Slashdot Mirror
De-spamming Your Inbox The Hard Way
ajain writes "Even after using precautions like dummy email address in public forums, I have been plagued by the spam mails for long time now. Accidentally, I hit upon a not-so-elegant but effective solution recently: Ever thought of shutting down the mail server temporarily to stop spam to your inbox permanently? Well, it seems to work. In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic! Here are the details and a step-by-step guide to this desperate-method of spam reduction. I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero!"
You might entertain another method - if you have an internet domain of your own. Make use of mail-subdomains that you cycle through regularly.
And only trusted friends give permanent (or ermanent sub-domain) email addresses.
And as for mailing lists, if you use procmail to filter inbound messages on mailing lists, scan for specific things in it, e.g. don't just scan for the recipient, but also for specific mailing list headers. Anything that falls through this sieve you throw away (or, at least, quarantine it in a separate location).
...if you don't mind missing potentially important emails. It's a bit overdrastic and if you're supporting multiple users, it's going to be a totally unacceptable solution.
[insert witty sig here]
They left out a t.
In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic!
Rumour has it that shutting down your server permanently will result in a 100% reduction in spam traffic.
Manually deleting them one by one is the hard way.
Don't be fooled: there are plenty of stupid ones.
I shut down my e-mail server for a year and a half when I was getting the strange Spanish spams.
When I brought it back online again, I started seeing them again.
Mod me down and I will become more powerful than you can possibly imagine!
A few hundred random people received
"The message you sent X was undeliverable"
spam instead.
Nice.
I don't know the meaning of the word 'don't' - J
I've got domains that I have left inactive for year then re-added them to dns and set up mail accounts for them and the spam comes in immediately.
Spammers simply aren't diligent when it comes to maintaining their list, they don't remove bounced emails (as they have spoofed all the headers anyway so they don't receive the bounces) they don't remove the address from domains without MX records or no reponding hosts(as they send all the spam from botnets that don't report failures back anyway).
I don't know what this guy did but he is thoroughly mistaken.
----
Anybody want to help me shutdown hotmail for a couple days?
..perhaps won't slow the flow of spam but will let you know who that bastards are that are selling your email in the first place. Buy a domain name then use a different email address of every site that asks for an email.. for example 'amazon_email@yourdomain.com' if you fill in a form at amazon.com.
You'd be suprised at the sites that promise to protect privacy and don't.
The article says that the school upgraded to a new version of Exchange during that two day period. IS it possible that during the course of the upgrade they also added some anti-spam features that aren't visible to the end user?
I know that personally I've had my mail server go down for more than two days without a backup relay and had no notable drop in spam traffic.
This sig has been temporarily disconnected or is no longer in service
Bounce != no SMTP session at all
Spammers care little if at all about bounces. Ponder, for a moment, how many bounce messages his server sent when it was off if this is still confusing you.
Isn't this just a variant of greylisting? (the link is the first hit on google for 'greylisting')
In case of our university mailserver it worked like magic. I was getting 100 spams per day and now I get 4-5 and these are mostly from 'professional' "spamming houses" (the ones with proper mailing lists and proper mailservers, but which don't like poeople who try to unsubscribe).
Doomie
This is a totaly unacceptable solution in a real-world business environment. Two days worth of bounced emails and even a moderate size company could miss over a $100K worth of online orders. Worse yet they could lose a current customer or, almost certainly, a potential customer. Customers as a rule don't take kindly to bounced orders and then they go to a competitor.
There are drop in solutions out there. Use them if it's a real issue.
I am invisble, and you can't see me.
No. Bounces never reach the spammer. Ever. Spammers always use fake sender addresses, so the bounces will go to an innocent bystander.
So, while totally ineffective, you also burden the innocent bystander with yet another bounce.
The only way to combat spam is to reject it on the SMTP level.
Note that the guy in the article was wrong. When a mailserver is offline for two days, no bounces are sent. Sending mailservers will usually retry for 5 days before bouncing the message.
However, spammers don't use mailservers to send their spam, they deliver the spam direcly to the receiving mailserver. They've got instant feedback on wether the spam is accepted by the mailserver or not.
When a mailserver is offline, spammers will know immediately. However I doubt they'd remove your name from the list because of this simple fact. Mailservers are regulary offline for multiple days.
In this case I rather think they installed a very good spamfilter on that brand new Exchange Server.
This is your sig. There are thousands more, but this one is yours.
Our Postfix mail server uses Postgrey (click link for graph showing effectiveness), and it's as close to 'magic' as I've seen yet in the antispam category.
-Mark
From: Sammy Spammy
To: undisclosed-receipient
Subject: Don't buy this: Get it free!
For a limited time you can get the Wally Whizbanger FREE!!!!
...
-- @rjamestaylor on Ello
Your post advocates a
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which vary from state to state.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires cooperation from too many of your friends and is counterintuitive
( ) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
(x) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
( ) Ideas similar to yours are easy to come up with, yet none have ever worked
( ) Other:
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
( ) Other:
and the following philosophical objections may also apply:
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures cannot involve wire fraud or credit card fraud
( ) Countermeasures cannot involve sabotage of public networks
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
(x) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
( ) Other:
Furthermore, this is what I think about you:
(x) Nice try, dude, but I don't think it will work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
No no no. DO NOT bounce mail that doesn't pass though spam filter after you accepted it for delivery. You are only spamming someone else.
What you need to do is to reject the email BEFORE you accept it in the queue. That is, after DATA is complete, scan the email and if it fails the test, then reject it at the MTA level. If you accept the email in MTA (ie. after DATA is complete), then DO NOT bounce it because the headers do not have the real FROM: anyway (in case of spam)
Also, if you are bouncing mail after DATA, then your servers will try connecting to some other MTA raising your load. Bad idea.
Our ISP has set up a slightly more elegant way to fliter out lots and lots of spam. They call it DoubleVerify.
From the FAQ (http://www.olympus.net/doubleVerifyNL):
DoubleVerify gets two chances to automatically identify mail. When mail arrives at our mail server the first time our server requests the sending mail server to send it a second time. Spammers rarely comply. Legitimate mail servers typically resend the mail about fifteen minutes later. Once OlympusNet receives mail the second time, it immediately delivers that mail and continues to immediately deliver mail from that sender. The DoubleVerify process works invisibly and is handled automatically by the mail servers.
You can whitelist entire domains (like your company, for example), too. It's worked pretty well for us.
During that time, all the mails sent to my mail account were of course bouncing.
Of course they were NOT. During that time, emails sent to your account were being held at the sending server, or, in the case of spammers who aren't using open relays, there was a timeout during the connection to port 25 on your server. Neither results in a bounce. Most intelligent email systems are set up with a 5 day queue.
In other words, it will take 5 days for bounces to start being sent. That's for real email. For the spam, the bounces will be sent to fake addresses and the spammers will never see them.
I've had systems in place on many of my accounts for YEARS that bounce (reject with "unknown user" errors) spam and the same spammers keep sending the same shit over and over again. I've waatched the mail logs on my domain's servers where 99% of the incoming email is undeliverable spam (it ALL bounces) and the same spammers keep sending the same shit over and over again. Spammers simply either DO NOT CARE if they get a bounce, or do not see the bounces anyway.
There must be a different explanation for the reduction in spam. A new spam filter on the server, for example. Spammers seeing bounces and stopping is patently ridiculous.
Many spam emails have forged 'from' addresses and/or envelope senders, so if you bounce the email, the bounce may end up at some unsuspecting person's email. This only adds to the problem.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
my car started running poorly a few months ago - so I took it into the shop. when I came back to get my car - they charged me $400. it runs great now. not driving my car for two days fixed it! now I'm going to try not driving it for 3 days to see if it fixes the rips in my upholstry. Also - did anyone else hear that you can reformat your 120GB drive to 260GB with no ill effects? I read that on slashdot a while ago!
In mimedefang:
You wouldn't believe how much stuff gets outright rejected just by checking the helo, greet_pause, and spamhaus. Spamassassin gets the rest.
I really don't know how I managed to run sendmail without mimedefang before.
You gotta be kidding. First of all, if it gets "bounced" back to some non-existent e-mail address, spammers don't get no word 'bout nothin'. Second even if it gets bounced back to spammers, they don't care. Many (most) of them are getting email lists from some spam-address distributor, so they don't see themselves as custodians of the list; they just blast away like drunks with diarrhea.
How do I know this? I've owned my domain since 1996, and I've been administrating the email since 1998. I get spam nearly every single day for beth@ahab.com (no point in cloaking it, really), and it has NEVER been a valid address. It often bounces back to the postmaster (me) after not bouncing back to their forged yahoo address and after NOT getting the word out to a single baby-eating spammer (you do know they eat babies, right?), and I see it when I bother scanning my postmaster folder for anything interesting.
Sure, it's worth my hassle if it bounces back to them, but it's probably not worth it to the poor sucker whose yahoo address they forged.
Get a clue: SPAMMERS DON'T CARE. You're kinda hoping that the guy who lets his dog shit on the sidewalk in front of your house is going to be annoyed by the smell.
Expanding a vast wasteland since 1996.