Slashdot Mirror
De-spamming Your Inbox The Hard Way
ajain writes "Even after using precautions like dummy email address in public forums, I have been plagued by the spam mails for long time now. Accidentally, I hit upon a not-so-elegant but effective solution recently: Ever thought of shutting down the mail server temporarily to stop spam to your inbox permanently? Well, it seems to work. In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic! Here are the details and a step-by-step guide to this desperate-method of spam reduction. I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero!"
...if you don't mind missing potentially important emails. It's a bit overdrastic and if you're supporting multiple users, it's going to be a totally unacceptable solution.
[insert witty sig here]
This is the same as not using email at all. Personally I find this technique useless. Don't you?
A few hundred random people received
"The message you sent X was undeliverable"
spam instead.
Nice.
I don't know the meaning of the word 'don't' - J
The article says that the school upgraded to a new version of Exchange during that two day period. IS it possible that during the course of the upgrade they also added some anti-spam features that aren't visible to the end user?
I know that personally I've had my mail server go down for more than two days without a backup relay and had no notable drop in spam traffic.
This sig has been temporarily disconnected or is no longer in service
Bounce != no SMTP session at all
Spammers care little if at all about bounces. Ponder, for a moment, how many bounce messages his server sent when it was off if this is still confusing you.
This is a totaly unacceptable solution in a real-world business environment. Two days worth of bounced emails and even a moderate size company could miss over a $100K worth of online orders. Worse yet they could lose a current customer or, almost certainly, a potential customer. Customers as a rule don't take kindly to bounced orders and then they go to a competitor.
There are drop in solutions out there. Use them if it's a real issue.
I am invisble, and you can't see me.
No. Bounces never reach the spammer. Ever. Spammers always use fake sender addresses, so the bounces will go to an innocent bystander.
So, while totally ineffective, you also burden the innocent bystander with yet another bounce.
The only way to combat spam is to reject it on the SMTP level.
Note that the guy in the article was wrong. When a mailserver is offline for two days, no bounces are sent. Sending mailservers will usually retry for 5 days before bouncing the message.
However, spammers don't use mailservers to send their spam, they deliver the spam direcly to the receiving mailserver. They've got instant feedback on wether the spam is accepted by the mailserver or not.
When a mailserver is offline, spammers will know immediately. However I doubt they'd remove your name from the list because of this simple fact. Mailservers are regulary offline for multiple days.
In this case I rather think they installed a very good spamfilter on that brand new Exchange Server.
This is your sig. There are thousands more, but this one is yours.
I'd bet a beer that the new mail server installed at his institute includes some form of spam protection. My university's mail system has gone down for two days, and I still get one or two hundred spam mails a day. (of course, only one or two make it through the spam filters :)
If it was going to take that long, I'd throw up another box, point an mx record to it and hold the email there.
Would look more professional that eveyone getting email around the lines of "Your email could not be sent for the past X hours......"
Sendmail will do this almost out of the box if MX records are correct.
Yep, I never spell check.
More incorrect spellings can be found he
I wonder if someone might write a program or plugins for existing mail programs to adapt on this approach? Every time you mark a mail as junk, it sends it back to your mail server to be treated as if it were bounced. This way anything you mark as junk gets bounced back to the spammer as if your mail server was down. Have the cake and eat it too?
You're right, I wouldn't steal a car. But if it were possible, I sure as hell would download one!
Many spam emails have forged 'from' addresses and/or envelope senders, so if you bounce the email, the bounce may end up at some unsuspecting person's email. This only adds to the problem.
- "blocklists" are also questionable because the maintainers of these lists gain a lot of power and often ask for huge amounts of money for address-ranges which were accidentally added to be removed again!
- "teergruben" are a nice idea, but they would have to rely on source address filtering or only kick in after a few hundred messages. and if the spammer simple multithreads his sending "server" he might not be THAT bothered with slower delivery, as he can have thousands of concurrent deliveries, totally bogging down the receiving server!
and also, if teergruben should just be the exception it is trivial to add a timeout to the delivery routine to abort after 1 minute or so of trying to deliver!
- "bandwidth suckers" - this is just the kind of anarchistic vigilante justice that SHOULD SIMPLY NOT occur! even if it were not for the "collateral damage" to the network infrastructure and "innocent" pages being accidently hit, this is no better than stoning criminal suspects to death without proper trial...
- "sugarplums" - this idea is actually pretty good but looking at the small return that spammers are getting at the moment this won't really slow them down much. even at 1% reached mail addresses the spammers still have virtually no cost in sending millions of mails out and thus will be hindered but far from stopped by injecting wrong mail addresses! also you have to generate those fake addresses without the spammers getting behind your mechanism of randomizing the addresses and you MUST also take care NEVER to inject a valid mail address by chance!
there has actually been quite a discussion how to make mailing more "reliable" on a grand scale and i still find the idea of forcing mail servers to solve some computationally expensive computation rather nice. although this will cost legitimate service providers a little in hardware this will hit the mass mailers by far worse because they simply rely on cheaply mailing millions of mailings in a short time frame...
well, so much for "innocent" protocols used in a hostile, mercantilistic, hard-to-trace and more-or-less-anonymous environment...
jethr0
And when a spammer puts your URL in their spam, you'll just happily pay the bandwidth bill in the name of fighting spammers?
Repeat after me: Do not fight abuse with abuse.
Give a man a fish, he'll eat for a day, but teach a man to phish...