up and sent to ROOM 101 ?!!?
I ask you WHY!!!???
oh the humainty...
from the going-to-far dept.
*cough* going-too-far dept. *cough*
we left for a one week family visit trip. the day after we left, my server crashed (turned out to be a bad ram chip). our email server was down for a whole week!
while we were there on the trip, we kept laughing about how it would drive down our spam for a while.
Eventually, I got home, got the server running again. and you know what? the spam started coming IMMEDIATELY, traffic was right back at the exact same pre-crash levels, the very instant the server was back up.
Our ISP has set up a slightly more elegant way to fliter out lots and lots of spam. They call it DoubleVerify.
From the FAQ (http://www.olympus.net/doubleVerifyNL):
DoubleVerify gets two chances to automatically identify mail. When mail arrives at our mail server the first time our server requests the sending mail server to send it a second time. Spammers rarely comply. Legitimate mail servers typically resend the mail about fifteen minutes later. Once OlympusNet receives mail the second time, it immediately delivers that mail and continues to immediately deliver mail from that sender. The DoubleVerify process works invisibly and is handled automatically by the mail servers.
You can whitelist entire domains (like your company, for example), too. It's worked pretty well for us.
As far as I am concerned, the fight against spam is over and the good guys have won. SA+Clam are just too good.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
In the middle of October I deleted from my mail server a user who received a ton of spam (approaching 100%). I went back and grepped my logs for that user. Each file is a week, higher numbers going backwards a week.
syslog: 0
syslog.0: 9
syslog.1: 17
syslog.2: 18
syslog.3: 9
syslog.4: 22
syslog.5: 16
syslog.6: 28
syslog.7: 1819
Nothing else on the server has changed other than the deletion of this user. Mail addressed to this user but rejected for nonexistence would still be logged. I would think the same things others have said about spammers not checking bounces, and I don't know that I 100% accept the explanation offered, but... could be possible?
this might be a valid solution for those people who run their own POP servers, but for the majority of us its not an option...
:)
since we're being creative here, let me share with you how i keep my inbox spam to a minimum..
i own a domain which i like to use for email. i have *@mydomain.com forward to my user@isp.com email address. so any combination of letters sent @mydomain.com is forwarded to my real address.
this allows me to create Pseudo-Identities (TM) for different sites - for instance, amazon@mydomain.com and slashdot@mydomain.com. if i find that ive started receiving spam destined to amazon@mydomain.com, i simply nullroute that email forward, and voila, no spam.
its also a good thing my isp has their own spamfilter, as does my domain service, as does my email client.
for the cynics: i receive less than 10 pieces of spam in a week.
easier done than said..
smattawichu
yes except that greylisting is so much better than unplugging your server
> ...the grey period set to 24 hours!
That is a ridiculously long delay. I'd dump an ISP that delayed my mailing-lists for a full day.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Spam lists are so massive they cost a lot to actually send. Any reductions in wasted sends can save in cost. Therefore spammers generally remove hard-bounced emails from their lists.
There is a piece of software called mailwasher which does this with a bit of stuffing around. I'd love to see an open source project which combines this with thunderbird spam filtering (ie. bounce anything on the 'delete' list, filter into folder the rest of the suspects for you to pick & bounce at will).
Is there anything like this out there?
I did this by accident.
I was upgrading my linux box from Mandrake 9.0 to 10.0, I had other things that I needed to get running before Sendmail so it was not running for 3 or 4 days. After I turned Sendmail back on my spam volume was much lower.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
So far Ive had my setup email address (based on our account name) and I created one just for me. My email address is in the format blahblah_nospam@mindspring.com - Note: There actually is _nospam in my email address.
;)
Account based email box ~ 25 spams/week over the past year.
My email account : 0!
Reasoning : spammers do s/nospam//ig; on their email addresses.
I really feel for that blahblah_@mindspring.com - They're getting my spam
(For the pedantic yes I know mindspring whitelists - mindspring.com is used as an example)
-B
This is a great idea.
Is there any way we can shut down Earthlink for 2 days? :-)
The article states "Hence the mail server was shut down for approximately 2 days/48 hours (4th Dec evening to 5th Dec noon)." -- 4th Dec evening to 5th Dec noon would be less than 24 hours. He says it's 48 hours, the equivalent of 2 days. Before giving the world bad anti-spam advice, perhaps he should at least learn to tell and measure time better.
24 hours in the Grey does seem like an awfully long time.
/24s instead of IP addresses).
I've got my servers set to 2 minutes and it seems to work just as well as longer periods.
In most cases, the MTA tries within 30 minutes, and the triplet (sending domain, receiving domain, netblock of the sending MTA) is saved, so the next email matching the triplet will go through instantly.
90% of the connections attempts I see look like they are from zombies. Regarless of the period you greylist for, zombies seem utterly confused by the fact you tell them to try again, so I'm pretty sure you'd get good results with the shortest period your software can handle.
Btw, I use 'gld' which covers most of the shortcomings you mentions.
It comes with a whitelist of servers known to be broken (ebay, amazon, and stuff like that), and is able to work based on fuzzy stuff (domain names and
The first time someone connects to send mail, you issue a 4xx error message. If they reconnection in the next 5 minutes, you issue another 4xx error message.
If they connect a second time after 5 minutes, then you take the mail. I bet that fixes 90% of the spam from hijacked machine.
Linux O Muerte!
I don't mask my email addresses, or use any other filtering technique other than a select few RBLs that eliminate 90+% of the spam that comes to any of the three domains I'm hosting.
;)
No extra work/software necessary
JoloK
24 hours is a realllly long greylist time. I think we have ours set to something like one minute. All you really need to do is separate out the servers that will re-queue and try again from those that won't (spam engines).
You're right - it's not perfect. But greylisting is the first practical system I've seen that starts to shift the 'cost' of spamming onto the senders, by forcing them to re-queue the mail and re-attempt delivery.
I saw a notable decrease in Spam after my server was shut down for a total of 3 weeks during the hurricanes this year. Down from about 40% of all mail being spam to 20%. It hasn't increased by much again, either.
:-)
Whether or not it's because of hurricanes or the internet at large is getting better at blocking junk before I even see it is open to debate. I'm not in the habit of shutting down my mail server unless I'm forced too
So, it's a little extreme but it does work. Bear in mind shutting down your server also creates a major headache with mailing lists. Greylisting might be a better option but I don't recommend this for large sites. YMMV.
but once the trend takes off, spammers will just start recycling emails addresses every 3-4 days to make sure....
it's the whole mouse/mousetrap issue...
Personally, I like the Artists 419 approach (http://www.aa419.org/)
Bleed them of their bandwidth and make them pay - Not sure if this actually hurts them that much but if it does, then it would be most gratifying to know that we used the same technology they used on us against them.
l8r
D
...and in the end ineffective. *IF* this is even working as the author suspects at all, it won't take long for the vermin spammers to figure it out and adjust accordingly. I've said it before and I'll asy it again, get yourself a decent spam filter! The Barracuda Spam Firewall is a great commercial product and the ASSP open source product is just as good if you're willing to invest some time getting it going. I think this approach sounds more like hiding behind the door saying "nobody home, go away".
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
Your post advocates a
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which vary from state to state.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
(x) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires cooperation from too many of your friends and is counterintuitive
( ) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
(x) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
(x) Ideas similar to yours are easy to come up with, yet none have ever worked
( ) Other:
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
( ) Other:
and the following philosophical objections may also apply:
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures cannot involve wire fraud or credit card fraud
( ) Countermeasures cannot involve sabotage of public networks
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
( ) Other:
Furthermore, this is what I think about you:
(x) Nice try, dude, but I don't think it will work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
I've found that 90% of spam can be gotten rid of by their use alone. When an email is recieved for the first time it is put onto a grey list and a request for it to be resent is made. Most spam software is of the fire and forget type so don't resend when requested.
I believe that you will find that turning off your email server to stop spam has been patented as the intellectual knowledge of Microsoft. You are in violation of that patent if you turn your server off for that reason. It is my understanding that they have hired RIAA to go after the low life criminals who are stealing this precious intellectual knowledge and prosecute them to the fullest extent of the law.
How long until the spammers simply queue undeliverable email, and try again after a few minutes? I'm suprised they all haven't yet.
Just don't delete spam. Sooner or later, your mailbox will fill up. After a couple days of mail bounceing, many spammers give up. They may even remove you from mailing lists. It's not like its your server getting filled up.
During that time, all the mails sent to my mail account were of course bouncing.
Of course they were NOT. During that time, emails sent to your account were being held at the sending server, or, in the case of spammers who aren't using open relays, there was a timeout during the connection to port 25 on your server. Neither results in a bounce. Most intelligent email systems are set up with a 5 day queue.
In other words, it will take 5 days for bounces to start being sent. That's for real email. For the spam, the bounces will be sent to fake addresses and the spammers will never see them.
I've had systems in place on many of my accounts for YEARS that bounce (reject with "unknown user" errors) spam and the same spammers keep sending the same shit over and over again. I've waatched the mail logs on my domain's servers where 99% of the incoming email is undeliverable spam (it ALL bounces) and the same spammers keep sending the same shit over and over again. Spammers simply either DO NOT CARE if they get a bounce, or do not see the bounces anyway.
There must be a different explanation for the reduction in spam. A new spam filter on the server, for example. Spammers seeing bounces and stopping is patently ridiculous.
This is a bad idea. First point that someone most likely has already pointed out, email from legit MTAs will be queued by default for as much as 5 days before it is bounced back to the sender. Spammers don't use legit MTA's very often, they use primarly zombie systems from unspecting newbies running unsecured systems.
:)
Turning off your server for some period of time will eliminate a large amount of spam for that time period. As soon as you turn the system back on the spam will start up again since the lists the spammers use will be the same. They do not look at rejects or any other kind of error codes. They just spew messages as fast as they can.
So do you want a set of tools that will eliminate 95% or better of the spam?
Then implement greylisting on your server. Seriously, greylisting will reject the vast bulk of the zombie spam being circulated. Then implement spamassassin to tag the few that do get through. Once you have bayes trained and have added few additional rule sets virtually no spam will get through to your users.
Implementing real solutions should be the priority. Most likely the reason the poster saw such a dramatic drop was that he forgot to re-enable his MTA software.
The newer versions of M$ Exchange now have some limited built in filtering. The best thing I have seen lately though is outsourced spam filtering which saves you bandwidth at your site and spam traffic from ever reaching your box at all. The product we have been installing for customers is from mx logic at www.mxlogic.com
I think the only thing that spammers are going to understand is an all-out attack. We need to set up some email servers whose sole purpose is to absolutely annihilate any links from spam it recieves with traffic (like the Lycos screensaver, only it doesnt stop). All of the sites will be unresponsive and they will either have bandwidth bills through the roof or they wont be able to sell anything because no one can get to their site. I'm sure there are many holes in this "solution" (as well as questionable legallity) but there doesn't seem to be all too many other methods that seem to work. We keep complaining and debating what to do and they keep right on spamming. I just think that something like this is going to be the only thing that might make them think twice.
Forward all spam received as-is to spam@uce.gov and to uce@ftc.gov. Although I don't know what they do with it once received, these are the FTC's official spam-reporting email addresses. Theoretically they'll go after the guys who are spamming you sooner or later, but I still get spam from the same losers who were sending it to me six months ago, so we'll see.
Well this won't work in the business world. If I shut this mail server down even to reboot during the day the phone and pagers go crazy. Other problem with your idea is a lot of these spammers just will not go away. yourbigvote.com is still trying to send mail to accounts that have been dead for over 4 years!!! Still they send them and yes still the server just bounces them back. Blacklisting IPs and filters are the only thing that really works. Personally I like to reject thier mail and make it bounce back this does send some traffic back to them they have to deal with.
... I bet your eyes are brown.
The average spammer uses real, though automated, addresses and cares very much about bounces.
Bull. Fucking. Shit. The "average" spammer is a sociopathic get-rich-quick con artist. They *DO NOT* care who they abuse, and couldn't give a shit about bounces.
They're running a business, and the key to efficiency for them is in keeping a clean list of live fishes.
Again, Bull. Fucking. Shit. They don't care about "clean" anything, all they care about is spamming. Actually maintaining their lists would require *WORK* on their part, and since they are in this because they don't want to work, they simply *DON'T GIVE A FUCK*
Take your troll elsewhere, fuckwit.
Damn, I thought this was going to be about slitting spammer throats in thier sleep. oh well
Step 8 is going to be a bit hard nowadays. Many forums require e-mail activation.
I use Popfile and have had little problems with spam. It also gives me the added benefit of binning my mail
100% downtime on my mailserver = 100% decrease in spam ;-)
Mommy. What's a karma whore?
It's topics like this that make me wonder just how many /.ers are spammers, too.
It costs them money to attempt the first email. It costs them money again to retry. It's a numbers game. Make it expensive for them to do their business and they'll go out of business.
Many spam emails have forged 'from' addresses and/or envelope senders, so if you bounce the email, the bounce may end up at some unsuspecting person's email. This only adds to the problem.
I know this will only work if we work coordinated (something like turning the switch off to encourage electricity companies to get down prices), and only to get rid of the really big spammers (not being able to pay for infraestructure because there's no going to be any sales during the blackout).
Carlos Niebla
Grey listing just rejects the first two messages then if their mail server attempts to deliver it a third time it allows the mail through. It works on the assumption that a spammer's software isn't intelligent enough to try more than twice to send a message. I have this setup on our mail servers and its actually quite effective.
Mailinator providees free, temporary email addresses. Just type in somethingorother@mailinator.com, email will be sent there, and the emails within that account will be deleted in a short amount of time.
Cracker
If they updated to exchange 2003, they likely turned on the RBL feature that is included, thus explaining your drop in spam. Ask the sys admins.
Don't Tread on Me
The parent post should be modded up as informative.
/var partition as the poor little machine tried to keep up with temporary spike in mail traffic. Ironically, I ended up temporarily disabling Spamassassin to ease the load on the machine's CPU.
To add my own two cents, I used to run an email setup from my old home Linux box (using Courier for IMAP and qmail for SMTP), which I eventually began to ignore as I moved on to using email accounts from other providers. At some point, the qmail server went down and stayed that way for at least three days before I noticed. When I restarted the qmail server, the incoming email backlog (almost all spam) was so large that it overwhelmed my Linux box, sucking up the tiny amount of installed RAM (32MB) and filling up my tiny
Granted, I am not a mail administrator and never should have been running an SMTP server, especially on an underpowered server -- and there was probably any number of things I could have done to keep the machine running smoothly had I known better -- but the point is that temporarily shutting down your mail server will not reduce the overall amount of mail you receive, and in fact it may temporarily increase many times over the amount of mail that you receive in a short period of time. As the parent poster said, spammers generally use zombie MTAs or forged reply-to addresses, so bounces are ignored, and most legitimate SMTP servers will attempt to resend undeliverable messages for nearly a week.
Wow, it takes two days to update Exchange Server..
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Been using it for 3 months now, but yesterday I deleted all of my messages (after forwarding them to my personal address) and I'm not planning on using it anymore. Though I really like it's interface, and some really nice features (1GB for example ;-), I didn't like what I've read on google-watch.org.
Not saying anyone else shouldn't use it, but at the least know what your doing when you're using Gmail!
I will no doubt be modded down by the Google fanbase, but don't say I didn't warn you
XoloX / Peter Odding
How about building in long delay when responding to a 500? This would only work for small volume MTAs. But even a short delay would bog down big-volume senders of it was widely used.
:-(
If I had my own MTA running for my domain, I'd also try dropping the connection without sending a RST, this would hang the sender's connection for a while, although it would make it slightly easier to get mailbombed.
Workaround that by using a dynamic entry in iptables to block the IP for a few min.
In a past job we had spammers connecting to our mail forwarding service trying to send to "aaaaa@domain", "aaaab@domain", etc. I was working on blocking IPs that did this when I got sacked
You'll never ever get to zero...my gmail account just started getting hit, and that addr has never been used on the web or given out to anybody (used to send mail to about ten recipients total).
Shutdown your server for 1/0f seconds. No spam ever.
This guy has no clue what's going on. His knee jerk reaction is that it must have been because they shut the system off.
Never, not once, did he consider the fact that his admins *upgraded* the exchange server. The probably went from 5.5/2000 to 2003.
By no means am I an M$ guru, but I know for a fact that 2003 comes with a large amount of internal things to help control and minimize spam.
In fact, anyone upgrading to 2003 sees drammatically better spam controls.
Someone revoke this guys geek license, as he just failed the critical thinking test.
Just configure a forwarder [pointing to your real email address] for every site you sign up with. Then only share your real email address with your friends.
If you get spam through one of the forwarding addresses, just delete the forwarder. If it comes through a forwarder that you have created for a website which isn't supposed to share your address, you can then ask them why you are getting spammed on that address.
I've done this for two years no, I have about 50 forwarders, but I never get spammed.
97.5%? How did the other 2.5% get through with your mail server turned off? Yeah I know... I got nothing.
TruePunk | Games
"Hence the mail server was shut down for approximately 2 days/48 hours (4th Dec evening to 5th Dec noon). "
Hrm.... 12/04/04 evening to 12/05/04 noon. And that was "2 days/48 hours" on WHAT planet?
--Insert catchy
seems pretty obvious to me.. server down to install software- spam stops :0
Al Czervik: You're a lot of woman, you know that? You wanna make 14 dollars the hard way?
my car started running poorly a few months ago - so I took it into the shop. when I came back to get my car - they charged me $400. it runs great now. not driving my car for two days fixed it! now I'm going to try not driving it for 3 days to see if it fixes the rips in my upholstry. Also - did anyone else hear that you can reformat your 120GB drive to 260GB with no ill effects? I read that on slashdot a while ago!
People are being really harsh about this guy's idea, especially in his own comments section (often by people stating they've come over from /.) -- wouldn't it be better if this energy spent discussing the viability went towards some experiments to determine the validity? I mean, come on -- you can SAY it won't/shouldn't/can't work all you want, but all this guy is saying is that it DID work for him. I'll take actual over theoretical every day of the week.
So don't say it won't work, and don't say it will -- just try it, and tell us what happens.
A modified version of the mail server software
keeps a database of people who email you. When
it receives a mail from someone new to you instead
of accepting the email it returns 'call again
later'. If it's a spammer with an smtp bot
and not a real email server they will not try
to send the mail again later. If it's a real
message on a real server it will retry again in
a few minutes. Kills most of the spam at the
expense of delaying the first email message
you receive from a new sender.
-- Programming with boost is like building a house with lego. It's a cool but I wouldn't want to live in it
I hired a ThunderBird to do my spam filtering for me. I understand the need for complex solutions sometimes but I would much rather collect all my mail and let T'Bird sort it out.
I ask for a car and I get a computer. How's about that for being born under a bad
The problem here is that spamming is easily modeled by game theory, and the spammers have a dominant strategy.
Your move: optimize how long you need to shut down your e-mail in order to minimize spam. Their move: check one day longer than your precaution allows for.
They can keep pushing it back until it is no longer useful for you to even have e-mail in the first place (i.e., you have more downtime than uptime), and either you end up not using e-mail at all or you end up receiving lots of spam.
First, as others have pointed out, this constant change of address is pretty annoying to friends and family.
Second, I have had my own domain name for about ten years. I am also on dialup because broadband is not available here and satellite is too expensive. A few months ago the spammers discovered this domain name and started sending to random non-existent accounts. I now get about 25,000 spams a day. A friend asked me to save a few days worth for his analysis, since it is pure unadulterated product; the last day's worth is 129MB. A bzip2 tarball is 23MB. This is not the spam to the few true accounts, this is to the completely bogus made up random accounts, like bill123.
I'd love to bounce this stuff, but I am on dialup; it would just revert to my ISP. I can't just drop the connection, because most of the time my ISP has saved it up as secondary MX and is now forwarding it to me.
I love having my own domain name, but my computer wastes a couple of hours a day downloading this trash. When I connect, I have to wait 5 or ten minutes for the flood to dissipate so I can crawl the web.
I thought of doing what this guy has done, and may yet have to. I will probably have to resubscribe to mailing lists afterwards, but it may be worth it.
In other news, shutting off the mail server forever will reduce spam by %100! No false positives at all!
:P
Not having sex will prevent unwanted pregnancies too!
I'd file this submission under the "no-shit-sherlock-dept"
This is quite possibly the most useless thing I've ever seen here - I can't wait for the dup.
works like a champ for me.. It kicks spam assassins @ss big time.
greylisting is a fine idea, but like just about everything else, it's flawed. There are still many really dumb mailservers out there, and mail clusters which send from various different IPs.
Get a different flavor of greylisting that is more flexible then. For example, the DCC greylisting implementation has various "weak" modes of operation that are less strict with respect to remote SMTP server IP address, from and to: addresses, body checksums, and so on.
Please mod all further replies down, including this one to "1, Redundant."
We've continue to try this at my workplace weekly, only to find that the spam continues, and the users are not happy. Go figure.
--"It's Bradford Company, slash your last name, dot your first name"
Seriously, I recommend the following combo, which I have fallen in love with:
http://www.xwall.us/
http://www.esatinformer.com/
Most likely the host added or upgraded a spam filter. Mail servers keep re-sending for more than 48 hours, so it makes sense that something else was done.
If a million monkeys randomly pounded on keyboards, they would all log into AOL.
It gets worse -- they may do it without knowing. Their computers might have spyware infections! I remember e-mailing a temp agency about some work, and went from no spam at all to a trickle that turned into a rush. Really high-quality temp agency, huh. (The spam went away after these bungholes got arrested, though. Lucky me!)
"Once we've identified and embraced our sickness, we'll have strength...and that's when we get dangerous." - John Waters
I think the two-day shutdown solution is extremely optimistic. About half of all spam is sent from zombie PCs now, and the zombie controllers use a fake return address on them.
I was getting 2,000 bounced emails per day from zombie PCs controlled by some spammer who used my domain for the forged return address. The user name was some fake first name or some random characters, followed by my domain name. These came in from all over the world -- Europe, China, Vietnam.
I stopped accepting mail on that domain. But I couldn't disable sendmail because other domains on that server used it; all I could do is reject it using sendmail. Then if a particular IP got too heavy, the monitor program I wrote put in a route block on that Class C so I wouldn't have to see it again.
The level of 2,000 per day remained steady since it started in August. The zombies, you must understand, are not really impressed by such measures. Without the route block, the 2,000 number would have been significantly higher over time.
Then I even had one dude who telephoned me to say that he turned me into the FCC for sending out spam from an email address that was non-functional!
At one point I had the MX records deleted from my nameservers, but that didn't help because the zombie-ware was using the A record.
My solution was to take the domain off of my server entirely. I collapsed the content on that domain into new section on a related domain, and then parked the zombied domain on GoDaddy, and had GoDaddy forward it to my related domain.
End of story. End of domain. Now GoDaddy gets to reject the zombies. A two-day shutdown would have meant absolutely nothing in this case.
I just setup a catchall account on my domain and use whereIampostingmyemail@mydomain.com for every email address I give out. Not only does that identify WHO is sending me spam (shadyecomstore.com@mydomain.com) so I can track back and yell at them, but it allows me to create a rule to block addresses if they get to be too spammed over. This seems to work pretty well along with Baysean filtering and a few rules I have setup.
-Those who know do not say, Those who say do not know
I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero
No need for models and simulations... the answer is 'shut-down time' = Infinity
I disagree. I had an alias email from my old Virginia Tech email address (no I won't post it here!). I got way too much spam so I turned it off (causing an undeliverable message to be sent). Well over a year later I reactivated it and the spam continued to flood in. I don't know why bringing down a mail server for only two days would provide any significant reduction in spam. If the spammers all collaborated to ensure that their lists were all clean THEN it may work but we know this not to be the case. I've read that 99% of emails sent are SPAM (most resulting in undeliverable messages sent back from the mail server). I don't think its really that high but when a large % of emails being sent are not even delivered then shutting down a mail server for two days will only aggravate your friends.
Let Gmail do your spam filtering for you.
Candygram for Mongo!
I've been doing this with kmail. My spam has decreased. It has the bounce option in it. Another plus on it is it doesn't load html files unless I read the code first. Helpful for all those phishing scams. I use kmail as my main email reader.
Danger Will Robinson! You are now entering a condescending Unix user zone!
Yes, it's annoying to find out someone has done it better than you, before you. But that's one of the hazards of the modern age. It's called GreyListing (Or Graylisting if you like the american spelling). It takes advantage of the fact that spam programs generally have very primitive SMTP implementations and when they receive a 'temporarily unavailable - try again later' message, they will just consider the message undeliverable. Greylisting works by keeping a database of destination email address/sending IP address, and the first time a given combination of the two is seen, it is given a 'come back later' message for ten minutes or whatever. It works pretty well. But I wouldn't use it as my only line of defense against spam.
For a detailed explanation why the author of this article is wrong: http://tinyurl.com/6houy
Adds to the problem? If spam gets bounced then spammers will slowly get the word out and you're off their list. Yeah some people will get bombed, like I have when people bounce it and I'm the lucky one to get it. But it's worth the hassle every once and a great while. Better than getting it from spammers all the time Right ?
Danger Will Robinson! You are now entering a condescending Unix user zone!
With tin-foil hat mode ON, this sounds like a sneaky guerilla marketing technique. The next Microsoft press release will include quotes from slashdot like "The massive decrease in spam must have been the new Exchange server they installed."
My first e-mail address was at the University where I worked. When I left the University, my e-mail account was deactivated. I worked outside of the University for two years. When I came back, I set up a new account, and decided to use the old account name I'd had before.
The first time I logged in to check my e-mail on the reactivated account, just four hours later, I had two spam messages in it; apparently the spammers had been sending mail to it anyway. Last time I checked, I had something like 1200 messages in that account, all spam. I don't even bother with it anymore.
-- The reason it's called the right wing? Irony.
convince the US anti-abortionist loonies that spammers are actually supporting baby-killing. A well placed pipe bomb should decrease the amount of spam quite nicely as well.
I use assp (http://assp.sourceforge.net/) tweaked into a whitelist only mode, though I'm sure other mail proxies can be configured similarly. A nice feature of assp is that it automatically whitelists the recipent of oubound mail so replies from them aren't rejected.
Any message that does not match one of my whitelist criteria is not accepted. The 500 error response contains a URL, so any real people trying to email me will receive a message that will direct them to a web page containing instructions on how to get mail though to me. Anyone too stupid to follow those instructions is probably not someone I want to receive email from anyway. ;)
I now receive less than 1 spam per month (down from about 50 or more per day), and that's only when they happen to match one of my whitelisted keywords by accident.
A hard core solution perhaps, and one not suitable for everyone. However, for my home mail server it's ideal.
Buy products from every spam you receive, print each one out and pin it on your wall, then burn your house down.
Our university implemented Greylisting. It works so good, I only get spam coming from legitimate mailers. And I'm once again enjoying the 1 to 2 I get per *week*.
The point I would like to mention though is that spammers sell address lists, particularly to new spammers, and they merge their existing address lists with newly purchased lists. That means that old email addresses are continually re-targeted by new spammers.
I'm gonna write him and ask further details.
:-|
;-P
Hmmm, maybe he receives many similar requests; how would I be noticed? Perhaps I should send my message many times, so as to get more evidence... Yeah, I think so.
Also, it seems he's gone up one level: to avoid being slashdotted, he probably turned off his server...
Keep "the sales process" going over a week, and for the sake of 5 minutes per month of your time, masquerading as a juicy deal will waste 15 minutes of thier time. If everyone does this, it's like an DOS attack on their brain. They end up having all their time wasted by people who look like customers but aren't.
Obviously use a disposable email address for this. If we all do this, it completely changes the economics of the spam equation. The trick is not to start talking too big too soon, otherwise they realise you're not bona fide.
Best of all, it's fun.
If your threshold is set that low, you've gotta be rejecting on the order of 10,000 messages per day, at least, to be having 100 spams hit your inbox.
Seriously, check your configuration. You might be able to get some relief yet!
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
The program should recognize which server it came from("received" in full headers), and blackhole that server because it's obviously an open relay, at the very least.
On a related note, I find it amazing that various antivirus/antispam vendors are still using the "From" line to report abuses. Do viruses or spam ever come from real email addresses? Not usually. I'm pretty much the victim of a "joe-job" on a regular basis because of this.
Make sure your account isn't set as a catch-all account! (i.e. receives mail addressed to any_undefined_address@yourdomain.com)
Use SpamBayes!
I went from 20-40 spam per day in the inbox to maybe 1 or 2 in the "junk suspects" folder.
From the SysAdmin-for-Lusers-department.
/sbin/shutdown -h now
Why stop at spam prevention? You can (temporarily) stop ALL attacks on your servers by issuing the following command (as root):
Amazing.
Cheers
Stor
"Yeah well there's a lot of stuff that should be, but isn't"
So, what you are saying is that even though the DNS is not pointing to that IP address anymore, the address is still getting activity. But this is actually a good thing. Legitimate mailers will always use the IP address listed in the DNS. So, you can exploit this to reduce spam by periodically moving your mail server to a new IP address.
You might change it about once a month. During the transition period (while waiting for cached DNS entries to expire), configure its network interface to accept both addresses. After the time-to-live you have set for your DNS records (one day, three days, 6 hours, whatever), remove the old address and keep the new one.
Presto -- any spam lists which listed the mail server only by IP address will now be trying to connect to a non-existent machine. The only big disadvantage to this approach is that you probably can't recycle that old address for a few years. Or at least you can't use the combination of port 25 and that address.
One other disadvantage is that long-lived connections (ssh sessions that last a month, database connections, etc.) will be affected when you drop the old IP address. But you could solve that problem by continuing to listen on the old address (that is no longer in the DNS) and merely blocking inbound port 25. (If you then log connection attempts that were blocked to that address/port combination, you will have as a bonus some new addresses to add to a blacklist, if you keep a blacklist.)
1) T-30 (days) : Include in your mail signature at the top the foo bar tralala.....This should be highlighted in Bold and in a different color if possible.
Bold? Color? In an email?
2) T-15 (days): Remove all possible traces of your email ID from the Internet, public egroups, discussion boards or any other public forum.
Remove traces from Internet?
Once enough people try doing this, it wouldn't work anymore. The only reason it might work today is if spammers are assuming an address that is dead for a few days is dead forever and not worth keeping on the mailing list. Once they know that's not true anymore, they'll stop purging dead addresss from their lists that quickly.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
You never, ever send HTML formatted e-mail, you idiot.
I work for a group that has purchased a commercial anti-spam solution for our 17,000 users. The support folks have put out a whitepaper (which I can't find right now, but you need a support login anyway) with some tips.
Basically, one of their sugestions was to put a dummy MX record in your DNS. This is a record that doesn't point to an active host or point to a host that is not accepting mail. Most spammers don't worry about which emails were accepted and they certainly don't bother with the overhead of going out to DNS to find the next MX record for a host. This means all the bot-nets try to spam your server, fail, and go away.
They apparently saw a 90% decrease in spam coming in by doing this and I can't see them lying since we already bought their stuff. :) The downside is that this may delay your incoming mail depending on the settings of the sending MTA.
I have run an email server since 1996 and I have got to say this is the silliest idea I have ever heard of...and guess what? It doesn't work! Oh my! I have had a mail server crash and be down for 3-4 days once, and it didn't have ANY effect on the spam that came in. It just picked up where it left off.
Just for the record, address munging and fake addresses are not the answer. Reporting spam is.
Help us build a better map!
All technical considerations aside (3 day retry periods, no central spam DB etc.........) let's just read up on Exchange 2003 marketing literature (not that we should normally trust Microsoft marketing literature, but it suffices that they cannot outright lie about it). They claim to have all sort of *new* spam block features. Perhaps the author may have considered the hypothesis that his IT dept made the switch with these features in mind. At the very least it would be nice if he did a little due diligence (or if he did do some, that he would note that fact) to rule out simpler explanations? Why on earth would spammer's care about keeping lists clean anyway? It's not like they all of a sudden grew a conscience?
Didn't that Occum guy have something to say about crazy theories like this author's rant?
In mimedefang:
You wouldn't believe how much stuff gets outright rejected just by checking the helo, greet_pause, and spamhaus. Spamassassin gets the rest.
I really don't know how I managed to run sendmail without mimedefang before.
LMAO!!
-1 Uncomfortable Truth
In the last month or so I've started getting spam in my gmail account. While their filters are pretty good, it would be nice if there was a mechanism by which everything that went into the Spam directory has a spoofed "address not found" message sent out. If the filters happened to catch a legit email, then I could let that individual know that I got their message.
Waltz, nymph, for quick jigs vex Bud.
http://shit.slashdot.org/article.pl?sid=04/12/09/1 918205
You are generating collateral spam. The sender address (From: and/or Sender: headers, "MAIL FROM:" envelope) are always forged in the case of spam -- "bouncing" a message is just adding to the problem.
Much better to reject at SMTP time, using a 4xx/5xx SMTP response. For details, see the
Spam Filtering for Mail Exchangers HOWTO.
Brain is my second favorite organ.
I use postgrey with postfix, and it seems to work pretty good. By the way, I also run clamav and spamassassin, both of which are handled by amavis-new, which also rejects mail with errant windows attachments. You can read an extensive description of my setup here.
Need a Linux consultant in New Orleans?
Really? I use the internet all the time and I never get spam ever. I don't actually know why!
A much more feasible option is to use the Ironport appliance to replace your public MX. Ironport does DNS lookups for each inbound connection to get a reputation score for the connecting IP from senderbase.org. Senderbase monitors nearly 30% of the world's e-mail and gives each IP address sending mail a reputation score. If the score is too low (you can select how sensitive you want to be) then the Ironport never even sends back an ACK to the connecting SMTP client, making it look like you arent even there while still allowing reputable servers to send mail your way.
I really don't see what the big deal is when it comes to spam.
I care only about spam because of:
-the traffic it generates
-the crap it causes at work on our corporate mail servers
For my personal e-mail, I've used yahoo for years. I get around 60 spams per day. Perhaps bulk-mail doesn't catch one or two of them. It's really not a big deal.
I don't know why anybody would run their own mail server for personal email . Get over yourselves folks, and let somebody else do it for you. It's -been done-, know what I mean?
me plagued by spam mail long time!
"Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
That method may get you marked as a spammer yourself (think high quantities of unwanted email == you getting reported).
/dev/null.
Plus the fact that you may end up holding bounced-spams in your queue for 3-4 days until it expires, and greatly increasing the load on your mail-server. The trick is to bounce before the SMTP transaction is over. If you determine it's spam/bad after the SMTP transaction is over, just drop the email. File to
And as said before, this also just ends up doing what is basically a reverse joe-job. If the sender address is a real email address, you end up filling up their box with all the bounces. This is not kind either.
I have a personal domain that I give out to friends. Then I have a domain I use for e-mail for everyone other than friends and assign everyone a different e-mail address.
For example: microsoft@mydomainz.com for Microsoft. If Microsoft sends my info to a spammer, I can easily shut down the microsoft@mydomainz.com with a simple filter..
I noticed that a lot of spam came through from domain registration.. register1@mydomainz.com.. Now banned. register2.. Now banned. I think I'm on 3 right now.. Those spammers never learn.
The end result is my spam level, although not zero, is so dramatically reduced that its very manageable.. Most of it gets deleted as I see the headers, so it never actually gets read.
I do that, but I use spamex.com to do it. U get tons of disposeable email addresses. I have my own domains, but spamex's interface just makes it easier. I also hosted my own domain there so that I could have my own domain name but still use spamex's interface. I've been doing this for years and it's amazing, I have NO spam at home (my main, private email addy that only family has). If I get spam, I turn off the email addy it was sent to. Viola.
Bill Moran from Potential Tech gave a lecture on stopping spam at the Ohio Linux Fest. He used a method called greylisting and it resulted in getting rid of 99% of unwanted e-mails. The idea behind it is that you send a message telling them that the server is busy. So it temporarily blacklists everyone.
If it is a real person they will send another message later. But spammers and spam-bots will just move on.
His page. His lecture (PDF)
/^([Ss]ame [Bb]at (time, |channel.)){2}$/
I disabled my main email account for 3 months Jan '04 to April '04 because I was getting 20+ spam emails a day. I continued to get the emails even after that shut down period... so this obviously did not work for me. Now I just use a spam filter.
You gotta be kidding. First of all, if it gets "bounced" back to some non-existent e-mail address, spammers don't get no word 'bout nothin'. Second even if it gets bounced back to spammers, they don't care. Many (most) of them are getting email lists from some spam-address distributor, so they don't see themselves as custodians of the list; they just blast away like drunks with diarrhea.
How do I know this? I've owned my domain since 1996, and I've been administrating the email since 1998. I get spam nearly every single day for beth@ahab.com (no point in cloaking it, really), and it has NEVER been a valid address. It often bounces back to the postmaster (me) after not bouncing back to their forged yahoo address and after NOT getting the word out to a single baby-eating spammer (you do know they eat babies, right?), and I see it when I bother scanning my postmaster folder for anything interesting.
Sure, it's worth my hassle if it bounces back to them, but it's probably not worth it to the poor sucker whose yahoo address they forged.
Get a clue: SPAMMERS DON'T CARE. You're kinda hoping that the guy who lets his dog shit on the sidewalk in front of your house is going to be annoyed by the smell.
Expanding a vast wasteland since 1996.
A few years back, my univ. uses spamgard to "filter" junk mail. Before having it turned on, I was getting about 5 spam per day. After turning it on with the default messages and such and leaving it for about a few months netted me with more than 20 hits per day (none of them get through, of course, because none of them were smart enough to reply). Unfortunately, due to limited space on my Unix account, the log file started to fill up. I decided to model my outgoing letter (the one that gets sent if the email isn't accepted yet) to look similar to a bounce email. Let that simmer for a few months resulted in 0 hits now.
It was a good thing that I did this. Within a year, they replaced it with spamassassin, and I haven't figured out how to work it to act similar to spamgard.
Now, I'm very tempted to do the same thing to my Hotmail account...
Could it be that your IT guys used the 48hrs of downtime to install SpamAssassin ? ;-)
Because I doubt any spammer ever used a real reply-to Address and even considered to parse the bounces to clean up their databases.
RedShirt
Microsft spel chekar vor sail, worgs grate !!!
catch all your mail, but send back a server error anyhow...
kinda like those phones that beep like the line is down to keep away telemarketers
even in this better form, it's still a stupid idea cuz it will confuse senders of legit mail
-judging another only defines yourself
So far, it's nearly impermiable, and hasn't filtered a legitimate email yet....
The universe is made of atoms and empty space. All else is speculation. --Democritus of Abdera, 435 BC
Thanks for your email
Please tell me, sir, how I can
Enlarge my penis
Mailwasher Pro supposedly simulates bounced email to fool spammers for people who don't have so much control over their own mail server. I use an older version and it seems to have decreased the junk mail. But I think my most effective anti-spam measure is just keeping the email addresses off of webpages.
...yet 1% (give or take 2%) of attackers managed to attack you.
Through an unplugged router.
*starts making his house into a Faraday cage*
'If you're flammable and have legs, you are never blocking a fire exit.'
First of all, hence the name "codeconfused". This alone should say it all :)) Second great line "blast away like drunks with diarrhea" You must be under the influence that I'm running the mail server. The account I bounce is a yahoo email and all the email I bounce comes from so called legit places. example:staples.com etc.... I never bounce some poor yahoo/aol/hotmail memember. I have had that happen to me at my yahoo addy. If I can't be sure that the email gets back to the real source....then It just gets dumped. Bouncing emails from sites I visit once and then get flooded with specials they're having, I say bounce um and let them think the email addy is dead. Now if sites get bounced, they will give up because it will just clog there system. So bouncing works in the right situations. BTW I keep a yahoo email just for places like AIM who will also sell the email address. And yes I know they eat babies.....I have prove of it !!!!
Danger Will Robinson! You are now entering a condescending Unix user zone!
A few hundred random people received
"The message you sent X was undeliverable"
spam instead.
Maybe it'll teach them to publish SPF Records.
(and no, I don't know what the guy with thick glasses and the powerbook has to do with SPF)
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Unfortunately, not true.
I bounced mail on an ISP address that I grabbed a few years back for approx 6 months and I still got spammed non-stop. I figured it would get me off all the lists the other person was on and the spammers would eventually get the point - nope.
The problem with this is that the spammers never get a notice (unless they're doing things right) that the address is full. To them, they're still delivering to an existing address and, at some point, you'll carve out the offending messages.
so, a co-worker hosts a few domains on his mail server. After he began getting dictionary spammed, he started monitoring the mail logs... whenever it logged a "username not found" error, a script set a null route for that source IP (and an "at" job some period of time later to remove it). Load dropped tremendously, since it was primarily zombie bots spewing spam.
Not perfect, but interesting.
Dump the IRS - http://www.fairtax.org
I certainly would find it unacceptable to shut down receiving e-mail for a few days. But if the concept here is that the bounces that result from shutting down an e-mail account for a few days result in far less spam, then I would certainly be glad to forge some bounces for the damn spammers. Hell, why don't we have an application that can do this automatically, just highlight your spam and hit a bounce button in the mail client? How do I get this in the next release of Thunderbird?
Sure, there are plenty of spammers who use false addresses. I'm the real owner of one they frequently "make up", and I see a lot of both spam and bounces as a result of it. I can assure you that anyone who the spammers are picking on this way by using their address as a false return address is already getting plenty of bounces, and will think nothing of one more. If he knew it was in the cause of fighting the spammers he might even welcome it.
I'm an American. I love this country and the freedoms that we used to have.
This idea is as stupid as they get, the logic is flawed and experience has shown us otherwise. The most spam we get at our company is for accounts that have been bouncing for several years.
Surely no-one will act blindly on this poor fool's ramblings and kill their mail systems?
If you can't figure out what's wrong with it, don't try it.
- mipe -
It doesn't matter, if they do catch on and start using postfix to deliver their trash it still means that they have to wait the 10 minutes that the grey period is before they can deliver their spam.
10 minutes is plenty of time for their server to have hit a spamtrap and gotten listed in a RBL, so when they come back 10 minutes later they will be blocked.
As far as I'm concerned greylisting+spamtrapping is the final solution wrt. spam.
-- To dream a dream is grand, but to live it is divine. -- Leto ][
I mean, come on, advising such things as shutting down one's mail server in order not to receive the spam is not a solution. It's like turning away from a problem and say that if you don't see it, it doesn't exist. It's plain stupid.
:) Really, if someone would come up to me with a "solution" like this I would loudly laugh in his face right away :)
:)
Geez, I just keep smacking my head into my desk, after having read it again
Like, hey the road is bumpy, so I won't use my car for a week, and they'll just go away.
One thing would help though: if you would shut down the spammers' machines for a long while
Man, my head still aches from this one.
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
That's the whole idea behing greylisting - log and soft reject the first time ("too busy" signal), pass the second time. However, there are 2 problems with that:
1) with the amount of zombies out there it's not going to be that hard coding in a retransmit.
2) a really intelligent trojan will look for the connected ISP mail relay. As the data is coming from the inside it's be allowed until the ISP spots the flood and bars or throttles it.
In either case your greylisting is history.
Insert
And spam filters happen to be the getting rid of spam the easy way.
Sindri Traustason.
I just want to add my support to your position. What we have earned from our efforts to automatically filter away the junk at the receiving end is the ability to accept far more junk mail than any human could possibly read. Networking resources have been allocated (by the recipients) to accomodate the senders rather than the recipients themselves.
If your domain serves 100 users, each willing to receive up to ten messages per day (on average), your domain mail server should be configured not to accept more than 1,000 messages per day in total; anything in excess of that would be pointless. This can be accomplished in a number of ways, say by having your mail server shut down for most of the day (as the article suggested), or by delaying inbound sessions. Of these two approaches, I believe the latter is least likely to cause problems also to legit senders (including mailing lists), since the protocols involved (TCP and SMTP) are designed to repeatedly retry failed connection attempts until delivery is successful.
When people call me on the phone to give me information, I make a point of writing that information down while I'm still talking to them. If instead I were to allow them to hang up, chances are I might get another call before I get to write down the notes from the first call, and I might forget it altogether. I don't think this imposed delay is considered rude or costly to the first caller; I'm simply making sure their message to me is not lost. It should be the same with e-mail; having the SMTP server say to the SMTP client "please hold on for a minute while we sort things out here" is certainly less costly to the sender of the message being delayed, than saying so on the phone.
If mailing list operators and other senders of legit bulk mail need the ability to make several outbound connections simultaneously, they can have it, but there is no point in the receiving server being able to accept multiple inbound connections simultaneously if there aren't enough users around to even read the messages.
You greylisting interval(24 hours) is totally braindamaged.
Evan's original suggestion is 1 hour.
I use 1 minute, and that works just dandy.
If you are using Exim 4, then you can use the Bagley greylisting system. Unlike other systems for Exim 4, it does not require fancy recompilation of the Exim 4 binary and can just be plugged in to a vanilla setup.
Our Exim 4 server uses Bagley.
Unlike other systems for Exim 4, it does not require fancy recompilation of the Exim 4 binary and can just be plugged in to a vanilla setup.
The whole reason I got my own domain was to have a simple address I could give out that people would remember easily. And it doesn't matter how careful you tell people to be. Inevitably you'll get an evite from someone, or someone will give out your "real" address to someone who likes to send email greeting cards. Or some idiot will get a virus and start sending you 300 screensavers in a zip file with a password of 8828282. You get the idea.
I also tried TMDA, but confirmation schemes are not an acceptable solution for me.
In the end, I opted for clamav+spamassassin. This solution has far surpassed even my most optimistic expectations. About 1 spam per 200 I receive goes to the "probably spam" folder and about 1 spam per 5000 hits my inbox. The rest are rejected in the SMTP session.
I know what you're thinking: false-positives. Well, I only reject viruses and SA scores >10. I have never ever ever had someone contact me asking why his/her email was rejected as spam. Seriously, not even once.
It seems the talented folks at spamassassin are just too good at keeping a few steps ahead of the spammers. And clamav kicks ass all over every commercial AV solution I've tried in terms of performance and accuracy.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
If you know, how do you know? Do you look at your TMDA pending folder and sift through it for false positives? If you do, how is that better than no spam filtering at all?
I ask these questions because I kicked out TMDA for these reasons. I found myself still looking at spam trying to find missing emails and finally I said screw it and adopted a more elegant solution. Oh well.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
The Artists Against 419 bandwidth sucker has taken out a couple hundred spammer websites from the Nigerian 419 crowd. I'm not running it today - the new NetBSD release came out so I'm wasting my bandwidth running Bittorrent instead (and there seem to be lots of high-bandwidth people seeding the torrent, so I've been downloading at 1.5 Mbps all morning.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Isn't it possible (even likely) that part of the Exchange Server maintenance was an anti-spam filter? Not only would that explain the drop in spam, but also makes more sense since it's not like you get the same spammers spamming you over and over again. Your email is passed around like a cheap prom date for as long as there are new spammers buying 'millions' CD's. So a 2 day shut-down won't likely thwart brand new spammers who get your email address after the two day turn around. Further, often spammers use programs to generate 'likely' email addresses at common domains. Again, a 2 day shut-down wouldn't thwart this. It just seems likely that an anti-spam filter was put in place during the 'upgrade'. Finally, it is proven that over 95% of spammers don't use valid return addresses, so the majority of spammers who sent you email before wouldn't get the 'bounce message' anyway.
As for other methods that work, I use a self-created method that heavily relies on rules/filters that requires a lot of set up, but no real maintenance afterwards. It basically involves writing a rule/filter that moves known friends and family, and safe domains, to a "good" folder (a whitelist). Then write a filter that moves (to a 'junk' folder) everything with an "@" character in the from address. Now, to prevent missing friends or families that email you with a new email address that isn't yet on your whitelist, you write a filter to 'reply' to all 'junk' mails with an email that states ["you've been rejected by my spam filter. Please put 'CodeRed' in the subject line and resend your message or write 'check your junk folder for this email address and the original message'"]. This can be annoying for some lazy friends, but they only need to do it once per new email address. Then, you write a rule/filter that will put all emails where the subject contains "CodeRed" into a 'Pending' folder. Here you can read emails that didn't make it to your whitelist, but also be alerted when someone had to use this method to reach you, and by result, put their new address on your whitelist. Finally, you make a rule that recognizes whenever the word or words "Returned mail" or "Bounce" or "Daemon", etc, is placed in another folder (called 'Bounced', perhaps). This prevents your auto-reply from continuously replying to the same bounce message over and over again. "out of office" replies can also sometimes cause this mail-war, but usually mail servers recognize this and don't send back an 'out of office' reply to the same address more than once (since two out of office' computers would war all weekend long otherwise).
Anyway, after all that set up, it's easy from there. 99% of spammers do not use valid return addresses (as my method has proven) so the myth that replying to spammers lets them know you have a valid email address is just that, a myth. I have used this system for over a year now, and have had nearly a 100% effectiveness with it. I have had less than 5 spammers actually take the time to read my response email, and put the 'CodeRed' in the subject line. From there, I can blacklist their email address. Finally, I can change the codeword as often as I want since it doesn't affect anyone on my whitelist.
The funny thing about this method is when I post it somewhere, a few people ignorantly tell me 'it wouldn't work' and give theories as to why it wouldn't, and don't realize it IS working, and has been for over a year.
"Artificial Intelligence usually beats real stupidity."
By default the sender connects to the primary MX record, then the backups, and if no MX exists it connects to the A record.
A good idea is to apply RBL lists, such as SORBS, and make a primary MX (say priority 10) point to some rediculous place like this.mx.is.fake.domain.com (the A record would have no responding SMTP), and the backup (priority 20) being the actual receiver.
The above should help matters.
Using SORBS alone does meant that DHCP'd senders cannot connect. Greylisting is a very effective means too.
Why UNIX?
It bans false or misleading header information. Your email's "From," "To," and routing information ? including the originating domain name and email address ? must be accurate and identify the person who initiated the email.
I know that not all spammers follow the rules, but you would be surprized at how many do. Many of the emails I get will bounce back to me when I bounce them. So far I have had none bounce back to me. The best part is my spam count is way down. What I believe is that this guy who did the server shutdown found out that if the spammers find a dead end they just take you off the list. They have too because it's pounding them with their own crap.
As for the spammers that don't follow the rules. Then all the email that would of gone to his server ended up bouncing to all the net.
Danger Will Robinson! You are now entering a condescending Unix user zone!