Slashdot Mirror
De-spamming Your Inbox The Hard Way
ajain writes "Even after using precautions like dummy email address in public forums, I have been plagued by the spam mails for long time now. Accidentally, I hit upon a not-so-elegant but effective solution recently: Ever thought of shutting down the mail server temporarily to stop spam to your inbox permanently? Well, it seems to work. In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic! Here are the details and a step-by-step guide to this desperate-method of spam reduction. I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero!"
You might entertain another method - if you have an internet domain of your own. Make use of mail-subdomains that you cycle through regularly.
And only trusted friends give permanent (or ermanent sub-domain) email addresses.
And as for mailing lists, if you use procmail to filter inbound messages on mailing lists, scan for specific things in it, e.g. don't just scan for the recipient, but also for specific mailing list headers. Anything that falls through this sieve you throw away (or, at least, quarantine it in a separate location).
...if you don't mind missing potentially important emails. It's a bit overdrastic and if you're supporting multiple users, it's going to be a totally unacceptable solution.
[insert witty sig here]
How about just shutting off your computer for good?
Or just bounce the emails while continuing to use email normally.
Check out Mailwasher.
Has a great bounce function, although in my experience bounces don't neccesarily always cause a removal from spam lists.
They left out a t.
In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic!
Rumour has it that shutting down your server permanently will result in a 100% reduction in spam traffic.
Manually deleting them one by one is the hard way.
Don't be fooled: there are plenty of stupid ones.
I shut down my e-mail server for a year and a half when I was getting the strange Spanish spams.
When I brought it back online again, I started seeing them again.
Mod me down and I will become more powerful than you can possibly imagine!
Just unplug your ethernet cable and your Windows box will be safe from worms!
Beware the airborne version.
If I'm not mistaken, doesn't KDEMail have the ability to send back "fake" bouncebacks to spam messages? I've been hoping that Evolution would get something like that for a long time, but it would seem like a good idea for just about any email client.
That way, you click a button and send the "bounceback", and hopefully after enough, the spammers would remove you from their lists.
Find out about the Lexus Rx400h Hybrid!
What are the odds the new mail server he is using put spam filters on there for him and he just didn't notice?
After reception bounces (ie they've hit your inbox) are a BAD, HORRIBLE idea. Most of the information in spam is forged. If you can reject at SMTP reception time, then it's best to use a service like SpamCop to report the offenders.
A few hundred random people received
"The message you sent X was undeliverable"
spam instead.
Nice.
I don't know the meaning of the word 'don't' - J
And this may just be me but if I was going to upgrade me email server I would put Spam blocking software on them. So I wouldn't turn of my email server till I found out if the there is now anti Spam software on this guys servers cause lets face it two days of bouncing isn't going to purge you from that many lists.
I've got domains that I have left inactive for year then re-added them to dns and set up mail accounts for them and the spam comes in immediately.
Spammers simply aren't diligent when it comes to maintaining their list, they don't remove bounced emails (as they have spoofed all the headers anyway so they don't receive the bounces) they don't remove the address from domains without MX records or no reponding hosts(as they send all the spam from botnets that don't report failures back anyway).
I don't know what this guy did but he is thoroughly mistaken.
----
So this is the equivilant of reinstalling windows every six months on your computer, I guess. I imagine the spam will begin again after a time. "I will be unavailable by e-mail for two days while I de-spamify, contact me later." Of course, you'd like to have that as an auto-reply, but then I guess this wouldn't work. For me, GO GMAIL SPAM FITLER GO!
That sounds to be like a really inefficient form of greylisting.
By the way, I started greylisting on my mail server a couple of days ago, and my spam has gone down to virtually zero.
I'll just give my IT folks a ring and see what they think of that. Mmmmkay.
You want us to what?!?!?!
(Score:-1, Wrong)
I had a domain that didn't have mail service for about 2 years. (it was for an old company that no longer exists) In that time, any and all messages would have bounced.
I re-enabled email on it out of curiosity. Tons of spam started arriving almost instantly.
Spambots don't check for bounces. The majority of them don't have valid reply addresses for the bounce to reach anyway.
I've been using SpamAssassin with a Qmail setup for some time now and I've pretty much filtered out 95-98% of all SPAM. SpamAssassin has a Bayes learning system that can learn between the spam and non-spam messages and it works well.
Beat the computer, program your life.
the fact they might have installed some anti-spam filters when they were upgrading the mail server? duhhh
For now I'll stick to blocklists, tarpitting, and spam filters.
Couldn't we just ask spammers to stop? I'm sure if they were aware that many people didn't enjoy their email messages they would likely find a new way to advertise. They surely wouldn't want to offend potential customers, right?
Simple solutions for simple problems, lol!
Anybody want to help me shutdown hotmail for a couple days?
..perhaps won't slow the flow of spam but will let you know who that bastards are that are selling your email in the first place. Buy a domain name then use a different email address of every site that asks for an email.. for example 'amazon_email@yourdomain.com' if you fill in a form at amazon.com.
You'd be suprised at the sites that promise to protect privacy and don't.
This would require shutting down or disabling backup MX servers also. Or, maybe changing the DNS records to remove backup MX servers.
Regardless, it would be pretty desperate to do that.
BTW, it took 48 hours to upgrade a MTA?! I'm glad I don't use Exchange.
-molo
Using your sig line to advertise for friends is lame.
Now THAT is some funny shit! (pun intended)
The article says that the school upgraded to a new version of Exchange during that two day period. IS it possible that during the course of the upgrade they also added some anti-spam features that aren't visible to the end user?
I know that personally I've had my mail server go down for more than two days without a backup relay and had no notable drop in spam traffic.
This sig has been temporarily disconnected or is no longer in service
Stop putting your email address on your blog. And your phone number.
it's not going to stop brute-force dictionnary-based spam.
I find it especially annoying that gmail forwards me spam (albeit in my spam box) based on variants of "day.of.the.tentacle", eg dayofthe[whathaveyou]@gmail.com (yes, even without the dots between each word).
Thank you Google.
I would much rather spend 2-3 minutes a day deleting those spams that weren't caught by my automated spam filter, then miss even one legitimate business email message.
Share and rate p
Unfortunatly, this solution doesn't work, and only affords a temorary reprieve from spam. I attempted the same thing. The problem is that your email address is on a list that is never *pruned*. It's resold and redistributed again and again, and while your current spammers may have pruned you from their lists, future spammers will check the address and see it as active, and continue spamming.
Sorry, there's no easy way out of spam.
Isn't this just a variant of greylisting? (the link is the first hit on google for 'greylisting')
In case of our university mailserver it worked like magic. I was getting 100 spams per day and now I get 4-5 and these are mostly from 'professional' "spamming houses" (the ones with proper mailing lists and proper mailservers, but which don't like poeople who try to unsubscribe).
Doomie
I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero!
Until spammers will send you a ping email to verify if your box awakes next week. Without any unnecessary top theoretical models...
There you are, staring at me again.
That sounds like a more reasonable explanation. I've had domains that got spam which I then didn't host anywhere for years, and then re-hosted, and they still got spam.
Wow. I guess the popularity of web-based email addresses made this technique viable again. Back in the day when almost everyone except AOLers had to configure an email client to send and receive email, proxies that would bounce spam were used. It was effective at first. Then the spammers chose to ignore the bounced emails and just send them anyway. Now that there are so many people online that use the likes of Yahoo, Hotmail and GMail, this might be viable again. Anyone know how to bounce the mails in the Yahoo Bulk mail folder without a POP account?
Seriously, isn't that a bit extreme? Making the service unavaiable is no cure for spam when is unavaiable for everyone else aswell.
Why not just bounce all email for n days but deliver it as well. So you'll have to tolerate the spam and the recievers will have to tolerate the bounces, but the bounce message could include a line saying that it has actually been delivered. That way you avoid shutting down but get the same effects.
I heard this all the time when I worked at a natural foods store. I call bullshit. From QuackWatch.org:
It can be terrifying to believe that one's body is being poisoned by toxins from within. But if this were true, the human race would not have survived, says Vincent F. Cordaro, M.D., an FDA medical officer. "A person who retained wastes and toxins would be very ill and could die if not treated. The whole concept is irrational and unscientific."
Best link I could come up with on short notice.
That said, this anti-spam method sounds interesting. I've been Greylisting on my mailserver for a while now, and it's certainly helped. It would be interesting to compare & contrast and get some hard numbers on how well these (and other) approaches work.
Carousel is a lie!
This is a totaly unacceptable solution in a real-world business environment. Two days worth of bounced emails and even a moderate size company could miss over a $100K worth of online orders. Worse yet they could lose a current customer or, almost certainly, a potential customer. Customers as a rule don't take kindly to bounced orders and then they go to a competitor.
There are drop in solutions out there. Use them if it's a real issue.
I am invisble, and you can't see me.
I decomissioned a mail server recently. The IP address is empty. The MX record is flat out gone.
Despite this, my packet sniffer still sees ~20 connection attempts per hour to that old address, nearly three months later. They are all bot-infected PCs according to sbl-xbl.spamhaus.org
That address was being mercilessly spammed and under constant dictionary attack.
Ultimately, I was able to use my log files to reconstruct the dictionary they were hitting me with. I put the whole thing under blacklist_to and saw a big drop in junk getting past my filters.
-j
6) T to Y: a) If you have a girlfriend, take a vacation with her.
b) If you dont have a girlfriend, check mails on the temporary alternative email ID.
This just in: Apparently airlines, the U.S. highway system, hotels, parks and other attractions have now opened their doors to people without girlfriends. Also, coffeeshops, bars, music venues, theaters, yoga studios and other local businesses are consdering joining this pilot program on a case by base basis.
Those without girlfriends, then, might be able to take a 48 hour break from the Internet as well.
-b.
I get spam to roughly 3 accounts. www@mydomain, I use that everywhere, usenetMMYYY@mydomain, I rotate that every few months and remove the alias. And the only issue I have with spam is one of my friends decided 4 years ago that I need 12 free CD's and posted my main myfirstname@mydomain on a web site. I'm still getting spam to that address but it comes in spurts. It seems its sold to a new Spam agency every 6 months and I spend about 2 weeks putting more DENY's in sendmail, I get a break for a few months after that. I also use the www address to update my ACCESS list for sendmail.
--
Sacrifice a few days of legitimate e-mail for a drastic reduction in spam, but I'm wondering if it's possible to let some e-mail through while bouncing all the rest - a whitelist approach. This would entail not turning off the server entirely, but responding "no such address" to all but those few names on the whitelist. So you could still hear from Grandpa or Aunt Jo, but all other mail would bounce. Would that be as effective as a complete shutdown? I'm guessing it would, because either way the recipient is unreachable, and thus gets culled from the spammer's lists.
One problem I see with either approach is that the effect may be temporary. You'll get removed from the lists of people sending out mail during those few days you're shut down, but because your address is still in all those "millions of e-mail addresses on CD" lists that the spammers sell to each other, your spam load is eventually going to ramp back up to its previous levels.
Some of us aren't going to be able to use your method, because our mail goes through a forwarder. I buy an e-mail address from pobox.com that forwards to my real address. The SMTP server at pobox.com is always going to look valid to the spammers - unless I temporarily change my alias... and then I risk losing it.
I have an alias that I've been using for nearly 10 years. The beauty of a forwarding service like pobox is that you can keep the same e-mail address no matter what your "real" e-mail address is. The curse of a forwarding service like pobox is that the spam finds you no matter what your "real" e-mail address is. I keep using my e-mail address, clinging to the faint hope that, some day, a solution to the spam problem will arise - one that doesn't include having to change my alias and give the new one to the hundreds of people and web sites that I want to receive legitimate e-mail from.
In the mean time, I use the CRM-114 discriminator. Not ideal, because it gets too many false positives, but until I make the sacrifice of changing to a "clean" alias, it's the best I'm able to do.
Our Postfix mail server uses Postgrey (click link for graph showing effectiveness), and it's as close to 'magic' as I've seen yet in the antispam category.
-Mark
track down spammers and apply shotgun
A-Day
"I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero!"
Let me guess... I think he'll get the best results when delta t approaches infinity.
I added greylisting to my mail server, and that cut down on both spam and virus messages by a tremendous amount. See http://greylisting.org/ for more info.
From: Sammy Spammy
To: undisclosed-receipient
Subject: Don't buy this: Get it free!
For a limited time you can get the Wally Whizbanger FREE!!!!
...
-- @rjamestaylor on Ello
...is a way to receive email, but reserve the right to send a 'bounce' message sometime in the next, say, 24 hours. So once a day you can go into your server, sort the spam out, and just send out bounce messages en-masse to clear the address out of those lists. It's more work than shutting down the server, but lets you keep the 'good' email coming.
It's /.'d, so I can't RTFA. However, submitter says:
In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic!
Is it just me, or does it seem like one should see a 100% spam reduction after shutting down your mail server.
Additionally, if your mailserver is your laptop, you can actually preserve fertility by using this method as well.
Mac OSX Mail has a feature which lets you "Bounce" Mail, which essentially mimics the Server Response to an invalid Email Address.
I was recently shocked to find that neither Outlook Express or Outlook have this feature.
Very useful for Spammers and Annoying Ex-Girlfriends.
... for about three years. Here is my plan.
I have an account through usa.net. I only give it out to people I trust, i.e., friends and family.
These people gain trust by first using temporary accounts I set up from my ISP (I should point out that usa.net now allows you to create 8 such accounts.) If anyone betrays my trust when using their temp account, e.g., signing me up for crap, giving out my email without permission, sending me "funny" crap, I cut them off. Their temp account is deleted and they never get a new one.
For the internet I set up temporary accounts, e.g., one for Amazon.com and a different one for newegg.com. That way I know exactly who is selling or giving away my account information. For example I started getting spam from an account I set up solely for PCMag's forums, needless to say I now use a fake email address there.
With this system when I do get spam, all I have to do is to delete the account. And because my main account is only used by a very tight group, it NEVER receives spam. Not in the over three years I've used it.
In the past three years I've probably gotten a total of three spams. Which I consider pretty good by any standard.
If someone says he and his monkey have nothing to hide, they almost certainly do.
Well, in my case, a complete shutdown resulted in 100% decrease in spam traffic!
I could not justify my existence if I were a turkey farmer. Would I terminate myself? Undoubtably, yes.
My longtime (and massively spammed) email address was inactive for about six months last year. I reactivated it recently, and the spam poured in just as before (~40 messages/day). I think the people selling/distributing email lists rarely, if ever, purge them for inactives.
As it happens, my ISP is, among other things, in the mobile-radio-communications business, and has a large radio tower. This was struck by lightning a few months ago, and it took them a few days to repair all the systems that were grounded/connected to it. Ever since, I too have experienced a major reduction in spam, but did not know the reason. Their Web site had advertised a free spam-filtering service which I could never get to work, and I thought maybe they had finally fixed it. But perhaps the downtime was the actual cause.
What kind of IT/MIS group takes a mail server down for two days without using a queueing relay server to avoid creating undeliverable mail on servers all over the place? Who the heck (in their right mind) puts an exchange server directly on the internet anyway (without using a border mail server)? When these guys took their server down, the amount of spam I was getting probably decreased too... Can you say "open relay"?
While people at work spend enormous amounts of time adding stuff to their spam filters, I came up with a solution that also dramatically reduces my spam. All I do is change e-mail addresses about once a year now. My second tip is to register your own domain name, as getting away from a major ISP domain name seems to be the second best way to get a large drop in the volume of spam. And my third tip is, if you have to have a public e-mail address on a web page, make it a temp address and change it about once a month...putting an image of the address on your web page so that you can be reasonably sure e-mail you get at this address came from an actual person.
If you do these three things, you will have almost zero spam.
Usurper_ii
Ron Paul
There are those of us who have been doing this for years. Instead of accepting spam, we reject it at SMTP time as if there was an error. Makes no difference...they send it anyway.
One spammer in particular had a server farm which kept hitting my MTA...so I added a special rule to delay his connection 20 minutes before issuing a rejection notice. It was funny to see 10 of his spamboxes sitting idle....but even funnier that his spamboxes adhered to RFC rules regarding timeouts. It has since stopped.
Virtually all spam email has fake headers, so presumably they would never even get a "your email bounced" message back.
The servers trying to reach you will fail to connect, timeout, wait, try again. They don't try once and then give up.
Standard configuration is for those peer servers to send a note back to the sender after 4 hours ("don't panic, I'll keep trying") and only give up after 5 days (sending another note). Some of the Microsoft servers I've seen are set to be all panicky way too quickly ("d00d, I couldn't reach them after 10 minutes!!!!11! i don't know what to do, here's your mail, it must be their fault,those l0s3rz.")
A two-day outage won't miss anything worth listening to.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
. . . and then optimize the amount of shut-down time required for spam levels to drop to zero!
and finally patent it. Cha ching - you will be adored by this crowd entering the hall of fame with Jeff Bezos (one click fame) and his peers.
This is just an idea, perhaps someone with more knowledge in this area can tell me whether it'd work.
Set the highest priority mail exchanger on a domain to something that doesn't resolve, or something with a firewalled port 25. Then add another mail exchanger (lower priority) to your proper mail exchanger.
As far as I'm aware, more spam systems are designed for speed, not reliability, and many of them seem to do MX lookups and deliver mail directly.. so wouldn't putting a bad exchanger as the highest priority kill a lot of the mail? Maybe not, but just another idea to throw out there.
Many other people have pointed out that this story is a bit odd, that spammers don't manage their lists, so for most people shutting down the server wouldn't produce the effect described in the article. However, even if this DID work, once people started using it, the spammers would adapt.
If people shut down mail servers for three days to get off of the list, the spammers will compensate by waiting four days before really taking you off the list. You can respond by leaving your email off for even longer, with the knowledge that this is, like spam itself, hurting you WAY more than it is hurting the spammer.
--This sig is in beta. Please let us know abut any errors you find.
I got about 65% reduction by turning off HTML in my email. Spammers include images about 4 pixels square that are loaded from their servers. That lets them know that the email address is active. If you turn off HTML, yout email client stops reporting to the spammers that it is active. Big reduction in 4 - 6 weeks.
--Alma
Am I to assume that Far is a city? Perhaps a country? It must be a location of -some- kind, otherwise why would someone "go to" Far? I must research this further.
shame on us / for all we have done / and all we ever were / just zeroes and ones
Ahhh, so thats why Microsoft forgot to renew the Hotmail domain! They were trying to reduce spam for their users. How nice!
indierock / punkrock band photos and more... http://www.digitaldefection.net
maybe it started using reverse dns lookups :)
It is now always true, I filed a suit against Avtech Direct and they are still spamming me.
Maybe when the sheriff comes into their offices and takes all their computers to auction -- to pay the $50,000 in judgments from all the lawsuits pending against them), they may stop.
Fight Spammers!
I don't know if you can do something like this in Qmail, Postfix, and the like, but in Sendmail I use a combination of giving diffrent entities different email addresses (spam1@, spam2@mydomain.com, etc.) and putting entries in the /etc/mail/access file to send 550 "user not found" smtp error messages to anyone attempting to send mail to that address.
Essentially I turn my MTA off for that email address. It's suprisingly effective. After a month or two, I can remove an entry from /etc/mail/access and recycle that email address.
And by posting this on slashdot, you've just decreased the chances of it working over the long-haul by 100%.
Spammers can easily adjust to this tactic by retrying seemingly "dead" addresses, only less frequently until it's "alive" again. They are even more likely to do so if it becomes a widely adopted practice.
This solution has no lasting value. Sorry.
No sig.
I was out of the country for about a year and wouldn't you know it, a problem with my DNS prevented me from logging into my personal server at home for about 6 months. This also prevented any e-mail from reaching my server for the same amount of time. As I was receiving SPAM in the neighbourhood of 50 to 60 messages a day, I counted it a blessing. When I returned, I fixed the problem, and was unpleasantly surprised to have SPAM arrive within 24 hours. When the word spread* that my e-mail address was valid again, I started receiving the same amount.
This may technique may work for some, but for those on the lists of persistant spammers it's not going to do much.
*don't ask me how
if(!toilet_paper) roll.replace(new roll);
I am the reader of our official department email address. We've been receiving spams at the rate of about 100 per day. I'm tired of sorting through that in the event that one potential student is in search of information about our department.
Now, I reject all emails with a polite message indicating the new address in a slightly obfusicated form. To date, I have had no problems and the true email queries are getting through and spammers don't (since they don't tend to read the email rejections [yet!]).
If I need to change the message again and point the true address to a different folder (we use the +foldername) to autodirect emails to a folder, I can do so easily.
Try that. It might be a better solution for you.
http://www.your-site.com
They keep a to/from record, and if the to/from record is not found, they add the record to the list and respond 'server busy, try later' to the sending mailer. Most (and there's the rub) legit mail servers will re-try the transmission later. The spambots only try once and give up. The to/from list is aged so old entries drop off eventually.
This has eliminated a huge percentage of the spam mail for us, we went from getting 100+/day to getting 3/week.
The downside is that time-critical messages get through at the mercy and schedule of the sender's retry interval. Stuff like "I forgot my account info, please send it to me" rarely gets through on the first try, although it's a simple matter to ask twice. Also, not all mailers do the retry thing, or they wait a looong time to do the retry (days).
It depends on how many first-time emails you get. If you are doing eBay selling and get 'question for seller' messages, they're going to be delayed, and that isn't a good thing if there is 10 minutes left in the auction. Several folks on the hosting service complained about that aspect and asked to opt-out as a result...
I use Spamgourmet for any site that requires an email address.
] @spam gourmet.com
When you register (it's free!) with spamgourmet they ask for a username, password, and forwarding email address. Then when you register on a site you specify a spamgourmet email address like so:
[unique_site_id].[max_email_count].[username
Then all your email gets sent to spamgourmet and they process it based on the rules you set up. If the number of emails you've recieved from unique_site_id is less than max_email_count then it will be forwarded to your real address.
You can change the max_email_count for any unique_site_id after the fact at spamgourmet.com plus get stats on all the addresses you've used. I think the service is perfect.
And best of all the source code is release under the Artistic License so you can use it on your own mail server!
Who am I to blow against the wind? -- Paul Simon
This article mentions how a particular mail server was shut down for a few days to be upgraded. It sort of makes me wonder if possibly some anti-spam measures were also put in place at the same time?
I know that when I began subscribing to a few blacklists, my spam dropped way off. Perhaps they added some sort of SpamAssassin config with automatic deletion? A similar config on my site (with filtering, but no automatic deletion) has cut my spam down so that I only 'see' one or two messages a day.
The author of the original artcle clearly isn't in a position to understand what was actually done to the server, so he is just assuming that an unreachable mail server for two days stopped most of his spam. I have to call shenanigans on this. I'd bet that the Exchange upgrade also included a number of other changes.
"Turn off your server. It worked for me."
Wow. I'm almost speachless. What about all those people that use webmail? What about the spammers that don't look for bounces? Or those that fake the from addresses?
I run a few domains that i have had for years. recently, i was too poor to afford a mailserver. these domains sat idle for aprox 9 months untill i could build a new machine for them.
the day i brought that machine online i recieved spam.
maybe thats covered by the 2.5% of spam that he has allowed for but seriously..
anyways thats my little anecdote for today
I'll just use my special getting high powers one more time...
I'm waiting...
- Kevin
The less confident you are, the more serious you have to act.
I use the Mail program that comes with Mac OS X which uses Bayesian filtering and user defined rules. In the last 26 hours it marked 304 messages as junk and no SPAM/viruses showed up in my inbox. A few weeks ago I started getting 'Rolex' SPAM - I added a rule to classify email with 'Rolex' in the subject as junk and I don't see them any more.
Surely there's some equally good client for whatever OS you use.
No electrons were harmed creating this post, though some may have been subjected to electrical and/or magnetic fields.
My university managed to fuck up and cancel my mail for about 3 months, when I got it back, I was still getting hammered by spam, though the rate had dropped off a bit(it picked back up again without me even doing anything). YMMV
Monstar L
I shut mine down for about 2 months. It clears up all the "legitimate" but annoying commercial e-mails that you missed in the fine print, but it doesn't stop the spam itself unfortunately. I guess he just had a lot of legitimate but annoying mailings. On the plus side, I guess it is safer than trying that "click here to remove yourself from our list"
greylisting is a fine idea, but like just about everything else, it's flawed.
There are still many really dumb mailservers out there, and mail clusters which send from various different IPs.
I run a system handling around 15k messages per day on average, with greylisting turned on (and the grey period set to 24 hours!) our support people got enough complaints by phone about really slow email responses (they hadn't got the question yet in most cases) I had to turn it off.
Spamassassin (at the SMTP level), clamav, razor, and a bunch of DNS checks have a near 0 false positive rate, and an acceptably good level of correctness. I get about 20 a day that weren't caught.
Of course it is nice (and easier?) to have an email app that allows you to bounce anything you want in your inbox. Apple Mail app users can do this. There are probably others I don't know of.
I have more than a few problems with this...
First, a 2 day outage for a mail server upgrade seems wrong. One of my clients has 10,000 and a mail server upgrade would take the core system out of server for maybe 4 hours in the dead of night, and incoming mail would be spooled at the internet gateway. Maybe there is some clue in "upgrade the Exchange mail server to the latest version". I have zero experience with Exchange.
Second, I find it hard to believe that a 2 day outage will cause an email address to disappear from the spam lists on files and cdroms. Again, maybe I don't understand enough.
Finally, is it just possible that as well as the server upgrade, spam filtering was installed?
Use pgp and sign there email.
thank God the internet isn't a human right.
Your post advocates a
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which vary from state to state.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires cooperation from too many of your friends and is counterintuitive
( ) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
(x) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
( ) Ideas similar to yours are easy to come up with, yet none have ever worked
( ) Other:
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
( ) Other:
and the following philosophical objections may also apply:
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures cannot involve wire fraud or credit card fraud
( ) Countermeasures cannot involve sabotage of public networks
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
(x) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
( ) Other:
Furthermore, this is what I think about you:
(x) Nice try, dude, but I don't think it will work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Come up with a white list of good addresses, and then reject all others. This way you loose a good amount of mail for the 2 days your shut down, but some important stuff would still get thru. Allow whitelist on border router or host firewall, deny everyone else.
Southeastern Virginia REPRESENT!
We discovered this works for your phone line too when dealing with sales calls. We did the cell phone thing for a while then had to get dialup (moved the the country) so we got the land line back. We were able to get the same number since it was only a few months. We noticed a huge decrease in the annoying sales calls as a result.
--Bill
I honestly don't get any spam on my main email account, my Gmail. Anything that does get forwarded to the Spam folder under Gmail I mark as not spam because it's usually a newsletter. My yahoo account however isn't so lucky. I check it sparingly now and it usually has many spam messages. Yet again, I've had that one for a much longer amount of time.
We have some scripts here that have been monitoring large amounts of mail sent to our servers that appear to be spam. We make this determination when 50 or more messages are sent from a certain domain and then generate 50 or more bounces and when we try to deliver the bounces, the remote server refuses our connection. These are not always spammers and we have to look through the file before we add it to badmailfrom but so far, none of our users have complained about us blocking mail from domains that are important to them. We also use MAPS and these are domains that still make it by MAPS lookup. I offer a copy of the 6,000+ domains that we have collected over the past year or so but want to warn anyone who wants to use it to look it over /search it first to make sure there are not any domains on it that you don't really want to block.
You can find it here:
http://www.freewebs.com/plesk/
Thank you. I'll pass your suggestion to Hotmail.
No no no. DO NOT bounce mail that doesn't pass though spam filter after you accepted it for delivery. You are only spamming someone else.
What you need to do is to reject the email BEFORE you accept it in the queue. That is, after DATA is complete, scan the email and if it fails the test, then reject it at the MTA level. If you accept the email in MTA (ie. after DATA is complete), then DO NOT bounce it because the headers do not have the real FROM: anyway (in case of spam)
Also, if you are bouncing mail after DATA, then your servers will try connecting to some other MTA raising your load. Bad idea.
...Doesn't have a secondary MX declared, or what?
Not a very robust setup...
Who did what now?
It won't work: I deleted my old email address years ago and I still get emails to it.
I don't use Emacs; it uses me.
I have thought of this, but can't live w/o my home email server for that long. Still, I have Spamassasin catching almost all spam, but to give it a hard bounce would eliminate. Wonder if SA 3.0 has some sort of setting for that.
Hmmm...maybe over the weekend I'll just shutdown postfix...
CB
free ipod and free gmail!
When you shut down your inbox, the mail server returns to the spammer that the address was not found. So, this only works with spammers that look for bouncebacks. Well, that's fine, that probably does work for a good number of spammers. If this is the approach you wish to take, why not configure your server to create bounce backs for people outside of your white list or whatever? Seems like it would be a solution without losing potentially important emails.
"Bounces" do nothing to curb spam. Mailwasher used to work by sending fake bounces, but now even legitimate e-mailers don't seem to take you off their list when they get bounces. It's not worth the trouble. One of two things happened here. First and most likely, they put some good filtering on the server when they upgraded. It's likely that it's even the reason why they upgraded. Another possibility is that the software the spammers use may be sophisticated enough to remove addresses from domains without active mailservers, in order to speed up the process (fewer timeouts). Because the bounces don't slow them down at all- they never even see them. But timeouts, that slows them down.
666-607: 6th floor apartment of the beast
I use www.mxlogic.com to deny all medium-high risk spam completely. It intercepts it before it even hits my mail server. I like it.
We are one consciousness experiencing itself subjectively. Back to you with the weather, Bob!
While a lot of sites promise to keep your e-mail private, most also say that they wil share that information freely with their affiliates. And this, my friends, is the lethal catch.
Some companies can have as many as several thousand affiliates, each with their own privacy policies that may or may not promise the same levels of privacy protection. Since the initial policy rarely, if ever, mentions all of these affiliates by name, it's virtually impossibility to know what's happening with your address once you hand it over.
About the only way to be absolutely sure that an e-commerce site is not going to sell your info down the road is to create an individual account for each and every transaction and delete it when your goods arrive (and who wants to do that?).
I'm not tense. I'm just terribly, terribly, alert.
I always wondered if this would work! The truth is, I just assumed that spam/spammers wouldn't look at replies or even the returned mail from daemons. Why would they care? It seems more like a spam-and-run op to me, but if the shoe fits... (and you know what happens when you make an assumption! you make an ass outta you, and Umption!)
========
77 77 77 2e 6d 65 6c 76 69 6e 73 2e 63 6f 6d
The article says that the server was shutdown to install new software. He doesn't say he did it, or that he knows what software was installed...
What do you want to bet that they also installed some sort of spam blocking software during the upgrade?
"DENIAL"-How an optimist keeps from becoming a pessimist- \ \
Postgrey's got a nifty approach of refusing the mail the first time you see it. It returns a "try again later" message when the sender and subject come in and stores that info in a database. Most spam engines seem not to try again later. It does tend to make your mail a couple hours late, though, which might not work for you in some settings. Most of the spams that get through now are "Legitimate" (IE: Marked with ADV) and the occasional 419 scam where the guy went through Hotmail or somewhere. Combined with a low-key filter, I suspect I'd see no spam at all and store a very small amount.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Spammy goodness!!! I love using it to train TBird to filter out and watch those numbers of unread messages in my Junk folder climb like Tenzig Norgay...
To stop spam we need to find that 0.001 % of people who freaking respond and make it profitable...
Who the hell are these people and why have they not been rounded up and sent to ROOM 101 ?!!?
I ask you WHY!!!???
oh the humainty...
we left for a one week family visit trip. the day after we left, my server crashed (turned out to be a bad ram chip). our email server was down for a whole week!
while we were there on the trip, we kept laughing about how it would drive down our spam for a while.
Eventually, I got home, got the server running again. and you know what? the spam started coming IMMEDIATELY, traffic was right back at the exact same pre-crash levels, the very instant the server was back up.
Our ISP has set up a slightly more elegant way to fliter out lots and lots of spam. They call it DoubleVerify.
From the FAQ (http://www.olympus.net/doubleVerifyNL):
DoubleVerify gets two chances to automatically identify mail. When mail arrives at our mail server the first time our server requests the sending mail server to send it a second time. Spammers rarely comply. Legitimate mail servers typically resend the mail about fifteen minutes later. Once OlympusNet receives mail the second time, it immediately delivers that mail and continues to immediately deliver mail from that sender. The DoubleVerify process works invisibly and is handled automatically by the mail servers.
You can whitelist entire domains (like your company, for example), too. It's worked pretty well for us.
As far as I am concerned, the fight against spam is over and the good guys have won. SA+Clam are just too good.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
In the middle of October I deleted from my mail server a user who received a ton of spam (approaching 100%). I went back and grepped my logs for that user. Each file is a week, higher numbers going backwards a week.
syslog: 0
syslog.0: 9
syslog.1: 17
syslog.2: 18
syslog.3: 9
syslog.4: 22
syslog.5: 16
syslog.6: 28
syslog.7: 1819
Nothing else on the server has changed other than the deletion of this user. Mail addressed to this user but rejected for nonexistence would still be logged. I would think the same things others have said about spammers not checking bounces, and I don't know that I 100% accept the explanation offered, but... could be possible?
this might be a valid solution for those people who run their own POP servers, but for the majority of us its not an option...
:)
since we're being creative here, let me share with you how i keep my inbox spam to a minimum..
i own a domain which i like to use for email. i have *@mydomain.com forward to my user@isp.com email address. so any combination of letters sent @mydomain.com is forwarded to my real address.
this allows me to create Pseudo-Identities (TM) for different sites - for instance, amazon@mydomain.com and slashdot@mydomain.com. if i find that ive started receiving spam destined to amazon@mydomain.com, i simply nullroute that email forward, and voila, no spam.
its also a good thing my isp has their own spamfilter, as does my domain service, as does my email client.
for the cynics: i receive less than 10 pieces of spam in a week.
easier done than said..
smattawichu
> ...the grey period set to 24 hours!
That is a ridiculously long delay. I'd dump an ISP that delayed my mailing-lists for a full day.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Spam lists are so massive they cost a lot to actually send. Any reductions in wasted sends can save in cost. Therefore spammers generally remove hard-bounced emails from their lists.
There is a piece of software called mailwasher which does this with a bit of stuffing around. I'd love to see an open source project which combines this with thunderbird spam filtering (ie. bounce anything on the 'delete' list, filter into folder the rest of the suspects for you to pick & bounce at will).
Is there anything like this out there?
I did this by accident.
I was upgrading my linux box from Mandrake 9.0 to 10.0, I had other things that I needed to get running before Sendmail so it was not running for 3 or 4 days. After I turned Sendmail back on my spam volume was much lower.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
So far Ive had my setup email address (based on our account name) and I created one just for me. My email address is in the format blahblah_nospam@mindspring.com - Note: There actually is _nospam in my email address.
;)
Account based email box ~ 25 spams/week over the past year.
My email account : 0!
Reasoning : spammers do s/nospam//ig; on their email addresses.
I really feel for that blahblah_@mindspring.com - They're getting my spam
(For the pedantic yes I know mindspring whitelists - mindspring.com is used as an example)
-B
This is a great idea.
Is there any way we can shut down Earthlink for 2 days? :-)
The article states "Hence the mail server was shut down for approximately 2 days/48 hours (4th Dec evening to 5th Dec noon)." -- 4th Dec evening to 5th Dec noon would be less than 24 hours. He says it's 48 hours, the equivalent of 2 days. Before giving the world bad anti-spam advice, perhaps he should at least learn to tell and measure time better.
24 hours in the Grey does seem like an awfully long time.
/24s instead of IP addresses).
I've got my servers set to 2 minutes and it seems to work just as well as longer periods.
In most cases, the MTA tries within 30 minutes, and the triplet (sending domain, receiving domain, netblock of the sending MTA) is saved, so the next email matching the triplet will go through instantly.
90% of the connections attempts I see look like they are from zombies. Regarless of the period you greylist for, zombies seem utterly confused by the fact you tell them to try again, so I'm pretty sure you'd get good results with the shortest period your software can handle.
Btw, I use 'gld' which covers most of the shortcomings you mentions.
It comes with a whitelist of servers known to be broken (ebay, amazon, and stuff like that), and is able to work based on fuzzy stuff (domain names and
The first time someone connects to send mail, you issue a 4xx error message. If they reconnection in the next 5 minutes, you issue another 4xx error message.
If they connect a second time after 5 minutes, then you take the mail. I bet that fixes 90% of the spam from hijacked machine.
Linux O Muerte!
I don't mask my email addresses, or use any other filtering technique other than a select few RBLs that eliminate 90+% of the spam that comes to any of the three domains I'm hosting.
;)
No extra work/software necessary
JoloK
24 hours is a realllly long greylist time. I think we have ours set to something like one minute. All you really need to do is separate out the servers that will re-queue and try again from those that won't (spam engines).
You're right - it's not perfect. But greylisting is the first practical system I've seen that starts to shift the 'cost' of spamming onto the senders, by forcing them to re-queue the mail and re-attempt delivery.
I saw a notable decrease in Spam after my server was shut down for a total of 3 weeks during the hurricanes this year. Down from about 40% of all mail being spam to 20%. It hasn't increased by much again, either.
:-)
Whether or not it's because of hurricanes or the internet at large is getting better at blocking junk before I even see it is open to debate. I'm not in the habit of shutting down my mail server unless I'm forced too
So, it's a little extreme but it does work. Bear in mind shutting down your server also creates a major headache with mailing lists. Greylisting might be a better option but I don't recommend this for large sites. YMMV.
but once the trend takes off, spammers will just start recycling emails addresses every 3-4 days to make sure....
it's the whole mouse/mousetrap issue...
Personally, I like the Artists 419 approach (http://www.aa419.org/)
Bleed them of their bandwidth and make them pay - Not sure if this actually hurts them that much but if it does, then it would be most gratifying to know that we used the same technology they used on us against them.
l8r
D
...and in the end ineffective. *IF* this is even working as the author suspects at all, it won't take long for the vermin spammers to figure it out and adjust accordingly. I've said it before and I'll asy it again, get yourself a decent spam filter! The Barracuda Spam Firewall is a great commercial product and the ASSP open source product is just as good if you're willing to invest some time getting it going. I think this approach sounds more like hiding behind the door saying "nobody home, go away".
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
I've found that 90% of spam can be gotten rid of by their use alone. When an email is recieved for the first time it is put onto a grey list and a request for it to be resent is made. Most spam software is of the fire and forget type so don't resend when requested.
I believe that you will find that turning off your email server to stop spam has been patented as the intellectual knowledge of Microsoft. You are in violation of that patent if you turn your server off for that reason. It is my understanding that they have hired RIAA to go after the low life criminals who are stealing this precious intellectual knowledge and prosecute them to the fullest extent of the law.
How long until the spammers simply queue undeliverable email, and try again after a few minutes? I'm suprised they all haven't yet.
Just don't delete spam. Sooner or later, your mailbox will fill up. After a couple days of mail bounceing, many spammers give up. They may even remove you from mailing lists. It's not like its your server getting filled up.
During that time, all the mails sent to my mail account were of course bouncing.
Of course they were NOT. During that time, emails sent to your account were being held at the sending server, or, in the case of spammers who aren't using open relays, there was a timeout during the connection to port 25 on your server. Neither results in a bounce. Most intelligent email systems are set up with a 5 day queue.
In other words, it will take 5 days for bounces to start being sent. That's for real email. For the spam, the bounces will be sent to fake addresses and the spammers will never see them.
I've had systems in place on many of my accounts for YEARS that bounce (reject with "unknown user" errors) spam and the same spammers keep sending the same shit over and over again. I've waatched the mail logs on my domain's servers where 99% of the incoming email is undeliverable spam (it ALL bounces) and the same spammers keep sending the same shit over and over again. Spammers simply either DO NOT CARE if they get a bounce, or do not see the bounces anyway.
There must be a different explanation for the reduction in spam. A new spam filter on the server, for example. Spammers seeing bounces and stopping is patently ridiculous.
This is a bad idea. First point that someone most likely has already pointed out, email from legit MTAs will be queued by default for as much as 5 days before it is bounced back to the sender. Spammers don't use legit MTA's very often, they use primarly zombie systems from unspecting newbies running unsecured systems.
:)
Turning off your server for some period of time will eliminate a large amount of spam for that time period. As soon as you turn the system back on the spam will start up again since the lists the spammers use will be the same. They do not look at rejects or any other kind of error codes. They just spew messages as fast as they can.
So do you want a set of tools that will eliminate 95% or better of the spam?
Then implement greylisting on your server. Seriously, greylisting will reject the vast bulk of the zombie spam being circulated. Then implement spamassassin to tag the few that do get through. Once you have bayes trained and have added few additional rule sets virtually no spam will get through to your users.
Implementing real solutions should be the priority. Most likely the reason the poster saw such a dramatic drop was that he forgot to re-enable his MTA software.
Forward all spam received as-is to spam@uce.gov and to uce@ftc.gov. Although I don't know what they do with it once received, these are the FTC's official spam-reporting email addresses. Theoretically they'll go after the guys who are spamming you sooner or later, but I still get spam from the same losers who were sending it to me six months ago, so we'll see.
Well this won't work in the business world. If I shut this mail server down even to reboot during the day the phone and pagers go crazy. Other problem with your idea is a lot of these spammers just will not go away. yourbigvote.com is still trying to send mail to accounts that have been dead for over 4 years!!! Still they send them and yes still the server just bounces them back. Blacklisting IPs and filters are the only thing that really works. Personally I like to reject thier mail and make it bounce back this does send some traffic back to them they have to deal with.
I use Popfile and have had little problems with spam. It also gives me the added benefit of binning my mail
100% downtime on my mailserver = 100% decrease in spam ;-)
Mommy. What's a karma whore?
It's topics like this that make me wonder just how many /.ers are spammers, too.
Many spam emails have forged 'from' addresses and/or envelope senders, so if you bounce the email, the bounce may end up at some unsuspecting person's email. This only adds to the problem.
I know this will only work if we work coordinated (something like turning the switch off to encourage electricity companies to get down prices), and only to get rid of the really big spammers (not being able to pay for infraestructure because there's no going to be any sales during the blackout).
Carlos Niebla
If they updated to exchange 2003, they likely turned on the RBL feature that is included, thus explaining your drop in spam. Ask the sys admins.
Don't Tread on Me
The parent post should be modded up as informative.
/var partition as the poor little machine tried to keep up with temporary spike in mail traffic. Ironically, I ended up temporarily disabling Spamassassin to ease the load on the machine's CPU.
To add my own two cents, I used to run an email setup from my old home Linux box (using Courier for IMAP and qmail for SMTP), which I eventually began to ignore as I moved on to using email accounts from other providers. At some point, the qmail server went down and stayed that way for at least three days before I noticed. When I restarted the qmail server, the incoming email backlog (almost all spam) was so large that it overwhelmed my Linux box, sucking up the tiny amount of installed RAM (32MB) and filling up my tiny
Granted, I am not a mail administrator and never should have been running an SMTP server, especially on an underpowered server -- and there was probably any number of things I could have done to keep the machine running smoothly had I known better -- but the point is that temporarily shutting down your mail server will not reduce the overall amount of mail you receive, and in fact it may temporarily increase many times over the amount of mail that you receive in a short period of time. As the parent poster said, spammers generally use zombie MTAs or forged reply-to addresses, so bounces are ignored, and most legitimate SMTP servers will attempt to resend undeliverable messages for nearly a week.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Been using it for 3 months now, but yesterday I deleted all of my messages (after forwarding them to my personal address) and I'm not planning on using it anymore. Though I really like it's interface, and some really nice features (1GB for example ;-), I didn't like what I've read on google-watch.org.
Not saying anyone else shouldn't use it, but at the least know what your doing when you're using Gmail!
I will no doubt be modded down by the Google fanbase, but don't say I didn't warn you
XoloX / Peter Odding
You'll never ever get to zero...my gmail account just started getting hit, and that addr has never been used on the web or given out to anybody (used to send mail to about ten recipients total).
Shutdown your server for 1/0f seconds. No spam ever.
This guy has no clue what's going on. His knee jerk reaction is that it must have been because they shut the system off.
Never, not once, did he consider the fact that his admins *upgraded* the exchange server. The probably went from 5.5/2000 to 2003.
By no means am I an M$ guru, but I know for a fact that 2003 comes with a large amount of internal things to help control and minimize spam.
In fact, anyone upgrading to 2003 sees drammatically better spam controls.
Someone revoke this guys geek license, as he just failed the critical thinking test.
97.5%? How did the other 2.5% get through with your mail server turned off? Yeah I know... I got nothing.
TruePunk | Games
"Hence the mail server was shut down for approximately 2 days/48 hours (4th Dec evening to 5th Dec noon). "
Hrm.... 12/04/04 evening to 12/05/04 noon. And that was "2 days/48 hours" on WHAT planet?
--Insert catchy
Al Czervik: You're a lot of woman, you know that? You wanna make 14 dollars the hard way?
my car started running poorly a few months ago - so I took it into the shop. when I came back to get my car - they charged me $400. it runs great now. not driving my car for two days fixed it! now I'm going to try not driving it for 3 days to see if it fixes the rips in my upholstry. Also - did anyone else hear that you can reformat your 120GB drive to 260GB with no ill effects? I read that on slashdot a while ago!
People are being really harsh about this guy's idea, especially in his own comments section (often by people stating they've come over from /.) -- wouldn't it be better if this energy spent discussing the viability went towards some experiments to determine the validity? I mean, come on -- you can SAY it won't/shouldn't/can't work all you want, but all this guy is saying is that it DID work for him. I'll take actual over theoretical every day of the week.
So don't say it won't work, and don't say it will -- just try it, and tell us what happens.
A modified version of the mail server software
keeps a database of people who email you. When
it receives a mail from someone new to you instead
of accepting the email it returns 'call again
later'. If it's a spammer with an smtp bot
and not a real email server they will not try
to send the mail again later. If it's a real
message on a real server it will retry again in
a few minutes. Kills most of the spam at the
expense of delaying the first email message
you receive from a new sender.
-- Programming with boost is like building a house with lego. It's a cool but I wouldn't want to live in it
The problem here is that spamming is easily modeled by game theory, and the spammers have a dominant strategy.
Your move: optimize how long you need to shut down your e-mail in order to minimize spam. Their move: check one day longer than your precaution allows for.
They can keep pushing it back until it is no longer useful for you to even have e-mail in the first place (i.e., you have more downtime than uptime), and either you end up not using e-mail at all or you end up receiving lots of spam.
In other news, shutting off the mail server forever will reduce spam by %100! No false positives at all!
:P
Not having sex will prevent unwanted pregnancies too!
I'd file this submission under the "no-shit-sherlock-dept"
This is quite possibly the most useless thing I've ever seen here - I can't wait for the dup.
greylisting is a fine idea, but like just about everything else, it's flawed. There are still many really dumb mailservers out there, and mail clusters which send from various different IPs.
Get a different flavor of greylisting that is more flexible then. For example, the DCC greylisting implementation has various "weak" modes of operation that are less strict with respect to remote SMTP server IP address, from and to: addresses, body checksums, and so on.
We've continue to try this at my workplace weekly, only to find that the spam continues, and the users are not happy. Go figure.
--"It's Bradford Company, slash your last name, dot your first name"
Seriously, I recommend the following combo, which I have fallen in love with:
http://www.xwall.us/
http://www.esatinformer.com/
Most likely the host added or upgraded a spam filter. Mail servers keep re-sending for more than 48 hours, so it makes sense that something else was done.
If a million monkeys randomly pounded on keyboards, they would all log into AOL.
It gets worse -- they may do it without knowing. Their computers might have spyware infections! I remember e-mailing a temp agency about some work, and went from no spam at all to a trickle that turned into a rush. Really high-quality temp agency, huh. (The spam went away after these bungholes got arrested, though. Lucky me!)
"Once we've identified and embraced our sickness, we'll have strength...and that's when we get dangerous." - John Waters
I think the two-day shutdown solution is extremely optimistic. About half of all spam is sent from zombie PCs now, and the zombie controllers use a fake return address on them.
I was getting 2,000 bounced emails per day from zombie PCs controlled by some spammer who used my domain for the forged return address. The user name was some fake first name or some random characters, followed by my domain name. These came in from all over the world -- Europe, China, Vietnam.
I stopped accepting mail on that domain. But I couldn't disable sendmail because other domains on that server used it; all I could do is reject it using sendmail. Then if a particular IP got too heavy, the monitor program I wrote put in a route block on that Class C so I wouldn't have to see it again.
The level of 2,000 per day remained steady since it started in August. The zombies, you must understand, are not really impressed by such measures. Without the route block, the 2,000 number would have been significantly higher over time.
Then I even had one dude who telephoned me to say that he turned me into the FCC for sending out spam from an email address that was non-functional!
At one point I had the MX records deleted from my nameservers, but that didn't help because the zombie-ware was using the A record.
My solution was to take the domain off of my server entirely. I collapsed the content on that domain into new section on a related domain, and then parked the zombied domain on GoDaddy, and had GoDaddy forward it to my related domain.
End of story. End of domain. Now GoDaddy gets to reject the zombies. A two-day shutdown would have meant absolutely nothing in this case.
I just setup a catchall account on my domain and use whereIampostingmyemail@mydomain.com for every email address I give out. Not only does that identify WHO is sending me spam (shadyecomstore.com@mydomain.com) so I can track back and yell at them, but it allows me to create a rule to block addresses if they get to be too spammed over. This seems to work pretty well along with Baysean filtering and a few rules I have setup.
-Those who know do not say, Those who say do not know
I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero
No need for models and simulations... the answer is 'shut-down time' = Infinity
I disagree. I had an alias email from my old Virginia Tech email address (no I won't post it here!). I got way too much spam so I turned it off (causing an undeliverable message to be sent). Well over a year later I reactivated it and the spam continued to flood in. I don't know why bringing down a mail server for only two days would provide any significant reduction in spam. If the spammers all collaborated to ensure that their lists were all clean THEN it may work but we know this not to be the case. I've read that 99% of emails sent are SPAM (most resulting in undeliverable messages sent back from the mail server). I don't think its really that high but when a large % of emails being sent are not even delivered then shutting down a mail server for two days will only aggravate your friends.
Let Gmail do your spam filtering for you.
Candygram for Mongo!
I've been doing this with kmail. My spam has decreased. It has the bounce option in it. Another plus on it is it doesn't load html files unless I read the code first. Helpful for all those phishing scams. I use kmail as my main email reader.
Danger Will Robinson! You are now entering a condescending Unix user zone!
Yes, it's annoying to find out someone has done it better than you, before you. But that's one of the hazards of the modern age. It's called GreyListing (Or Graylisting if you like the american spelling). It takes advantage of the fact that spam programs generally have very primitive SMTP implementations and when they receive a 'temporarily unavailable - try again later' message, they will just consider the message undeliverable. Greylisting works by keeping a database of destination email address/sending IP address, and the first time a given combination of the two is seen, it is given a 'come back later' message for ten minutes or whatever. It works pretty well. But I wouldn't use it as my only line of defense against spam.
For a detailed explanation why the author of this article is wrong: http://tinyurl.com/6houy
Adds to the problem? If spam gets bounced then spammers will slowly get the word out and you're off their list. Yeah some people will get bombed, like I have when people bounce it and I'm the lucky one to get it. But it's worth the hassle every once and a great while. Better than getting it from spammers all the time Right ?
Danger Will Robinson! You are now entering a condescending Unix user zone!
My first e-mail address was at the University where I worked. When I left the University, my e-mail account was deactivated. I worked outside of the University for two years. When I came back, I set up a new account, and decided to use the old account name I'd had before.
The first time I logged in to check my e-mail on the reactivated account, just four hours later, I had two spam messages in it; apparently the spammers had been sending mail to it anyway. Last time I checked, I had something like 1200 messages in that account, all spam. I don't even bother with it anymore.
-- The reason it's called the right wing? Irony.
I use assp (http://assp.sourceforge.net/) tweaked into a whitelist only mode, though I'm sure other mail proxies can be configured similarly. A nice feature of assp is that it automatically whitelists the recipent of oubound mail so replies from them aren't rejected.
Any message that does not match one of my whitelist criteria is not accepted. The 500 error response contains a URL, so any real people trying to email me will receive a message that will direct them to a web page containing instructions on how to get mail though to me. Anyone too stupid to follow those instructions is probably not someone I want to receive email from anyway. ;)
I now receive less than 1 spam per month (down from about 50 or more per day), and that's only when they happen to match one of my whitelisted keywords by accident.
A hard core solution perhaps, and one not suitable for everyone. However, for my home mail server it's ideal.
Our university implemented Greylisting. It works so good, I only get spam coming from legitimate mailers. And I'm once again enjoying the 1 to 2 I get per *week*.
The point I would like to mention though is that spammers sell address lists, particularly to new spammers, and they merge their existing address lists with newly purchased lists. That means that old email addresses are continually re-targeted by new spammers.
Keep "the sales process" going over a week, and for the sake of 5 minutes per month of your time, masquerading as a juicy deal will waste 15 minutes of thier time. If everyone does this, it's like an DOS attack on their brain. They end up having all their time wasted by people who look like customers but aren't.
Obviously use a disposable email address for this. If we all do this, it completely changes the economics of the spam equation. The trick is not to start talking too big too soon, otherwise they realise you're not bona fide.
Best of all, it's fun.
If your threshold is set that low, you've gotta be rejecting on the order of 10,000 messages per day, at least, to be having 100 spams hit your inbox.
Seriously, check your configuration. You might be able to get some relief yet!
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
The program should recognize which server it came from("received" in full headers), and blackhole that server because it's obviously an open relay, at the very least.
On a related note, I find it amazing that various antivirus/antispam vendors are still using the "From" line to report abuses. Do viruses or spam ever come from real email addresses? Not usually. I'm pretty much the victim of a "joe-job" on a regular basis because of this.
From the SysAdmin-for-Lusers-department.
/sbin/shutdown -h now
Why stop at spam prevention? You can (temporarily) stop ALL attacks on your servers by issuing the following command (as root):
Amazing.
Cheers
Stor
"Yeah well there's a lot of stuff that should be, but isn't"
Once enough people try doing this, it wouldn't work anymore. The only reason it might work today is if spammers are assuming an address that is dead for a few days is dead forever and not worth keeping on the mailing list. Once they know that's not true anymore, they'll stop purging dead addresss from their lists that quickly.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
I work for a group that has purchased a commercial anti-spam solution for our 17,000 users. The support folks have put out a whitepaper (which I can't find right now, but you need a support login anyway) with some tips.
Basically, one of their sugestions was to put a dummy MX record in your DNS. This is a record that doesn't point to an active host or point to a host that is not accepting mail. Most spammers don't worry about which emails were accepted and they certainly don't bother with the overhead of going out to DNS to find the next MX record for a host. This means all the bot-nets try to spam your server, fail, and go away.
They apparently saw a 90% decrease in spam coming in by doing this and I can't see them lying since we already bought their stuff. :) The downside is that this may delay your incoming mail depending on the settings of the sending MTA.
I have run an email server since 1996 and I have got to say this is the silliest idea I have ever heard of...and guess what? It doesn't work! Oh my! I have had a mail server crash and be down for 3-4 days once, and it didn't have ANY effect on the spam that came in. It just picked up where it left off.
Just for the record, address munging and fake addresses are not the answer. Reporting spam is.
Help us build a better map!
All technical considerations aside (3 day retry periods, no central spam DB etc.........) let's just read up on Exchange 2003 marketing literature (not that we should normally trust Microsoft marketing literature, but it suffices that they cannot outright lie about it). They claim to have all sort of *new* spam block features. Perhaps the author may have considered the hypothesis that his IT dept made the switch with these features in mind. At the very least it would be nice if he did a little due diligence (or if he did do some, that he would note that fact) to rule out simpler explanations? Why on earth would spammer's care about keeping lists clean anyway? It's not like they all of a sudden grew a conscience?
Didn't that Occum guy have something to say about crazy theories like this author's rant?
In mimedefang:
You wouldn't believe how much stuff gets outright rejected just by checking the helo, greet_pause, and spamhaus. Spamassassin gets the rest.
I really don't know how I managed to run sendmail without mimedefang before.
LMAO!!
-1 Uncomfortable Truth
In the last month or so I've started getting spam in my gmail account. While their filters are pretty good, it would be nice if there was a mechanism by which everything that went into the Spam directory has a spoofed "address not found" message sent out. If the filters happened to catch a legit email, then I could let that individual know that I got their message.
Waltz, nymph, for quick jigs vex Bud.
You are generating collateral spam. The sender address (From: and/or Sender: headers, "MAIL FROM:" envelope) are always forged in the case of spam -- "bouncing" a message is just adding to the problem.
Much better to reject at SMTP time, using a 4xx/5xx SMTP response. For details, see the
Spam Filtering for Mail Exchangers HOWTO.
Brain is my second favorite organ.
I use postgrey with postfix, and it seems to work pretty good. By the way, I also run clamav and spamassassin, both of which are handled by amavis-new, which also rejects mail with errant windows attachments. You can read an extensive description of my setup here.
Need a Linux consultant in New Orleans?
Really? I use the internet all the time and I never get spam ever. I don't actually know why!
A much more feasible option is to use the Ironport appliance to replace your public MX. Ironport does DNS lookups for each inbound connection to get a reputation score for the connecting IP from senderbase.org. Senderbase monitors nearly 30% of the world's e-mail and gives each IP address sending mail a reputation score. If the score is too low (you can select how sensitive you want to be) then the Ironport never even sends back an ACK to the connecting SMTP client, making it look like you arent even there while still allowing reputable servers to send mail your way.
I really don't see what the big deal is when it comes to spam.
I care only about spam because of:
-the traffic it generates
-the crap it causes at work on our corporate mail servers
For my personal e-mail, I've used yahoo for years. I get around 60 spams per day. Perhaps bulk-mail doesn't catch one or two of them. It's really not a big deal.
I don't know why anybody would run their own mail server for personal email . Get over yourselves folks, and let somebody else do it for you. It's -been done-, know what I mean?
me plagued by spam mail long time!
"Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
That method may get you marked as a spammer yourself (think high quantities of unwanted email == you getting reported).
/dev/null.
Plus the fact that you may end up holding bounced-spams in your queue for 3-4 days until it expires, and greatly increasing the load on your mail-server. The trick is to bounce before the SMTP transaction is over. If you determine it's spam/bad after the SMTP transaction is over, just drop the email. File to
And as said before, this also just ends up doing what is basically a reverse joe-job. If the sender address is a real email address, you end up filling up their box with all the bounces. This is not kind either.
I have a personal domain that I give out to friends. Then I have a domain I use for e-mail for everyone other than friends and assign everyone a different e-mail address.
For example: microsoft@mydomainz.com for Microsoft. If Microsoft sends my info to a spammer, I can easily shut down the microsoft@mydomainz.com with a simple filter..
I noticed that a lot of spam came through from domain registration.. register1@mydomainz.com.. Now banned. register2.. Now banned. I think I'm on 3 right now.. Those spammers never learn.
The end result is my spam level, although not zero, is so dramatically reduced that its very manageable.. Most of it gets deleted as I see the headers, so it never actually gets read.
I do that, but I use spamex.com to do it. U get tons of disposeable email addresses. I have my own domains, but spamex's interface just makes it easier. I also hosted my own domain there so that I could have my own domain name but still use spamex's interface. I've been doing this for years and it's amazing, I have NO spam at home (my main, private email addy that only family has). If I get spam, I turn off the email addy it was sent to. Viola.
Bill Moran from Potential Tech gave a lecture on stopping spam at the Ohio Linux Fest. He used a method called greylisting and it resulted in getting rid of 99% of unwanted e-mails. The idea behind it is that you send a message telling them that the server is busy. So it temporarily blacklists everyone.
If it is a real person they will send another message later. But spammers and spam-bots will just move on.
His page. His lecture (PDF)
/^([Ss]ame [Bb]at (time, |channel.)){2}$/
I disabled my main email account for 3 months Jan '04 to April '04 because I was getting 20+ spam emails a day. I continued to get the emails even after that shut down period... so this obviously did not work for me. Now I just use a spam filter.
You gotta be kidding. First of all, if it gets "bounced" back to some non-existent e-mail address, spammers don't get no word 'bout nothin'. Second even if it gets bounced back to spammers, they don't care. Many (most) of them are getting email lists from some spam-address distributor, so they don't see themselves as custodians of the list; they just blast away like drunks with diarrhea.
How do I know this? I've owned my domain since 1996, and I've been administrating the email since 1998. I get spam nearly every single day for beth@ahab.com (no point in cloaking it, really), and it has NEVER been a valid address. It often bounces back to the postmaster (me) after not bouncing back to their forged yahoo address and after NOT getting the word out to a single baby-eating spammer (you do know they eat babies, right?), and I see it when I bother scanning my postmaster folder for anything interesting.
Sure, it's worth my hassle if it bounces back to them, but it's probably not worth it to the poor sucker whose yahoo address they forged.
Get a clue: SPAMMERS DON'T CARE. You're kinda hoping that the guy who lets his dog shit on the sidewalk in front of your house is going to be annoyed by the smell.
Expanding a vast wasteland since 1996.
A few years back, my univ. uses spamgard to "filter" junk mail. Before having it turned on, I was getting about 5 spam per day. After turning it on with the default messages and such and leaving it for about a few months netted me with more than 20 hits per day (none of them get through, of course, because none of them were smart enough to reply). Unfortunately, due to limited space on my Unix account, the log file started to fill up. I decided to model my outgoing letter (the one that gets sent if the email isn't accepted yet) to look similar to a bounce email. Let that simmer for a few months resulted in 0 hits now.
It was a good thing that I did this. Within a year, they replaced it with spamassassin, and I haven't figured out how to work it to act similar to spamgard.
Now, I'm very tempted to do the same thing to my Hotmail account...
Could it be that your IT guys used the 48hrs of downtime to install SpamAssassin ? ;-)
Because I doubt any spammer ever used a real reply-to Address and even considered to parse the bounces to clean up their databases.
RedShirt
Microsft spel chekar vor sail, worgs grate !!!
catch all your mail, but send back a server error anyhow...
kinda like those phones that beep like the line is down to keep away telemarketers
even in this better form, it's still a stupid idea cuz it will confuse senders of legit mail
-judging another only defines yourself
So far, it's nearly impermiable, and hasn't filtered a legitimate email yet....
The universe is made of atoms and empty space. All else is speculation. --Democritus of Abdera, 435 BC
Mailwasher Pro supposedly simulates bounced email to fool spammers for people who don't have so much control over their own mail server. I use an older version and it seems to have decreased the junk mail. But I think my most effective anti-spam measure is just keeping the email addresses off of webpages.
...yet 1% (give or take 2%) of attackers managed to attack you.
Through an unplugged router.
*starts making his house into a Faraday cage*
'If you're flammable and have legs, you are never blocking a fire exit.'
First of all, hence the name "codeconfused". This alone should say it all :)) Second great line "blast away like drunks with diarrhea" You must be under the influence that I'm running the mail server. The account I bounce is a yahoo email and all the email I bounce comes from so called legit places. example:staples.com etc.... I never bounce some poor yahoo/aol/hotmail memember. I have had that happen to me at my yahoo addy. If I can't be sure that the email gets back to the real source....then It just gets dumped. Bouncing emails from sites I visit once and then get flooded with specials they're having, I say bounce um and let them think the email addy is dead. Now if sites get bounced, they will give up because it will just clog there system. So bouncing works in the right situations. BTW I keep a yahoo email just for places like AIM who will also sell the email address. And yes I know they eat babies.....I have prove of it !!!!
Danger Will Robinson! You are now entering a condescending Unix user zone!
A few hundred random people received
"The message you sent X was undeliverable"
spam instead.
Maybe it'll teach them to publish SPF Records.
(and no, I don't know what the guy with thick glasses and the powerbook has to do with SPF)
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Unfortunately, not true.
I bounced mail on an ISP address that I grabbed a few years back for approx 6 months and I still got spammed non-stop. I figured it would get me off all the lists the other person was on and the spammers would eventually get the point - nope.
The problem with this is that the spammers never get a notice (unless they're doing things right) that the address is full. To them, they're still delivering to an existing address and, at some point, you'll carve out the offending messages.
so, a co-worker hosts a few domains on his mail server. After he began getting dictionary spammed, he started monitoring the mail logs... whenever it logged a "username not found" error, a script set a null route for that source IP (and an "at" job some period of time later to remove it). Load dropped tremendously, since it was primarily zombie bots spewing spam.
Not perfect, but interesting.
Dump the IRS - http://www.fairtax.org
I certainly would find it unacceptable to shut down receiving e-mail for a few days. But if the concept here is that the bounces that result from shutting down an e-mail account for a few days result in far less spam, then I would certainly be glad to forge some bounces for the damn spammers. Hell, why don't we have an application that can do this automatically, just highlight your spam and hit a bounce button in the mail client? How do I get this in the next release of Thunderbird?
Sure, there are plenty of spammers who use false addresses. I'm the real owner of one they frequently "make up", and I see a lot of both spam and bounces as a result of it. I can assure you that anyone who the spammers are picking on this way by using their address as a false return address is already getting plenty of bounces, and will think nothing of one more. If he knew it was in the cause of fighting the spammers he might even welcome it.
I'm an American. I love this country and the freedoms that we used to have.
This idea is as stupid as they get, the logic is flawed and experience has shown us otherwise. The most spam we get at our company is for accounts that have been bouncing for several years.
Surely no-one will act blindly on this poor fool's ramblings and kill their mail systems?
If you can't figure out what's wrong with it, don't try it.
- mipe -
It doesn't matter, if they do catch on and start using postfix to deliver their trash it still means that they have to wait the 10 minutes that the grey period is before they can deliver their spam.
10 minutes is plenty of time for their server to have hit a spamtrap and gotten listed in a RBL, so when they come back 10 minutes later they will be blocked.
As far as I'm concerned greylisting+spamtrapping is the final solution wrt. spam.
-- To dream a dream is grand, but to live it is divine. -- Leto ][
I mean, come on, advising such things as shutting down one's mail server in order not to receive the spam is not a solution. It's like turning away from a problem and say that if you don't see it, it doesn't exist. It's plain stupid.
:) Really, if someone would come up to me with a "solution" like this I would loudly laugh in his face right away :)
:)
Geez, I just keep smacking my head into my desk, after having read it again
Like, hey the road is bumpy, so I won't use my car for a week, and they'll just go away.
One thing would help though: if you would shut down the spammers' machines for a long while
Man, my head still aches from this one.
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
That's the whole idea behing greylisting - log and soft reject the first time ("too busy" signal), pass the second time. However, there are 2 problems with that:
1) with the amount of zombies out there it's not going to be that hard coding in a retransmit.
2) a really intelligent trojan will look for the connected ISP mail relay. As the data is coming from the inside it's be allowed until the ISP spots the flood and bars or throttles it.
In either case your greylisting is history.
Insert
And spam filters happen to be the getting rid of spam the easy way.
Sindri Traustason.
I just want to add my support to your position. What we have earned from our efforts to automatically filter away the junk at the receiving end is the ability to accept far more junk mail than any human could possibly read. Networking resources have been allocated (by the recipients) to accomodate the senders rather than the recipients themselves.
If your domain serves 100 users, each willing to receive up to ten messages per day (on average), your domain mail server should be configured not to accept more than 1,000 messages per day in total; anything in excess of that would be pointless. This can be accomplished in a number of ways, say by having your mail server shut down for most of the day (as the article suggested), or by delaying inbound sessions. Of these two approaches, I believe the latter is least likely to cause problems also to legit senders (including mailing lists), since the protocols involved (TCP and SMTP) are designed to repeatedly retry failed connection attempts until delivery is successful.
When people call me on the phone to give me information, I make a point of writing that information down while I'm still talking to them. If instead I were to allow them to hang up, chances are I might get another call before I get to write down the notes from the first call, and I might forget it altogether. I don't think this imposed delay is considered rude or costly to the first caller; I'm simply making sure their message to me is not lost. It should be the same with e-mail; having the SMTP server say to the SMTP client "please hold on for a minute while we sort things out here" is certainly less costly to the sender of the message being delayed, than saying so on the phone.
If mailing list operators and other senders of legit bulk mail need the ability to make several outbound connections simultaneously, they can have it, but there is no point in the receiving server being able to accept multiple inbound connections simultaneously if there aren't enough users around to even read the messages.
You greylisting interval(24 hours) is totally braindamaged.
Evan's original suggestion is 1 hour.
I use 1 minute, and that works just dandy.
If you are using Exim 4, then you can use the Bagley greylisting system. Unlike other systems for Exim 4, it does not require fancy recompilation of the Exim 4 binary and can just be plugged in to a vanilla setup.
Our Exim 4 server uses Bagley.
Unlike other systems for Exim 4, it does not require fancy recompilation of the Exim 4 binary and can just be plugged in to a vanilla setup.
The whole reason I got my own domain was to have a simple address I could give out that people would remember easily. And it doesn't matter how careful you tell people to be. Inevitably you'll get an evite from someone, or someone will give out your "real" address to someone who likes to send email greeting cards. Or some idiot will get a virus and start sending you 300 screensavers in a zip file with a password of 8828282. You get the idea.
I also tried TMDA, but confirmation schemes are not an acceptable solution for me.
In the end, I opted for clamav+spamassassin. This solution has far surpassed even my most optimistic expectations. About 1 spam per 200 I receive goes to the "probably spam" folder and about 1 spam per 5000 hits my inbox. The rest are rejected in the SMTP session.
I know what you're thinking: false-positives. Well, I only reject viruses and SA scores >10. I have never ever ever had someone contact me asking why his/her email was rejected as spam. Seriously, not even once.
It seems the talented folks at spamassassin are just too good at keeping a few steps ahead of the spammers. And clamav kicks ass all over every commercial AV solution I've tried in terms of performance and accuracy.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
If you know, how do you know? Do you look at your TMDA pending folder and sift through it for false positives? If you do, how is that better than no spam filtering at all?
I ask these questions because I kicked out TMDA for these reasons. I found myself still looking at spam trying to find missing emails and finally I said screw it and adopted a more elegant solution. Oh well.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
The Artists Against 419 bandwidth sucker has taken out a couple hundred spammer websites from the Nigerian 419 crowd. I'm not running it today - the new NetBSD release came out so I'm wasting my bandwidth running Bittorrent instead (and there seem to be lots of high-bandwidth people seeding the torrent, so I've been downloading at 1.5 Mbps all morning.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Isn't it possible (even likely) that part of the Exchange Server maintenance was an anti-spam filter? Not only would that explain the drop in spam, but also makes more sense since it's not like you get the same spammers spamming you over and over again. Your email is passed around like a cheap prom date for as long as there are new spammers buying 'millions' CD's. So a 2 day shut-down won't likely thwart brand new spammers who get your email address after the two day turn around. Further, often spammers use programs to generate 'likely' email addresses at common domains. Again, a 2 day shut-down wouldn't thwart this. It just seems likely that an anti-spam filter was put in place during the 'upgrade'. Finally, it is proven that over 95% of spammers don't use valid return addresses, so the majority of spammers who sent you email before wouldn't get the 'bounce message' anyway.
As for other methods that work, I use a self-created method that heavily relies on rules/filters that requires a lot of set up, but no real maintenance afterwards. It basically involves writing a rule/filter that moves known friends and family, and safe domains, to a "good" folder (a whitelist). Then write a filter that moves (to a 'junk' folder) everything with an "@" character in the from address. Now, to prevent missing friends or families that email you with a new email address that isn't yet on your whitelist, you write a filter to 'reply' to all 'junk' mails with an email that states ["you've been rejected by my spam filter. Please put 'CodeRed' in the subject line and resend your message or write 'check your junk folder for this email address and the original message'"]. This can be annoying for some lazy friends, but they only need to do it once per new email address. Then, you write a rule/filter that will put all emails where the subject contains "CodeRed" into a 'Pending' folder. Here you can read emails that didn't make it to your whitelist, but also be alerted when someone had to use this method to reach you, and by result, put their new address on your whitelist. Finally, you make a rule that recognizes whenever the word or words "Returned mail" or "Bounce" or "Daemon", etc, is placed in another folder (called 'Bounced', perhaps). This prevents your auto-reply from continuously replying to the same bounce message over and over again. "out of office" replies can also sometimes cause this mail-war, but usually mail servers recognize this and don't send back an 'out of office' reply to the same address more than once (since two out of office' computers would war all weekend long otherwise).
Anyway, after all that set up, it's easy from there. 99% of spammers do not use valid return addresses (as my method has proven) so the myth that replying to spammers lets them know you have a valid email address is just that, a myth. I have used this system for over a year now, and have had nearly a 100% effectiveness with it. I have had less than 5 spammers actually take the time to read my response email, and put the 'CodeRed' in the subject line. From there, I can blacklist their email address. Finally, I can change the codeword as often as I want since it doesn't affect anyone on my whitelist.
The funny thing about this method is when I post it somewhere, a few people ignorantly tell me 'it wouldn't work' and give theories as to why it wouldn't, and don't realize it IS working, and has been for over a year.
"Artificial Intelligence usually beats real stupidity."
By default the sender connects to the primary MX record, then the backups, and if no MX exists it connects to the A record.
A good idea is to apply RBL lists, such as SORBS, and make a primary MX (say priority 10) point to some rediculous place like this.mx.is.fake.domain.com (the A record would have no responding SMTP), and the backup (priority 20) being the actual receiver.
The above should help matters.
Using SORBS alone does meant that DHCP'd senders cannot connect. Greylisting is a very effective means too.
Why UNIX?
It bans false or misleading header information. Your email's "From," "To," and routing information ? including the originating domain name and email address ? must be accurate and identify the person who initiated the email.
I know that not all spammers follow the rules, but you would be surprized at how many do. Many of the emails I get will bounce back to me when I bounce them. So far I have had none bounce back to me. The best part is my spam count is way down. What I believe is that this guy who did the server shutdown found out that if the spammers find a dead end they just take you off the list. They have too because it's pounding them with their own crap.
As for the spammers that don't follow the rules. Then all the email that would of gone to his server ended up bouncing to all the net.
Danger Will Robinson! You are now entering a condescending Unix user zone!