Slashdot Mirror
De-spamming Your Inbox The Hard Way
ajain writes "Even after using precautions like dummy email address in public forums, I have been plagued by the spam mails for long time now. Accidentally, I hit upon a not-so-elegant but effective solution recently: Ever thought of shutting down the mail server temporarily to stop spam to your inbox permanently? Well, it seems to work. In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic! Here are the details and a step-by-step guide to this desperate-method of spam reduction. I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero!"
In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic!
Rumour has it that shutting down your server permanently will result in a 100% reduction in spam traffic.
I've got domains that I have left inactive for year then re-added them to dns and set up mail accounts for them and the spam comes in immediately.
Spammers simply aren't diligent when it comes to maintaining their list, they don't remove bounced emails (as they have spoofed all the headers anyway so they don't receive the bounces) they don't remove the address from domains without MX records or no reponding hosts(as they send all the spam from botnets that don't report failures back anyway).
I don't know what this guy did but he is thoroughly mistaken.
----
Anybody want to help me shutdown hotmail for a couple days?
Isn't this just a variant of greylisting? (the link is the first hit on google for 'greylisting')
In case of our university mailserver it worked like magic. I was getting 100 spams per day and now I get 4-5 and these are mostly from 'professional' "spamming houses" (the ones with proper mailing lists and proper mailservers, but which don't like poeople who try to unsubscribe).
Doomie
No. Bounces never reach the spammer. Ever. Spammers always use fake sender addresses, so the bounces will go to an innocent bystander.
So, while totally ineffective, you also burden the innocent bystander with yet another bounce.
The only way to combat spam is to reject it on the SMTP level.
Note that the guy in the article was wrong. When a mailserver is offline for two days, no bounces are sent. Sending mailservers will usually retry for 5 days before bouncing the message.
However, spammers don't use mailservers to send their spam, they deliver the spam direcly to the receiving mailserver. They've got instant feedback on wether the spam is accepted by the mailserver or not.
When a mailserver is offline, spammers will know immediately. However I doubt they'd remove your name from the list because of this simple fact. Mailservers are regulary offline for multiple days.
In this case I rather think they installed a very good spamfilter on that brand new Exchange Server.
This is your sig. There are thousands more, but this one is yours.
Most spammers use joe-job attacks so you'll likely get a double bounce back on your server, or someone innocent will get your bounce.
Our Postfix mail server uses Postgrey (click link for graph showing effectiveness), and it's as close to 'magic' as I've seen yet in the antispam category.
-Mark
From: Sammy Spammy
To: undisclosed-receipient
Subject: Don't buy this: Get it free!
For a limited time you can get the Wally Whizbanger FREE!!!!
...
-- @rjamestaylor on Ello
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
No no no. DO NOT bounce mail that doesn't pass though spam filter after you accepted it for delivery. You are only spamming someone else.
What you need to do is to reject the email BEFORE you accept it in the queue. That is, after DATA is complete, scan the email and if it fails the test, then reject it at the MTA level. If you accept the email in MTA (ie. after DATA is complete), then DO NOT bounce it because the headers do not have the real FROM: anyway (in case of spam)
Also, if you are bouncing mail after DATA, then your servers will try connecting to some other MTA raising your load. Bad idea.
Our ISP has set up a slightly more elegant way to fliter out lots and lots of spam. They call it DoubleVerify.
From the FAQ (http://www.olympus.net/doubleVerifyNL):
DoubleVerify gets two chances to automatically identify mail. When mail arrives at our mail server the first time our server requests the sending mail server to send it a second time. Spammers rarely comply. Legitimate mail servers typically resend the mail about fifteen minutes later. Once OlympusNet receives mail the second time, it immediately delivers that mail and continues to immediately deliver mail from that sender. The DoubleVerify process works invisibly and is handled automatically by the mail servers.
You can whitelist entire domains (like your company, for example), too. It's worked pretty well for us.
Actually if you own a domain. Simply use abuse@yourdomainhere.com as your e-mail address. You will never receive any spam. I know this is not practical for most people but it works flawlessly.
During that time, all the mails sent to my mail account were of course bouncing.
Of course they were NOT. During that time, emails sent to your account were being held at the sending server, or, in the case of spammers who aren't using open relays, there was a timeout during the connection to port 25 on your server. Neither results in a bounce. Most intelligent email systems are set up with a 5 day queue.
In other words, it will take 5 days for bounces to start being sent. That's for real email. For the spam, the bounces will be sent to fake addresses and the spammers will never see them.
I've had systems in place on many of my accounts for YEARS that bounce (reject with "unknown user" errors) spam and the same spammers keep sending the same shit over and over again. I've waatched the mail logs on my domain's servers where 99% of the incoming email is undeliverable spam (it ALL bounces) and the same spammers keep sending the same shit over and over again. Spammers simply either DO NOT CARE if they get a bounce, or do not see the bounces anyway.
There must be a different explanation for the reduction in spam. A new spam filter on the server, for example. Spammers seeing bounces and stopping is patently ridiculous.
my car started running poorly a few months ago - so I took it into the shop. when I came back to get my car - they charged me $400. it runs great now. not driving my car for two days fixed it! now I'm going to try not driving it for 3 days to see if it fixes the rips in my upholstry. Also - did anyone else hear that you can reformat your 120GB drive to 260GB with no ill effects? I read that on slashdot a while ago!