Slashdot Mirror
De-spamming Your Inbox The Hard Way
ajain writes "Even after using precautions like dummy email address in public forums, I have been plagued by the spam mails for long time now. Accidentally, I hit upon a not-so-elegant but effective solution recently: Ever thought of shutting down the mail server temporarily to stop spam to your inbox permanently? Well, it seems to work. In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic! Here are the details and a step-by-step guide to this desperate-method of spam reduction. I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero!"
You might entertain another method - if you have an internet domain of your own. Make use of mail-subdomains that you cycle through regularly.
And only trusted friends give permanent (or ermanent sub-domain) email addresses.
And as for mailing lists, if you use procmail to filter inbound messages on mailing lists, scan for specific things in it, e.g. don't just scan for the recipient, but also for specific mailing list headers. Anything that falls through this sieve you throw away (or, at least, quarantine it in a separate location).
...if you don't mind missing potentially important emails. It's a bit overdrastic and if you're supporting multiple users, it's going to be a totally unacceptable solution.
[insert witty sig here]
They left out a t.
In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic!
Rumour has it that shutting down your server permanently will result in a 100% reduction in spam traffic.
Manually deleting them one by one is the hard way.
Don't be fooled: there are plenty of stupid ones.
I shut down my e-mail server for a year and a half when I was getting the strange Spanish spams.
When I brought it back online again, I started seeing them again.
Mod me down and I will become more powerful than you can possibly imagine!
Just unplug your ethernet cable and your Windows box will be safe from worms!
Beware the airborne version.
What are the odds the new mail server he is using put spam filters on there for him and he just didn't notice?
A few hundred random people received
"The message you sent X was undeliverable"
spam instead.
Nice.
I don't know the meaning of the word 'don't' - J
I've got domains that I have left inactive for year then re-added them to dns and set up mail accounts for them and the spam comes in immediately.
Spammers simply aren't diligent when it comes to maintaining their list, they don't remove bounced emails (as they have spoofed all the headers anyway so they don't receive the bounces) they don't remove the address from domains without MX records or no reponding hosts(as they send all the spam from botnets that don't report failures back anyway).
I don't know what this guy did but he is thoroughly mistaken.
----
That sounds to be like a really inefficient form of greylisting.
By the way, I started greylisting on my mail server a couple of days ago, and my spam has gone down to virtually zero.
the fact they might have installed some anti-spam filters when they were upgrading the mail server? duhhh
Anybody want to help me shutdown hotmail for a couple days?
..perhaps won't slow the flow of spam but will let you know who that bastards are that are selling your email in the first place. Buy a domain name then use a different email address of every site that asks for an email.. for example 'amazon_email@yourdomain.com' if you fill in a form at amazon.com.
You'd be suprised at the sites that promise to protect privacy and don't.
The article says that the school upgraded to a new version of Exchange during that two day period. IS it possible that during the course of the upgrade they also added some anti-spam features that aren't visible to the end user?
I know that personally I've had my mail server go down for more than two days without a backup relay and had no notable drop in spam traffic.
This sig has been temporarily disconnected or is no longer in service
Bounce != no SMTP session at all
Spammers care little if at all about bounces. Ponder, for a moment, how many bounce messages his server sent when it was off if this is still confusing you.
Isn't this just a variant of greylisting? (the link is the first hit on google for 'greylisting')
In case of our university mailserver it worked like magic. I was getting 100 spams per day and now I get 4-5 and these are mostly from 'professional' "spamming houses" (the ones with proper mailing lists and proper mailservers, but which don't like poeople who try to unsubscribe).
Doomie
This is a totaly unacceptable solution in a real-world business environment. Two days worth of bounced emails and even a moderate size company could miss over a $100K worth of online orders. Worse yet they could lose a current customer or, almost certainly, a potential customer. Customers as a rule don't take kindly to bounced orders and then they go to a competitor.
There are drop in solutions out there. Use them if it's a real issue.
I am invisble, and you can't see me.
No. Bounces never reach the spammer. Ever. Spammers always use fake sender addresses, so the bounces will go to an innocent bystander.
So, while totally ineffective, you also burden the innocent bystander with yet another bounce.
The only way to combat spam is to reject it on the SMTP level.
Note that the guy in the article was wrong. When a mailserver is offline for two days, no bounces are sent. Sending mailservers will usually retry for 5 days before bouncing the message.
However, spammers don't use mailservers to send their spam, they deliver the spam direcly to the receiving mailserver. They've got instant feedback on wether the spam is accepted by the mailserver or not.
When a mailserver is offline, spammers will know immediately. However I doubt they'd remove your name from the list because of this simple fact. Mailservers are regulary offline for multiple days.
In this case I rather think they installed a very good spamfilter on that brand new Exchange Server.
This is your sig. There are thousands more, but this one is yours.
I decomissioned a mail server recently. The IP address is empty. The MX record is flat out gone.
Despite this, my packet sniffer still sees ~20 connection attempts per hour to that old address, nearly three months later. They are all bot-infected PCs according to sbl-xbl.spamhaus.org
That address was being mercilessly spammed and under constant dictionary attack.
Ultimately, I was able to use my log files to reconstruct the dictionary they were hitting me with. I put the whole thing under blacklist_to and saw a big drop in junk getting past my filters.
-j
6) T to Y: a) If you have a girlfriend, take a vacation with her.
b) If you dont have a girlfriend, check mails on the temporary alternative email ID.
This just in: Apparently airlines, the U.S. highway system, hotels, parks and other attractions have now opened their doors to people without girlfriends. Also, coffeeshops, bars, music venues, theaters, yoga studios and other local businesses are consdering joining this pilot program on a case by base basis.
Those without girlfriends, then, might be able to take a 48 hour break from the Internet as well.
Our Postfix mail server uses Postgrey (click link for graph showing effectiveness), and it's as close to 'magic' as I've seen yet in the antispam category.
-Mark
I added greylisting to my mail server, and that cut down on both spam and virus messages by a tremendous amount. See http://greylisting.org/ for more info.
From: Sammy Spammy
To: undisclosed-receipient
Subject: Don't buy this: Get it free!
For a limited time you can get the Wally Whizbanger FREE!!!!
...
-- @rjamestaylor on Ello
Mac OSX Mail has a feature which lets you "Bounce" Mail, which essentially mimics the Server Response to an invalid Email Address.
I was recently shocked to find that neither Outlook Express or Outlook have this feature.
Very useful for Spammers and Annoying Ex-Girlfriends.
Use pgp and sign there email.
thank God the internet isn't a human right.
I would have to agree with the Gmail spam filter.... it really does kick some major ass.
I have had a couple of "personal spam" (messages that are from legitimate people - but are SPAM to me - on college campuses this happens all the time) get through - but after Reporting those as spam it hasn't messed up since. On average it has been eating about 30 spam emails a day.
I used Mozilla Mail's spam filter for the last year or so - and just completely switched to Gmail last week - and have found it to be superior in all regards (Filters and Labels are AWESOME!).
Ok - enough Gmail love...
Friedmud
Your post advocates a
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which vary from state to state.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires cooperation from too many of your friends and is counterintuitive
( ) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
(x) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
( ) Ideas similar to yours are easy to come up with, yet none have ever worked
( ) Other:
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
( ) Other:
and the following philosophical objections may also apply:
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures cannot involve wire fraud or credit card fraud
( ) Countermeasures cannot involve sabotage of public networks
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
(x) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
( ) Other:
Furthermore, this is what I think about you:
(x) Nice try, dude, but I don't think it will work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Come up with a white list of good addresses, and then reject all others. This way you loose a good amount of mail for the 2 days your shut down, but some important stuff would still get thru. Allow whitelist on border router or host firewall, deny everyone else.
Southeastern Virginia REPRESENT!
No no no. DO NOT bounce mail that doesn't pass though spam filter after you accepted it for delivery. You are only spamming someone else.
What you need to do is to reject the email BEFORE you accept it in the queue. That is, after DATA is complete, scan the email and if it fails the test, then reject it at the MTA level. If you accept the email in MTA (ie. after DATA is complete), then DO NOT bounce it because the headers do not have the real FROM: anyway (in case of spam)
Also, if you are bouncing mail after DATA, then your servers will try connecting to some other MTA raising your load. Bad idea.
I use www.mxlogic.com to deny all medium-high risk spam completely. It intercepts it before it even hits my mail server. I like it.
We are one consciousness experiencing itself subjectively. Back to you with the weather, Bob!
Our ISP has set up a slightly more elegant way to fliter out lots and lots of spam. They call it DoubleVerify.
From the FAQ (http://www.olympus.net/doubleVerifyNL):
DoubleVerify gets two chances to automatically identify mail. When mail arrives at our mail server the first time our server requests the sending mail server to send it a second time. Spammers rarely comply. Legitimate mail servers typically resend the mail about fifteen minutes later. Once OlympusNet receives mail the second time, it immediately delivers that mail and continues to immediately deliver mail from that sender. The DoubleVerify process works invisibly and is handled automatically by the mail servers.
You can whitelist entire domains (like your company, for example), too. It's worked pretty well for us.
Legitimate servers do that. Spammers and SMTP trojans on hijacked home computers don't usually try again.
The meme police, They live inside of my head
So far Ive had my setup email address (based on our account name) and I created one just for me. My email address is in the format blahblah_nospam@mindspring.com - Note: There actually is _nospam in my email address.
;)
Account based email box ~ 25 spams/week over the past year.
My email account : 0!
Reasoning : spammers do s/nospam//ig; on their email addresses.
I really feel for that blahblah_@mindspring.com - They're getting my spam
(For the pedantic yes I know mindspring whitelists - mindspring.com is used as an example)
-B
I believe that you will find that turning off your email server to stop spam has been patented as the intellectual knowledge of Microsoft. You are in violation of that patent if you turn your server off for that reason. It is my understanding that they have hired RIAA to go after the low life criminals who are stealing this precious intellectual knowledge and prosecute them to the fullest extent of the law.
How long until the spammers simply queue undeliverable email, and try again after a few minutes? I'm suprised they all haven't yet.
During that time, all the mails sent to my mail account were of course bouncing.
Of course they were NOT. During that time, emails sent to your account were being held at the sending server, or, in the case of spammers who aren't using open relays, there was a timeout during the connection to port 25 on your server. Neither results in a bounce. Most intelligent email systems are set up with a 5 day queue.
In other words, it will take 5 days for bounces to start being sent. That's for real email. For the spam, the bounces will be sent to fake addresses and the spammers will never see them.
I've had systems in place on many of my accounts for YEARS that bounce (reject with "unknown user" errors) spam and the same spammers keep sending the same shit over and over again. I've waatched the mail logs on my domain's servers where 99% of the incoming email is undeliverable spam (it ALL bounces) and the same spammers keep sending the same shit over and over again. Spammers simply either DO NOT CARE if they get a bounce, or do not see the bounces anyway.
There must be a different explanation for the reduction in spam. A new spam filter on the server, for example. Spammers seeing bounces and stopping is patently ridiculous.
Many spam emails have forged 'from' addresses and/or envelope senders, so if you bounce the email, the bounce may end up at some unsuspecting person's email. This only adds to the problem.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
This guy has no clue what's going on. His knee jerk reaction is that it must have been because they shut the system off.
Never, not once, did he consider the fact that his admins *upgraded* the exchange server. The probably went from 5.5/2000 to 2003.
By no means am I an M$ guru, but I know for a fact that 2003 comes with a large amount of internal things to help control and minimize spam.
In fact, anyone upgrading to 2003 sees drammatically better spam controls.
Someone revoke this guys geek license, as he just failed the critical thinking test.
my car started running poorly a few months ago - so I took it into the shop. when I came back to get my car - they charged me $400. it runs great now. not driving my car for two days fixed it! now I'm going to try not driving it for 3 days to see if it fixes the rips in my upholstry. Also - did anyone else hear that you can reformat your 120GB drive to 260GB with no ill effects? I read that on slashdot a while ago!
The problem here is that spamming is easily modeled by game theory, and the spammers have a dominant strategy.
Your move: optimize how long you need to shut down your e-mail in order to minimize spam. Their move: check one day longer than your precaution allows for.
They can keep pushing it back until it is no longer useful for you to even have e-mail in the first place (i.e., you have more downtime than uptime), and either you end up not using e-mail at all or you end up receiving lots of spam.
I just setup a catchall account on my domain and use whereIampostingmyemail@mydomain.com for every email address I give out. Not only does that identify WHO is sending me spam (shadyecomstore.com@mydomain.com) so I can track back and yell at them, but it allows me to create a rule to block addresses if they get to be too spammed over. This seems to work pretty well along with Baysean filtering and a few rules I have setup.
-Those who know do not say, Those who say do not know
I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero
No need for models and simulations... the answer is 'shut-down time' = Infinity
The program should recognize which server it came from("received" in full headers), and blackhole that server because it's obviously an open relay, at the very least.
On a related note, I find it amazing that various antivirus/antispam vendors are still using the "From" line to report abuses. Do viruses or spam ever come from real email addresses? Not usually. I'm pretty much the victim of a "joe-job" on a regular basis because of this.
Thats why we need to push for much greater adoption of Sender Permitted From (SPF).
That should prevent fake email addresses from being used.
Unfortunatly, large ISPs and email providers dont seem to want to implement SPF records for their mailservers.
All technical considerations aside (3 day retry periods, no central spam DB etc.........) let's just read up on Exchange 2003 marketing literature (not that we should normally trust Microsoft marketing literature, but it suffices that they cannot outright lie about it). They claim to have all sort of *new* spam block features. Perhaps the author may have considered the hypothesis that his IT dept made the switch with these features in mind. At the very least it would be nice if he did a little due diligence (or if he did do some, that he would note that fact) to rule out simpler explanations? Why on earth would spammer's care about keeping lists clean anyway? It's not like they all of a sudden grew a conscience?
Didn't that Occum guy have something to say about crazy theories like this author's rant?
In mimedefang:
You wouldn't believe how much stuff gets outright rejected just by checking the helo, greet_pause, and spamhaus. Spamassassin gets the rest.
I really don't know how I managed to run sendmail without mimedefang before.
Believe me. The return address on penis enlargement stuff is fake (just like their product claims). The web links probably work, though. Anyone selling shady stuff via email is not going to put a real return address on it. They'll spend the whole day wading through angry messages from people fed up with spam, bounce messages, and hundreds of other non-revenue-generating emails. While not all spam headers are faked, the vast majority are.
I do not have a signature
I have a personal domain that I give out to friends. Then I have a domain I use for e-mail for everyone other than friends and assign everyone a different e-mail address.
For example: microsoft@mydomainz.com for Microsoft. If Microsoft sends my info to a spammer, I can easily shut down the microsoft@mydomainz.com with a simple filter..
I noticed that a lot of spam came through from domain registration.. register1@mydomainz.com.. Now banned. register2.. Now banned. I think I'm on 3 right now.. Those spammers never learn.
The end result is my spam level, although not zero, is so dramatically reduced that its very manageable.. Most of it gets deleted as I see the headers, so it never actually gets read.
You gotta be kidding. First of all, if it gets "bounced" back to some non-existent e-mail address, spammers don't get no word 'bout nothin'. Second even if it gets bounced back to spammers, they don't care. Many (most) of them are getting email lists from some spam-address distributor, so they don't see themselves as custodians of the list; they just blast away like drunks with diarrhea.
How do I know this? I've owned my domain since 1996, and I've been administrating the email since 1998. I get spam nearly every single day for beth@ahab.com (no point in cloaking it, really), and it has NEVER been a valid address. It often bounces back to the postmaster (me) after not bouncing back to their forged yahoo address and after NOT getting the word out to a single baby-eating spammer (you do know they eat babies, right?), and I see it when I bother scanning my postmaster folder for anything interesting.
Sure, it's worth my hassle if it bounces back to them, but it's probably not worth it to the poor sucker whose yahoo address they forged.
Get a clue: SPAMMERS DON'T CARE. You're kinda hoping that the guy who lets his dog shit on the sidewalk in front of your house is going to be annoyed by the smell.
Expanding a vast wasteland since 1996.
I believe it IS good to have as much authentication as possible, but not to the point where it would make the system brittle.
;-)
It just seems that the more security layers you have to go through, the more chance you have of something failing.
What if you wanted to communicate with a non-compliant e-mail recipient?
Obviously, if SPF becomes the law of the land, and EVERYONE starts using it, the problem of spam would go away, at least for a while
But it's the same phenomena slowing IPv6 adoption, things work (albeit with certain problems) now.
I don't know the meaning of the word 'don't' - J
This idea is as stupid as they get, the logic is flawed and experience has shown us otherwise. The most spam we get at our company is for accounts that have been bouncing for several years.
Surely no-one will act blindly on this poor fool's ramblings and kill their mail systems?
If you can't figure out what's wrong with it, don't try it.
- mipe -