Slashdot Mirror
I am the Most Spammed Person in the World
jefp writes "In November 2004, Microsoft's second-in-command Steve Ballmer made some headlines by mentioning that Chairman Bill Gates was getting four million spams per day. At the time, I was dealing with a little spam problem of my own - I was getting around a million spams per day. I found it a little comforting that my problem wasn't quite as bad as Bill's. However, a couple of weeks later Ballmer corrected himself, saying he mis-remembered the stat and Gates actually gets four million per year.
This means I was getting one hundred times as much spam as Bill Gates.
I've written a tutorial explaining why I get so much crapmail and how I deal with it."
he just went from 1 million a day to about 1.3 million a day.
Just throw your hands up and admit that's the only real way to turn them away.
Transcend Humanity. Please.
I can't even stand a single can, how do you get on with that much?
think I'd first get a new email address.
"It is sad to see a family torn apart by something as simple as a pack of wild dogs."
Yay to Slash-whoring your own site that is then too slow to respond and almost /.s before any comments appear.
At least he's persistant... most people would just switch e-mail addresses.
for Spamalot
Looks like I am getting to much media attention. I'll lower the spam to Gates to a million a day.
you don't post your email address to farmgirls.com!
Give a man a fish and he'll eat for a day. Teach him to fish and he'll wipe out the species.
Stop subscribing at all those porn sites!
Je t'aime Stéphanie
to something like ths hjuhiouh@microsoft.com
It will not make his inbox spam free, but spam will be below 0.001% compared to what he receice now. Think of drop in Internet traffic.
...but not with one slashdotting.
This must be depressing for him.
He's really just using Slashdot to break his server farm so he won't have to get spam anymore.
You can only be young once, but you can be immature forever.
"What am I trying to do here? * Keep my email service running and useful. * Keep my web service running too, since it's on the same machine." If the spam won't kill it, the slashdot crowd probably will.
I'm pretty sure whoever runs nowhere.com can give you a run for your money in the most spam inbound. Although a lot of those are probably from organizations thinking they're sending to legit opt-in requests.
He must be using Hotmail, of course!
Keep my web service running too, since it's on the same machine.
/. front page?
You try to do this by submiting a story to
Ubuntu is an African word meaning 'I can't configure Debian'
Hi Pokey!
-jim
I guess 1,000,000 spams a day isn't as bad as 1000 people simultaneously trying to access your Web server!
Just yesterday I enabled Greylisting in OpenBSD spamd, and today I got 6 spams, compared with my usual 150. (per day).
It's easy to set up and works with your existing mail server. OUr mail server is qmail on red hat, but openbsd just ahppily redirects the legit (what it suspects might be legit rather) to the mail server. The load has dramatically decreaed on the mail server.
/* oops I accidentally made a comment, sorry */
i cached it: http://www.acme.com.nyud.net:8090/mail_filtering/
Stop signing up for all those free porn sites!
paintball
I get around 3 spam emails per day. Michael Jackson
Check my site: http://pixel.pagina.nl
Your name in the posting is a link that resolves directly to your email address.
Don't know what you're doing right now to reduce the spam, but maybe putting your email address on the front page of Slashdot is a step in the wrong direction.
There are 2 kinds of people in this world. Those that can keep their train of thought,
Just to alleviate some of his bandwidth, I have mirrored the mail_filtering pages. Looks like it's all there. Let me know if you want me to take it down.
"To err is human, to forgive is simply not my policy." --root
It would be interesting to know what his favorite spam type is. My personal favorite are the African princes who always need access to my bank account for something sketchy.
"If we hit that bullseye, the rest of the dominos will fall like a house of cards. Checkmate." -Zapp Brannigan
If he's after a record, he should've included it in his slashdot submission
I used to have more GPF's than anyone I had ever heard of or met.
Damn. I could have submitted a story about it and used that same box as the web server.
This is not a dream, not a dream...we are transmitting from the year 1-9-9-9.
I dont get nearly as much spam as that, but even a few hundred a day is pretty irritating. My solution is to delete all email as soon as I get it.
I figure if its important I'll get a phone call.
air and light and time and space
I wonder if Bill changes email addresses as much as I install security patches. Karma's a bitch.
"I'm the most popular person on the planet with people who want to enlarge penises and make them work all night long" isn't one of them.
Weird article, someone ASKING to have themselves put under Slashdot's thumb.
My little site.
Good lord! And here I thought me getting a thousand spam a day was bad! (This from the days when I had Hotspam as my email provider.) That kinda got me a bit upset at them. I did really well controlling spam on my personal accounts since then, well enough for me to write a spam prevention how-to of my own.
It must be Windows. It needs half a gig of RAM and a hardware-accelerated graphics card just to run Solitaire.
I suppose that we will not know HOW you do it until the slashdot effect stops.
They are ACME Labs! They have everything I ever need. I order my gear to get that nasty Road Runner from them all the time! Its great stuff!
... my thousand a day or so was bad.
I can't even imagine getting that much, i'm already spamfiltering on at least 3 levels (bay server, bay client, manual client).
Spammers should die. If i had to pay for line charges, id just kill my accounts.
Shadus
Why So Much?
Why does ACME Labs get so much spam? That's a good question. There are probably two main reasons.
Does Ballmer "mis-remember" his others stats too; he's been showering us with them lately.
http://www.acme.com.nyud.net:8090/mail_filtering/
DEAR jefp,
PERMIT ME TO INFORM YOU OF MY DESIRE OF ENTERING INTO BUSINESS RELATIONSHIP WITH YOU. I PRAYED OVER IT CONTACTING YOU DUE TO ITS ESTEEMING NATURE. AS A REPUTABLE AND TRUSTWORTHY PERSON I CAN DO BUSINESS WITH AND I WANT TO CONFIDE IN YOU FOR THIS SIMPLE AND SINCERE BUSINESS.
I ESTELLE OBIH THE DAUGHTER OF LATE MR. DAVID OBIH, MY FAHTER WAS A VERY WEALTHY COCOA MERCHANT BASED IN ABIDJAN, THE ECONOMIC CAPITAL OF COTE D'IVOIRE BEFORE HE WAS POISONED TO DEATH BY HIS BUSINESS ASSOCIATES, ON ONE OF THEIR OUTING TO DISCUSS ON A BUSINESS DEAL.
WHEN MY MOTHER DIED ON THE 21ST OCTOBER 1995. MY FATHER TOOK ME SO SPECIAL BECAUSE I AM MOTHERLESS.
BEFORE THE DEATH OF MY FATHER ON 29TH NOVEMBER 2003 IN A PRIVATE HOSPITAL HERE IN ABIDJAN. HE SECRETLY CALLED ME ON HIS BEDSIDE AND TOLD ME THAT HE HAS A SUM OF EIGHT MILLION, SEVEN HUNDRED THOUSAND UNITED STATE DOLLARS.(USD$8.700,000) LEFT IN ONE OF THE LEADING FINANCE/SECURITY COMPANY HERE IN ABIDJAN, IVORY COAST WEST AFRICA.
HE FURTHER TOLD ME THAT HE DEPOSITED THE MONEY IN A CONSIGNMENT (BOX), CODED IT TO THE SECURITY COMPANY AS AFRICAN ARTIFACTS, SO THE SECURITY COMPANY IS NOT AWARE THAT THE CONTENT OF THE CONSIGNMENT. HE DID THIS FOR THE SAFETY OF THE MONEY.
HE ALSO EXPLAINED TO ME THAT IT WAS BECAUSE OF THIS WEALTH THAT HE WAS POISONED BY HIS BUSINESS ASSOCIATES, THAT I SHOULD SEEK FOR A FOREIGN PARTNER IN A COUNTRY OF MY CHOICE WHERE I WILL TRANSFER THIS MONEY AND USE IT FOR INVESTMENT PURPOSE.(SUCH AS REAL ESTATE MANAGEMENT).
I AM HONOURABLY SEEKING YOUR ASSISTANCE IN THE FOLLOWING WAYS:
TO SERVE AS THE GUARDIAN OF THIS FUND AND MY YOUNGER BROTHER FRANK IS 20 YEARS. TO MAKE ARRANGEMENT FOR US TO COME OVER TO YOUR COUNTRY TO FURTHER OUR EDUCATION AND TO SECURE A RESIDENTIAL PERMIT IN YOUR COUNTRY.
MOREOVER, I AM WILLING TO OFFER YOU 20% OF THE TOTAL SUM AS COMPENSATION FOR YOUR EFFORT INPUT AFTER THE SUCCESSFUL COLLECTING THE BOX FROM THE SECURITY FIRM.
FURTHERMORE, YOU CAN INDICATE YOUR OPTION TOWARDS ASSISTING ME BY SENDING TO US YOUR TELEPHONE/FAX NUMBER, CONTACT ADDRESS, FULL NAME SO THAT WE CAN BE ABLE TO COMMUNICATE WITH YOU AT ANY TIME.
I WILL APPRECIATE YOU SEND ME E-MAIL. ANTICIPATING HEARING FROM YOU SOON. PLEASE DO HURRY TO ASSIST US OUT HERE NOW THAT THIS COUNTRY IS IN POLITICAL CHOAS, WE URGENTLY NEED YOUR KIND ATTENTION.
THANKS AND GOD BLESS
ESTELLE AND FRANK OBIH
but now he's the most slashdotted person in the world
:D
Hmmm...
* "World's biggest hacker"
* "World's Fastest Inkjet Printer"
And what we have here? The "most spammed person in the world" becomes "the most slashdotted person in the world" who used "the most over-used headline cliché in the world".
Ladies and Gentlemen, we have a winner!
Are you perhaps the originator of many millions of spam messages per day, to which almost all replies are "user unknown" and from pissed off recipients?
This man is a fascist, and should be shot.
That is impressive, but I imagine that any catch-all email addresses at foo.com or test.com might beat even that.
concrete5: a cms made for marketing, but strong enough for geeks.
then FORWARD all of yours to bill.
Problem solved!
every day http://en.wikipedia.org/wiki/Special:Random
For my fake email I have used john@holmes.com. I just thought it was funny to use. Then I realized there was a holmes.com. I would surely hate to some guy named john if I work there. I can imagine his email box is going nuts from 10 years worth of stuff.
If you work in a company like mine where Outlook is de rigueur and the Boss is too worried about missing an email to even allow for simple spam filtering at the head end. I can't recommend enough that you give SpamBayes Outlook plug-in a try. It operates nearly perfectly if you train it well (only about 600 spam messages needed).
Great! Now, his bayesian filter will get Slashdoted and he will actually see 1,000,000 viagra, penis enlargment, horse fucking spam.
Submitter IS the original author :P
I started to email you, but then I started thinking, what if you are collecting and selling email addresses.... Wouldn't this be a good way to get bonafide email addresses? So now I am just wondering how you filter out the three real emails you get daily from the unwanted million.
Seems a trifle slow..
Coral cacheMaybe it is because I was one of may who received a spam-like email with the return address: SteveBallmer@ceo.microsoft.com
I
Perhaps this one time it was actually the original author who submitted it...
Hey, here's a link to my personal website running IIS on a 486, pleeeeease punnish me.
On a side note these criptic images to confirm im not a script are getting more and more artsy.
Way to go Taco!
"I've got to get a new email account. This one's getting about twenty kiloGates".
My solution is to delete all email as soon as I get it.
Brilliant! Pure genius! I wonder why I never thought of that.
Quote from the article; "This was in 1997, when I was getting a couple hundred spams per day"... Time to buy an island with no services, and move.
Just signup for things using a newly created yahoo account, get the reply you're after and never use the account again :)
how very uninformative!
Hmm... the article was submitted by jefp, and from the website: © 2005 by Jef Poskanzer. You don't suppose they could be the same person, hmm?
The submitter is the author of the linked article. Who the hell moderated this informative?
-mkb
For those who do not know, Jef Poskanzer is the author of the thttpd webserver. I'm just wondering what sort of hardware you're running your site and email server on, Jef. I know that thttpd is extremely quick and efficient, so it wouldn't surprise me if you were running on an older 486 or early Pentium I machine.
Cyric Zndovzny at your service.
Considering that his email is jeff@mail.acme.com, I am guessing that he is the original author, or has the original author's permission.
Bock bock bock the sky is falling! Please concentrate on contributing to the posts rather than whining. I have mod points too. -1 troll.
Sheesh, tell Ballmer and Gates to use Thunderbird. Or drink it first (better). Then politely tell them how to use junk mail controls. They'll forget anyway, or probably ask: "Hey how can we buy more Thunderbird?"
I'll point them to the corner liquor store instead, as they just wouldn't understand, anyway.
--- There is a man in a smiling bag.
The site seems to be slowing down, but the coral cache is going strong.
I'm not sure if you're trying (and failing) to be funny or just not very observant. The submission was cut and pasted from a website BY THE ORIGINAL AUTHOR. Doh!
wyle_e_coyote@acme.com
Author == Submitter && Parent == Idiot
Comment removed based on user account deletion
For those too lazy to RTFA, his hall of shame is interesting -- especially the AOL bit *insert generic AOL hate*
Prescriptive grammar:linguistics
I like his slam on qmail. Does djb ever address such concerns?
-mkb
Having over a million spams a day should make easy to find some spammers that can be tracked and sued. With that volume, it may be easy to find an attorney that can do it on contigency.
Fight Spammers!
Is what you call spamalot.
...getting back at you for all those screwed up acme rockets, boots, springs, hammers, etc. that you sold him. You were the road runner's best friend.
"Look Lois, the two symbols of the Republican Party: an elephant, and a fat white guy who is threatened by change."
The best thing to do is what I did: Get yourself a T1 connection, which is not quite as expensive today as it used to be. Set up a domain name. Set up a mail server. The way you set it up is as follows: You have a primary account, which you actually check. This is a secret account, and you give it to nobody. Then, to each person who might one day send you email, you give a unique email address. So you'll have thousands of email addresses, one for each person who might send you an email. You set up SpamAssassin. You don't actually check all those inboxes. Instead, mail that gets in and passes through the spam filter is forwarded, so to speak, to your one true email address. If you find crap, you cancel the address that it came in from. This can all be done automatically, with a click of a button, if you set up all the scripts ahead of time. Then, bata bim, bata boom, no more spam.
I have some control, I am not writing milters or anything like the author, but with my shinyfeet account I have my gmail, yahoo, hotmail and a few various others (domain's I own, etc - and I can use the FROM option so I don't have to reply as downsize_sf[AT]shinyfeet if I do not want to, I can keep my domain email addy, or gmails, and so forth) forwarding to it and I see very very little spam.
n /)
and I get my own BL filters too, so I can turn on/off spamcop, DSBL, and about 20 others.
they use bayesian filtering, but give you the control to configure it to some degree (interesting bayesian spam comparisions here - http://home.dataparty.no/kristian/reviews/bayesia
i'm not getting 1million anything a day, but if I was, I am glad I use the service I do to prevent me from having the headaches - as I am sure I would if I stuck with yahoo (is my bulk folder overflowing or what?)
do you have shinyfeet?
google's cache of the page is empty, here's a cache from one of those other search engines. http://216.109.117.135/search/cache?p=http%3A%2F%2 Fwww.acme.com%2Fmail_filtering%2F&sm=Yahoo!+Search &toggle=1&ei=UTF-8&u=www.acme.com/mail_filtering/& d=205AEF5A14&icp=1&.intl=us
I want to get this guy's e-mail. I've some 1nf0rmat1on that would be of graet 1ntere5t to him.
Well, still, it's not really much of an excuse to at least try to get it under control...
I wonder if Acme's hosting or connectivity provider got a Code Taco Alert before the story was submitted.
It must be Windows. It needs half a gig of RAM and a hardware-accelerated graphics card just to run Solitaire.
I don't think it's so difficult to have effective spam blockage.
On my server at home, I use Sendmail with DNSBL. It's current set up with ordb, dsbl, and spamhaus.
Additionally, I use procmail and the nkvir rules to weed out other nasty things.
If you want to know more, use google.
You have a really small penis.
he submitted his own story. mouse over the first link to see the address in question.
Most spammed man in the world? Not for long!! my address is pukeduke@gmail.com ...please, i need everyones help!
I would just like to say I am utterly impressed by acme.com, if anyone read cartoons you probably seen A Company Making Everything (ACME) advertised in almost all major comics made the last decade. The domain is so cool I am almost upset to tears that it is not mine (and also that it is unavailable right now because it is on slashdot)
9/11: Never forget it was a false-flag operation
what the fuss is about with spam. I use a yahoo e-mail account for my personal e-mail and rarely do I ever get a piece of spam in my inbox. Yahoo! has a great Baynesian(sp?) filter (I think) that seems to work great putting all my spam in the "Bulk" folder. Every once in a while I check to make sure that I don't get any false positives, yet I rarely even do that much anymore because I've grown to trust it so much. I use my work e-mail for work only. Beyond the network traffic problems that spam causes, what's the fuss affecting an individual? Note: I did not RTFA. It's currently slashdotted.
It's okay, no one is reading this anyway.
There comes a point in time where you just gotta CHANGE YOUR EMAIL ADDRESS MAN!!
i l.acme.comm e.com
Here, I'll give you more incentive to change it.
jef@mail.acme.com
jef@mail.acme.com
jef@ma
jef@mail.acme.com
jef@mail.acme.com
jef@mail.acme.com
jef@mail.acme.com
jef@mail.ac
jef@mail.acme.com
Currently, he is also the most Slashdotted person in the world.
It even appears in the HTML specifications
Man, that's too bad. They specifically created example.com for this.
Well, it's too late now. Once the cat is into the spammer's bag (to mangle a metaphor), it's everywhere. Information wants to be free, especially your email address.
But I dont think I would go out and purchase any sort of Microsoft AntiSpam software if that guy is getting 1 million a day...
There's a reason why Pfizer and other companies took action on spam, because I figured out who the corporate people were who legally had to take action to defend their trademarks and service marks and patents when I got spam selling fakes of their products ....
Action, not excuses.
-- Tigger warning: This post may contain tiggers! --
This worked ok for a while but the spammers were rapidly finding ways around it, and since [SpamAssassin is] written in Perl it was too hard to improve.
n00b
Ronald said nothing. He flung himself from the room, flung himself upon his horse, and rode madly off in all directions.
I think the line
kinda gave that away already.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Mail Filtering
Or, how to block a few million spams per day without breaking a sweat.
© 2005 by Jef Poskanzer.
Introduction
In November 2004, Microsoft's second-in-command Steve Ballmer made some headlines by mentioning that Chairman Bill Gates was getting four million spams per day. At the time, I was dealing with a little spam problem of my own - I was getting around a million spams per day. I found it a little comforting that my problem wasn't quite as bad as Bill's. However, a couple of weeks later Ballmer corrected himself, saying he mis-remembered the stat and Gates actually gets four million per year.
This means I was getting one hundred times as much spam as Bill Gates.
Nevertheless, after filtering we both get about the same amount: around ten spams per day in our inboxes. Ballmer says that Microsoft has an entire department dedicated to protecting their mailboxes from spam. At ACME Labs there's just one guy, one server, and a T1 line. And yet my filters are a hundred times as effective as Microsoft's. How do I do it?
These pages will show you how, and help you deploy similar filters on your own system.
Goals
What am I trying to do here?
Results
For those who like to read the end of a novel first, here are some overall stats showing how the filters are performing.
Environment
This is all based on a Unix system running sendmail. If you're not using Unix, or you're using a different Unix-based mail system, most of the specific advice here will not help you. You may still find some value in the general ideas.
Sendmail Config
The first layer of spam defense is sendmail itself, because that's the first piece of software to touch each message. Sendmail has a number of different config options that can help you block spam and keep your machine stable.
greet_pause
As of version 8.13, sendmail added an anti-spam feature called "greet_pause". It is both simple and clever.
In a normal SMTP transaction, first the client connects, then the server sends back a "220" greeting message, then the client sends its HELO command. Some spam programs, however, don't wait for the greeting message. They just send their commands immediately without listening.
The greet_pause feature detects this misbehavior by pausing briefly before sending out the "220" greeting message. If any commands arrive during that pause, then the connection is marked bad and anything coming over it is ignored.
This one is interesting because it actually cuts down on the number of spam attempts, not just the spam deliveries. I figure when the spammers hit the pause they are somehow getting stuck. I'll have a graph of this later - before I enabled greet_pause, I was getting a couple million spam attempts per day; after, only 600,000.
To enable the feature, you need to make two changes. First, in your sendmail.mc file:
You probably already have access_db defined; it just needs to appear somewhere prior to greet_pause. The number is how many milliseconds to pause; 5000 = five seconds. Then in your access file you should add this:
The second change prevents the pause from applying
so I sent him an email asking for the text
I don't get any spam whatsoever. Here is the solution: Have 2 email addresses: 1) you give to friends, coworkers, etc. The one you use. 2) use to sign up for crap Your #1 will be free of spam and you only use #2 when you need to activate an account, or etc. Even if you dont use this method, dont give out your email to random websites (duh!). I never understand people who put down their email everywhere.
I just use ass@face.com. Face.com exists, but I kinda doubt there is an actual person with the email ass@face.com. At least I hope there isn't, for their sake.
Yes, but:Doesn't look like a mail server...
Maybe I should read his article. Not having a mail server does indeed look like an efficient way to fight spam.
Moderators: that "cache" is actually a picture of a man spreading his gaping anus. While it's strangely erotic, it's not particularly helpful.
Were you once also known as MeRP?
This guy's SMTP server:Pipelining is turned on for untrusted hosts. Nice.
Either way, a good portion of the spam hitting my system never even makes it to EHLO/HELO time because if there's any sort of resolution problems with the dns/rdns or if the hostname contains the IP address in it (RFC violation) I delay the connection 20 seonds before the greeting. RFC states clients WILL NOT send data unless asked to do so, except for pipelining which is not advertised for untrusted hosts. When the MTA sees a bunch of incoming crap, it drops the connection because they violated the RFC rules for handshaking (clients MUST wait for the greeting). This does not affect legit MTAs with temporary problems.
I go through a whole bunch of other checks even before DATA time, delaying at each step if there's a problem. 90% of the spam/viruses never even make it to scanning for spam/viruses because they violate something before that and the connection get drops (or they drop it from waiting). Once again, delaying 20 seconds does NOT affect legit MTAs.
Big writeup on SPAM filtering
My MTA
He wasn't getting a million fucking spam a day.
Give me a break... 1/4 as popular as Bill Gates? Doubt it.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
Don't get rid of my spam!! How else will I learn about the L0w$st Pr1ce V.I.A.G.R.A.!!!!
I can personally vouch for the efficacy of the SpamBayes Outlook plugin. I only probaby get 20-30 Spams a day that get through my hosting provider's front-line spam filter. But those that get through are 99.9% of the time effectively handled by Spambayes. I've been using it for over a year, and have never gotten a false positive, and only occasionally have good emails flagged as "junk suspects". Spam mails never get through to my inbox. Granted, this guy's situation is a lot different than mine ... I'm sure Spambays would just sit and cry if it got assaulted with a million emails to sort a day.
If you are a domain name owner running your own servers, and paying for bandwidth ... Spam is just evil if you can't try to reject most of it during the SMTP hand-shake phase...
It's not my fault! It was this way when I got here.
Some cache! I wonder what he hides in there.
I use joe@aol.com as my bogus Email address.
why not start at the source? how about securing windows so that there are less spam zombies?
welcome to /.
And, no, having the domain disabled for a long period of time doesn't help. There are several domains that are being used as spam traps now a days after having been disabled for years.
SPF support for most open source mail servers can be found at libspf2.
How much of the 4M of this "spam" is customers seeking support?
asdf@asdf.com is more popular; for comments queries:
asdf-at-asdf-dot-com (non spam format)
So far, on my main email account, I've had exactly three pieces of spam in the last three years. I bounced each of them, and that was it.
See, I was smart. You see how people add some anti-spam text inside their email adress, to avoid spam harvesters? I did something more clever still - my real email address has that same sort of anti-spam *in it*.
That way, if a spam address harvester bot "sees" that text, and was cleverly designed, it strips it out, and what's left is not my real address. If it's not cleverly designed, and they send spam my way, a bounce message tells them my address is not valid, and it gets removed from the list.
The beauty of this is, if this "secret" gets out, as I'm doing here, spambot writers will never know if the address is or is not real, thus cluttering up their lists with scads of invalid addresses, taking even more time and bandwidth to try out. It makes spamming even less profitable than it is now, and might push them to actually getting a real way to earn money.
Lemon curry?
Ha ha. Very funny.
"To err is human, to forgive is simply not my policy." --root
Mod parent up!
Deven
"Simple things should be simple, and complex things should be possible." - Alan Kay
They're the Submit a Bug Report to Microsoft
Laws do not persuade just because they threaten. --Seneca
From their website: Try http://www.mailinator.com/ for these sorts of things and you'll get less crap in your inbox. I've only given my real email out to friends and family and thats pretty much all I have in my inbox anymore.
Suppose you have a gmail account. Let all the mails you get except from your own gmail account be forwarded to your gmail account. Then let gmail forward the mails back to your original account. You have yourself a spam filter.
On the part of bill gates that is... What is he publishing his email? something demands that it must be bill.gates@microsoft.com? Surely he only gets 4 million a year on the email account he pays other people to ignore and his real email is no worse than the rest of ours.
Can you be Even More Awesome?!
In the article he claims that his spam filters are 100x more effective than Gates' just because they both end up with the same number of false negatives in their inbox
That may be true...if all of his received messages were unique. Without further investigation, all that shows is that he gets 100x the volume of the same old crap.
Last time I checked (And yes, I checked :-) my local telco didn't want to run a T1 to a private residence.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Before implementing that, for every 1,000 emails we'd get, 800 of them would be spam.
Now, for every 1,000 emails we get, about 60 of them are spam.
I like greylisting. There are a few ISP's out there with fsck'ed mail servers, but the majority seem to be operating just fine.
but I bet all it says is: Don't use your real email address on Slashdot.
Everyone is looking for ways to filter spam out of their mailboxes. I get around 1 spam email a week at my work email box. and 1 a day at my personal email box. And it's not magic.
You can just try to be wise about it and not spray your email address eveywhere you can.
Use your most important email address cautiously, only give it out to respectable trustworthy companies or websites.
Use a secondary email as a honeypot for spam.
I am sure someone can combine a handful rules of the thumb about this better than I do. And it's very effective!
The following statement is true
The preceding statement is false
Uh, the submitter was the original author.
"Never attribute to malice that which can be adequately explained by stupidity." -- Hanlon's Razor
I have had the same address since 1989, long before there WAS a spam problem. My email address was all over Usenet when Cantor and Seigel sent out their first spame, which means it's all over Google Groups. The horse is so far out of the barn its grandchildren are headed for the glue factory.
In 2000, the last time I added it all up, I was getting 300M a month *after* applying blacklists. At this point my mailserver is blocking several countries and ISPs, using multiple blacklists, and running some custom greylist software I wrote myself (for qmail... sorry, Jef), and my local mail client's only seeing 20-30 spams a day out of the hundreds of thousands (maybe as many as a million, it's too depressing to keep track) of delivery attempts that show up in my logs.
If you don't mind changing your email address now and then, more power to you, but I'm damned if I'll give the bastards the satisfaction.
A billion MIPS for defence, but not a byte for tribute!
Here, I'll help you maintain your record. No need to thank me.
jef@mail.acme.com
jef@mail.acme.com
jef@mail.acme.com
jef@mail.acme.com
jef@mail.acme.com
jef@mail.acme.com
jef@mail.acme.com
jef@mail.acme.com
nope. i dont think so
started as mr programmer
then mrp for short
also elitemrp/psychomrp/mrp-/etc
Use spamassassin + bayesian filters, train it on that account and your other accounts will be virtually spam free!
The main problem with spam is that the rules cannot be updated as quickly as the spam, that's where bayesian learning comes in - but as the name says, it needs to learn before it can provide good filtering. With an account like this one, you should be up to date with all the latest spam text instantly.
I envy you!
TODO: 753) write sig.
Ironic that at the time I write this, your comment asking that your parent be modded up informative is itself modded 2, Informative while your parent is modded 1,Informative.
I guess the mod who modded you up wanted other mods to read your comment, and then mod up your parent. I wonder what would happen if all mods decided to do the same....
Ok.. I knew someone named MrP or MrP-, and sometimes MeRP from IRC a long time ago. Was just wondering if it was you :)
His domain, acme.com, would be at the start of a spamming run if they addresses were done in alphabetical order.
That would be an interesting test. Register one domain, like asdfghjkl.com, and another, like zxcvbnm.com. Setup an email account on each. Publish the email addresses on all the same websites, then see which gets more spam
Free of Flash! Free of Flash!
you're just trying to get modded up too
... at webmaster@mail.acme.com to let him know that I enjoyed his article. I hope it makes it through the filter.
-- Solaris Central - http://w
You sound like my dad who likes to use his email address when he signs up for "free porn" and wonders why he has another 20 spams/day...If you're actually getting 1 million spams a day, then your spam-filter-sucks! Simple: Change your email address and reject all emails not verified with a userlist. Then you'll get none (for a while anyway)
Yup, for a problem this common, this old I'd expect it to never reach the inbox of THAT CEO at least.
I have changed to TMDA http://www.tmda.net/ whitelist/blacklist to handle spam blocking. Filters and having to tune them/update them just got to annoying. It keeps the mails where they are viewable (with a CGI utility) so I can look through them if I think I have missed something by blocking it. I can optionally send out confirmation notices to the tune of "This addess is not on my whitelist please hit your replay button to send this message back to allow the mail through" I have this turned off it was a waste of bandwidth really.
I have always wanted to conbine this approach with a filter such that incoming mail hits the filter first, then if it makes it past the filter the whitelist/blacklist gets applied. I figure it would cut down on the number of messages I needed to double check from time to time.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
Spamassassin is great, and I use it, but there's a problem still. If you're using Spamassassin on a POP account, the spam still travels to you. If you're dealing with a *lot* of spam, you still have the problem of the spent resource. Even on a very fast broadband connection it can take several minutes to download the messages, and check them for spamness. And then what do you do? Are you brave enough for /dev/null? I am, except for the one account where I happen to get the most spam. So I end up storing it, and spending the time to review it.
I want a solution that stops spam before it even gets into a position for spamassassin to see it. (I know SA can run in the MTA, but for most users, it doesn't).
I'm a big fan of whitelisting, but that's not a popular opinion, fortunately or unfortunately.
-fb Everything not expressly forbidden is now mandatory.
check out...
serverfarmgirls.com!!!
If I were him, I would just drop 999,990 of 1,000,000 daily emails at ramdom so that
everyone will get fair chance to get read, and still I can save my time.
There's no need of intelligent filters or dedicated department, really.
Your average meatloafer:
Has an attention span 1/100 th that of a housefly. "Don't send that to me!" "OK", says the meatloafer, clicking the send button.
Believes *everything* they read online, nothing that they don't read online, and forwards The Truth to your inbox. "Look, a new virus alert! Panic! Panic! Uh..bzzzzt!...what was I talking about?"
Is the only creature in existence with a negative IQ score whose absolute value is in the triple digits. This is reflected in their taste in crappy humor, and disgusting porn. Never once do they find a *good* joke, or porn that actually would fit any description of sexy. But you're getting every single picture of a thousand-pound woman eating ice-cream out-of-the-drum while nude, if the meatloafer has to click until their fingers bleed.
Never types, and possibly doesn't even own a keyboard. Never sleeps, possibly doesn't even have a job, although, surprisingly, shares their trailer park with the usual inbred family, and of course, has procreated.
Forwards *everything*, no reading. The average meatloafer sees their role in life as that of a piece of plumbing. Email is to be sent Somewhere Else, even bounce messages redirected through a re-mailer get resent. Meatloafer's emails, with all the included content from before, tend to get longer than a dictionary.
I'm just pointing out, Spam may be bad, but Meatloafers are just as bad, and if you deal with these people any less harshly than chopping their mouse hand off, you're part of the problem. Early on, I set up a no-meatloaf policy for myself, and it cut down drastically on the number of viruses I recieved, even on Win-Blows.
Do you know a meatloafer? Don't try to reason with them, your letter will just launch into the great foreward loop unread. Block them. Complain. Send them a mail-bomb. It is your civic duty. These are also the people supporting...spam! Think about it, would spam continue if nobody *ever* clicked the free Viagra offer? So who do you think is doing it?
If anyone wants to volunteer to pie Bill Gates again, I'll contribute to the defense fund. Or if you prefer, you could just kick him in the nuts.
After that fairly technical discussion of email filtering procedures, that made me laugh my ass off.
Ahh! Good! It's a guide for people on a unix system running sendmail, thus eliminating 99% of the article's usefulness to a mass populace!
"hey, could you pass me a paper towel? er.. I mean... DEPLOY ABSORBTION PANEL!"
Though I don't get nearly as much SPAM as this guy I do get hundreds. My solution: Gmail. I have tried many different SPAM filters and non have been nearly as effective as Gmail. I Setup forwards from all my existing email accounts to this one gmail account.
I worked for MS for several years, I think it was two spams made it to my inbox in that time, and another 2 or 3 to my junk mail box. And yes, my email address is on the web & harvestable. No lost email that I'm aware of. I think that's a pretty good track record.
Read reviews of shopping cart software
So true ...
The guy that gets 1000000 items of spam per day is slashdotted?
Beware geeks bearing .GIFs
How come Slashdot never gets Slashdotted?
You can wait at least several minutes to go from one page to the next...
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
There are millions of people that love him so much ;)
Thanks for tips on how to configure an obsolete program I recall using a few years ago called sendmail. I don't think I am going to switch back.
How about postfix receipes?
Note that qmail, an alternative mail transport program, generates post-reception bounce messages in circumstances where other mail transports would have refused the reception. This means every qmail site is basically an open spam relay. For this reason alone, qmail should never be used by anyone.
Wonder how long it'll be before Jef gets a lawsuit threat from that litigious asshole Dan Bernstein, author of qmail?
Disinfect the GNU General Public Virus!
If I ran one of the largest most profitable firms on the planet. I would probably hire someone to handle my e-mail for me.
Wouldn't you?
--
Ballmer: Our great leader, his Billness, demonstrates his heroics to the world by defeating four millions of spam every day!
Advisor: ... (inaudible)
Ballmer: (whispering) What? Bug reports don't count as spam? What about customer complaints, they sure do, don't they? Well, I thought all that stuff we get and then move to the trash box without reading is spam... No? Fsck! So how much does the Boss gets?
Advisor: ... (still inaudible)
Ballmer: (whispering angrily) Fsck you! How am I suppose to do propaganda with those kind of numbers?! Wait, I have an ingenious idea! Tell this Hotty Mail or whatever we own, let them loosen their anti-spam policy some more, and cc all spam sent from there to the Boss!
Advisor: ... (leaving hastily)
Ballmer: Our great leader, his Billness, demonstrates his heroics to the world by defeating four millions of spam every year!
I get 45 trillion emails every hour. And I keep using the same email address using spam filters and a cluster of PCs to handle the massive filtering task, and no I don't want to just use a new email address. (Who believes this story???).
Ha---that's nothing. I saw someone modded up to at least +4 for responding to himself with a caustic put-down of his own original post.
I replied, saying "Did you actually get modded up to +4 for pimp-slapping yourself?". He had.
--grendel drago
Laws do not persuade just because they threaten. --Seneca
I've had my current email address for the past 13 or 14 years.
(In fact the ISP it's hosted with currently hosts ONLY that email address and a tiny hunk of web space for me; I get my actual connection and everything from Cox).
My address has been plastered all over the Internet from since before there was a spam problem. Even if I were to take it off of all the sites I've made, or ask it to be taken down from all the other sites, there's still hundreds of UseNet posts from before there was need to spam-proof my address, all cached on the various web-based UseNet caches.
At one point a few years back I was getting many hundred spam messages a day. Now, I get about two. And I've not had any problems with false positives that I'm aware of, at least not for quite a while.
I don't run my own mail server and I don't know how West.net (my mail provider) runs theirs, but I do know they run a nice spam filtering service called Postini, which catches a large majority of the spam. When it gets to my end, I've got extensive whitelists for all the discussion lists I'm on, as well as everyone in my address book (everyone I've sent mail to, basically). A lot of spam I'd get has my own address forged onto it, so any mail from me that doesn't contain my passphrase in the subject is blacklisted. I've also got a blacklist for serious repeat spammers (same exact spam every day). Past that, Mail's Bayesian filtering quarantines most of the remaining messages, and all the ends up in my In box are legit messages from people I don't know, and maybe one or two spam messages.
I think the common thread between the article's successful spam filtering and my successful spam filtering is using multiple layers of whitelists, blacklists, and greylists. Keep the people you know on whitelists so you never need to worry about them not getting through; people doing evil things get blacklisted, preferably temporarily as he's done it; and everyone else takes the risk of being filtered (either because their mail server is dysfunctional, as some of his filters would risk, or because the message "looks like spam" as a Bayesian filter would risk). Implement this type of scheme on both the mail server (his way) and the client program (my way) for extra protection.
I think that's about as successful as anyone can hope for a spam filter.
-Forrest Cameranesi, Geek of all Trades
"I am Sam. Sam I am. I do not like trolls, flames, or spam."
Note that the URL is acme.com. There could be a few million coyotes trying to order Acme high-performance rocket shoes so they can catch the road runner....
I am so smart!
I am so smart!
S-M-R-T!
I mean S-M-A-R-T!
With 1 million spams, any sane person would just have got a new email address long ago. Sounds like he just wants a challange.
who the f*&$ is this guy, and why does he get so much spam in the first place? Should I have heard of him?
...in practice every single DNS-RBL eventually comes under the control of power-hungry weenies
He is 100% correct about this but it is 100% irrelevant. I use blacklisting extensively. When a list stops being effective because of the P-HWs, I quit using it. This is my first line of defense and it stops ~ 90% of my spam. Oh, and never complain to P-HWs, it's like arguing with a Republican.
It's simple: I demand prosecution for torture.
And now he's getting Slashdot'd, too!
Hrrm... I usually just sign my name.
His email is linked into the /. article. Gee, I wonder why he gets spam, at least from now on...
A very nice read:
http://www.benzedrine.cx/relaydb.html
I was getting that over two years ago.
He's probably seeing 1/5 of the spam I am.
Amateur.
Today, Bill Gates was overhead complaining "If I only had a dollar for every spam message I get! Wait a minute, I do!"
If you gat a sensible Bayesian filter, it implements a dynamic pseudo-blacklist and pseudo-whitelist. I've found it far more effective for pulling bad mail relays out of my inbox than explicit blacklisting ever was, and at the same time making sure email from known people got through no matter what. Just let it read the headers.
How many people can read hex if only you and dead people can read hex?
This one always cracks me up:
c id=11609478
http://apple.slashdot.org/comments.pl?sid=138720&
"The second way to avoid false positives is to try and reject spam during the SMTP transaction. This will generate a bounce message that actually goes to the person who sent the message, so there's a reasonable chance it will be seen and acted on. See below for an explanation of the two different kinds of bounce messages."
;)
lol. He says if he didn't keep his filters around, his T1 line would go down quickly. What would happen if he sent out bounces for 150,000 messages?
Without a doubt the most Spammed state is Hawaii.
I want to be retired when I grow up.
$ touch spam $ ed spam 0 a BUY CRAP!!!!!!!!!! WWW.SPAM.COM !!! . w 36 q $ touch script.sh $ ed script.sh 0 a #!/bin/sh while [ 1 ] do mail -s SPAM myself spam done . w 58 q $ chmod a+x script.sh $ ./script.sh
Take that!
http://files.photojerk.com/alan/www.acme.com/mail_ filtering/
Still in creation... Images will 404 untill the server retrieves them.
I think his server can handle it, but his poor T1 line cannot... Im mirroring the site for him slowly! http://files.photojerk.com/alan/www.acme.com/mail_ filtering/
He's probably misclassifying any complaint about Windows as spam. Or, he might be counting the emails msn.com users and assuming they are spam, like everyone else does.
Oh, and never complain to P-HWs, it's like arguing with a Republican.
The difference being, of course, that P-HWs are irrational.
Maybe someone should create a blacklist blacklist?
cpeterso
i use gmail, and i don't get any spam at all barely. just only three or four a WEEK.
If you don't have time to do it right, when do you have time to do it again?
it's like arguing with a Republican
Ok, I'll take the bait.
Republicans are some of the most sensible people i've ever had the pleasure to argue with. At least they aren't like those Democratic numskulls who only support democrats' agendas.
I don't want to detract from TFA since it's a good tutorial in sendmail configuration, but I think he's including all spam attempts to all email addresses at his mail server. Blacklisted IP addresses can be rejected without even receiving the complete envelope information; based on my experience even at smallish company MX host will receive about 1/2 its connection attempts from blacklisted servers.
Even more are attempts at addresses like 'asmith@..", "bsmith@...", etc, and can be rejected immediately after the envelope is processed.
I'd like to see the count actually addressed to "jef@poskanzer.net" or whatever. I'll bet "sales@microsoft.com" and "info@aol.com" or whatever attract more traffic.
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
I use (and provide) spamassassin at the MTA level, works great! No wasted bandwidth.
TODO: 753) write sig.
Like many schemes that reject mail during the SMTP phase, this talks about false positives, but with little idea about the true rate. This can be dangerous.
a meset.html discusses "Wormy", an 'early & cheap blacklist that is still accurate.' It works by grepping out IPs of hosts that delivered mail that ClamAV said was malware, and then turning those IPs into a blacklist for "a day or two".
For example, http://www.acme.com/mail_filtering/blackmilter_fr
This initially seems to work, but if you try it out and *measure it with real mail, including ham*, what you'll discover is that large ISP mail gateways show up on the list very quickly. I know of other occasions where it's been tried, and abandoned, due to this issue.
However, Blackmilter, the component that uses Wormy, is listed as having "low" false positives in this document.
"Spammer" is vulnerable to the same problem.
"Persistent" will additionally have a similar problem, in that if you measure spam volume without also measuring overall (ham+spam) volume, you'll unfairly penalise hosts that send a lot of mail in general -- even if only 0.5% of that is spam.
In general, I think jef is probably justified in taking a hardline approach at those volumes -- but if you're thinking of trying out some of these approaches, be sure to apply a pinch of NaCl.
Less than that and spam leaks through. Greater than that and I don't see any difference.
... rbl's.
The problem with having such a short delay is that it negates the secondary benefit of greylisting
If it takes an hour for a message to be accepted, that's an hour in which that address could be added to an rbl.
In order to facilitate speedy email reception, we'd have to fall back on the "two factor" method of authentication.
Of course, your email server is going to check my DNS and SPF info and greylist attempts from my server and mine will do the same with your's.
So, the solution I see is for you to call me or whatever and have me send an email to you. My server should see the OUTBOUND attempt and then whitelist your INBOUND attempt (as long as it happens within an hour or so).
In other words, someone behind the server has to perform some action that will tell the server that the other server is, temporarily, cleared to send email.
Yes, I know this sort of defeats the purpose of email. Email is still very useful once the relationship has been established. It's just the initial establishment of the trust that is more complex.
I believe that we'll be looking at something similar to that anyway, eventually. The financial dynamics of email (near zero cost to send, all the expense on the receiver) make it too profitable when abused (and it is very easily abused).
Eventually the spammer's zombies will be re-built to re-send the spam after they've completed their initial runs. In which case, greylisting won't stop the spam from coming in.
At that point, we'll have to rely upon the RBL's or some other methods (such as the two factor approach I mentioned).
The only other approach would depend upon the various ISP's getting their act together and implementing technological solutions. But that's just not going to happen unless there is a law with heavy fines (more than the cost of doing it right) to force them to.
And we're not going to see a law like that as long as we have the mass marketing lobby spending money in D.C.
When a given DNS-RBL gets too aggressive, but the number of people bitching about it hasn't gotten high enough to notice, you can lose real mail for a while, especially if you've got friends who run their own Linux mail systems on consumer DSL. The mailbox service I use lets you pick from several different DNS-RBLs and set a threshold for how many of them need to block a given site before it kills it, so I've got a relatively conservative setting that needs to have a bunch of lists rejecting a site to reject it. The ISP where I actually read my mail uses SpamAssassin, and DNS-RBLs can also be useful as SpamAssassin weights that get added in along with all the other cues such as LINES OF YELLING and NIGERIAN 419er and pills-that-start-with-V. Neither of those approaches completely prevents false positives, but they help, and you still need to whitelist some people (e.g. John Gilmore's a friend of mine and is on some mailing lists I'm on, and almost every RBL out there hates him because of his positions on open relays, so his machines are on my whitelists.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
She might have something to tell you. Better sooner than later, when the court starts directing payments.
First the guy complains about Spam and his difficulty running his own website on the same machine... and he posts a direct link to Slashdot.
Ok
Then you read his well documented ersearch n all the solutions he ahs tried. Fine. It's a nice read.
However when this guyy complains about the SPAM itself and the resources (machine, time) he must dedicate to this I can only call foul!
It is extremely clear that this guy ENJYOYS the glory of all this SPAM. Not for the spam itself but for the sheer fact that he is the most spammed man in the world.
If he is so concerned about spam he should just set his MX to some professional mail hosting company, let them deal with the bandwith, hosting, and all. There are so many solutions out there.
This guy is just a geek who likes to fiddle his machine, spend some time on it and then brag abou how hard it is but how he has conquered. He probably doesn't have anything better to do or to spend money on.
Oh well, whatever floats his boat.
Artificial intelligence is no match for natural stupidity
Game over, man. Game over.
I say we dust off and nuke them from orbit. It's the only way to be sure.
A steaming cup of soykaf would be real wiz right now.
Here is my reference.
When I used Hotmail, I used to get around 20-30 spam in my Inbox. Now with GMail or Yahoo Mail, I rarely get any. No wonder Steve is getting lot of spam. I recommend him to use GMail. :-)
On first blush, this seems like a "look at me!" article. But I think the author does bring up some good points on methodologies used in fighting spam on a large scale. However, one thing that isn't emphasized is how little deliverable email he gets. It looks like it averages 5-10 messages per hour.
So the next question is, how would his techniques scale to a domain that processes 3.5 million emails per day and rejects 0.25-3.0 million spam emails per day. Plus, to reduce the risk of false positives, much of the spam is actually delivered to users. All delivered email has a spam score added to the email headers for the individual user to decide their threshold for filtering.
For those of you out there who are IT for domains that handle millions of emails per day, how do you handle spam? How many servers and how much bandwidth does it require?
If you're curious, I get 100 emails per day delivered and 78.2% of that is spam. Unfortunately, I've found that I can't rely on the spam score added to the headers by the aforementioned domain. My filter (k9, Bayesian) currently has a false negative rate of 0.49% and false positive rate of 0.00%. Yeah, that means I see a single piece of spam every two days on average. In reality, I'll usually get a surge of spam where on a single day I might get two or three pieces of spam, followed by a week of nothing once the filter has adapted.
For protection on the net, especially for usenet and web forms, I use disposable email addresses (ie: spamgourmet, mailinator).
I have a goal to fill one of my email accounts with as much spam as possible. petercr@mowbray.vic.edu.au
Please help me to fill this account with as much spam as possible, all i am curntly getting is a couple of hundred a day.
BS Detector is going off.
m eset.html
From http://www.acme.com/mail_filtering/background_fra
Acme.com's web site is fairly popular - we get about 25,000 visitors per day. That means our web pages are cached on a lot of people's disks. Well, one way that spammers and viruses find addresses to send to is by looking in those web cache files on machines they have taken over.
Hah. My corporate website averages 200,000 to 220,000 IPs per day. Total number of emails on any given day is about 20,000 emails - of which probably only a few hundred are legitimate. Not only is his statistic probably made up, but if 25,000 people per day are going to acme.com to read his incredibly insightful articles?? How many of you have heard of *evil* websites reading your email addresses?
Let's be realistic, if he really things the W3C specification is the reason why he gets "1 million spasm per day" - then why has his traffic only increased in the last few months? (he claims on the same link above that he was only getting 150,000 spams per day in mid 2004).
So the important thing to remember here is to post your shameless, made up, website with a CV to Slashdot to get a no-brain job interview.
If you set QueueFactor to a very small value, THEN Queue_LA will start working like he says it does.
Here's a bit more about it, and how I figured out how it worked ...
I personally get a lot of spam. About 3000/day that make it past the filters set in sendmail before it makes it to spamassassin, though now that we've changed how sendmail works quite a bit that's down to about 1000/day (with sendmail rejecting the rest outright before accepting it.) I used to think 3000/day was bad -- and it probably is, especially for a guy with an email address that's not quite so generic -- most of my spam is from posting to Usenet and places like /. ... but 1 million/day? wow!
Everytime a website asks for contact information I fill out the form with q in every field including q@q.com in the email address field.
Found out a while ago that it was an actual email address and I'm not the only one who does it.
Though his SMTP setup is very intelligently done, and works well, it's all just a temporary workaround.
99.999% of his spam filtering depends on a handful of bugs in spammers' mini-SMTP implimentations. It works for now, but as soon as any significant number of people do this, spammers will fix their servers to properly handle these parts of the RFCs, and all these techniques will fall flat.
Getting around Spam-Asassin is infinitely more complicated/difficult than fixing an SMTP implimentation, yet spammers managed that very quickly.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
BTW - Jef Poskanzer is the author of PBMPlus and other utilities, see Slashdot
I'm pretty sure there should be a line break after the dnl. In m4, dnl is like C++'s // comment marker: it causes the rest of the line to be ignored. It's typically put after lines in the .mc file to suppress a blank newline from being emitted in the .cf file (which is a purely cosmetic issue).
The same goes for the block of defines under "Settings".
...is with dynamic IP rejection.
My ISP attaches its dynamic IPs to MAC addresses with long lease times.
This saves me tons of money because I can run my DNS without a static IP.
Sounds like an easy fix for good results with low risk of false positives.
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
I own "delete.net", I ended up turning the domain's incoming mail into an automatic blacklist for my server. The volume of spam has gone down quite a bit since I started- instead of thousands per hour, it's down to several hundred per day.
> Greylisting will prevent you from receiving email ...
> from a variety of non-complying SMTP hosts
such as slashdot.org?
I tried enabling greylisting on the sneakemail.com address I use to receive email from Slashdot, and it blocked all the email from Slashdot. The logs on sneakemail show many delivery attempts from Slashdot, so I guess there is some kind of incompatibility between the way Slashdot tries to resend the message and the way Sneakemail expects it to be resent. I don't know who is to blame for the incompatibility. Probably no one, since there is no specification on HOW redelivery should be attempted. Anyway, it shows that there can be problems with greylisting because the way a client resends the mail is not well defined.
On the other hand, greylisting is a very effctive filter. I enabled greylisting on the address I have in the whois record of my domain, and I get practically no spam to that address (before greylisting I got quite a lot, and the sneakemail greylisting logs list lots of attempts that are easily recognizable as spam: lots of broadband connection IPs, and "from" address from domain not matching sending server.).
Publishing an address in Slashdot is the most effective way to receive spam, and receive spam fast. About 10 days ago I changed the address I use in Slashdot. The next day I already received spam on that address. The older address is now greylisted and doesn't receive any mail, but the logs show many messages blocked by greylisting (31 yesterday). What I do now is change the address I publish in Slashdot every once in a while, and enable greylisting the old address. It doesn't block all spam, but it takes a while for the volume of spam to the new address to build.
> ... and I'm not about to replace my address -
> it's too widespread to migrate my friends
> and family to something else.
That's the main reason why people find it hard to change an email address, and that's the reason why I use different email addresses for different purposes or with different people: to lower the risk that more important addresses are lost, and to lower the burden of changing any one particular address.
Using a single or few addresses locks you up with those addresses. I had to keep the Hotmail address I used for subscriptions to different services for at least two years with all its spam, because I knew I gave it at some places I prefered not to lose mail from (places I gave a credit card number to...). Now I only use sneakemail.com addresses for registrations, and I always know who got what address. With friends/family I use several addresses in my own domain. Jokes and the like I send only with "From" and "To" addresses in spamgourmet.com (and recipients only in "Bcc"). Sometimes I use aliases in fastmail.fm.
Yeah? Well my peepee is WAY bigger than yours. SO THERE!
mod parent up: +5 RECURSIVE !
Crivens! I kicked meself in me own heid!
Ok my eyes got blurry about half way down. This kind of solution can only work for serious techies, and leaves the ordinary user like my parents in a state of confusion.
This is what I have everyone do that comes to me with a spam problem:
You know who has your address.
You know where you shop.
You know what lists you've signed up for, etc.
Make a new folder or two, filter all the people, lists, etc. you know so they automatically arrive in your new folder(s).
That leaves all the spam in the default Inbox - just delete it all.
Really, if you go to a meeting and meet someone new and swap addresses, you know to look for a new incoming. You find it, then add it to your 'white list'.
Everyone spends way to much time trying to filter out the bad stuff, when it is much easier to simply grab the mail you know you should be receiving.
Greylisting workarounds are easier than you'd think - check the return codes, and any time you get a temporary reject, mark the item for delivery later. Most greylisting timers are set to less than an hour, so if you're still spamming an hour later, run the deferred-sites list again. (This does of course lead to an arms race with greylist times being increased, and if you want to get fancy, you *could* try parsing the response to find the actual retry time, but the crude version is a good start.) It helps to sort targets by domain name, though that may have other issues.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
What would help is for outgoing mail to automatically whitelist the recipients - I'm not sure how many greylist systems do that.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Without downloading and unzipping your code, I can't tell how your blacklisting features work, but an obvious extension to a greylisting system is to give RBLed sites a much longer greylist time than mail from unknown sites (e.g. 4-hour retries vs. 5-minute.) It's particularly useful because you can even use some of the more aggressive lists in spite of their enjoyment of collateral damage, and you can use whole-country blocklists for places you don't expect to get mail from, such as Korea and China, without actually rejecting much mail from real people.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
That doesn't mean that I use my main address for everybody - I do use free web-based email systems for interacting with some companies, and dodgeit.com disposable email addresses for signing up for random internet services like online newspapers (bugmenot.com is a similar service.) For the mailing lists that I run, I generally use an address on the list machine for administrative mail, and my regular address if I actually send mail to the list.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Yes, you'd have to work hard to get that much spam, but if you're the author of a number of popular software packages like thttpd and some of the PBM stuff, and you've been using the same address for over a decade and participating in lots of Usenet and other Internet discussions, that'll get your name out there for the harvesters to find. As TFA and another poster point out, being named "acme.com" doesn't help either.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
However, greylisting needs to be done by the system that first receives the SMTP from the sender, which is typically your email ISP. The big advantage of greylisting that Poskanzer points out is that you don't get false positives - mail from unknown sources just gets delayed rather than rejected, and that manages to kill off an amazing fraction of spam.
Similarly, the greeting-wait feature has to be done by the initial SMTP receiver, and even that kills more than you'd expect, without bothering legitimate email senders.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I don't see why anyone would use a "real" email address for whois, as opposed to a role address like dnsadmin@mydomain or dnsadmin-mydomain@example-isp.com. You can set it up to forward to your real email address, and you might put your real name and maybe even real phone number in the record, but if you want to change admins, or arrange for vacation coverage, you can forward it to whoever has the job in the future. The number of spammers targeting domain owners seems to have increased, which is another reason to use a role address instead of any address you care about.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I've used dodgeit.com for a while, and it's a very nice service. Thanks! I occasionally won't see mail from places I expect (I mainly use it for online newspapers like the nytimes.com), but mostly it's disposable mail. Do you also use greylisting?
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
.eet nE
Yup; and they shouldn't be sending SMTP directly from dialup anyway. They should be sending to their ISP's server, which relays for them.
Spey has fairly straightforward blacklist support; you can match patterns against the sender/receiver tuples and chuck out connections if they match. (The whitelist works in the same way.) I hadn't thought about the configurable delay --- that's a rather good idea.
I have had one strange interaction with the University of Queensland mail server, which sent me the same message fifteen times, but I'm not sure that was Spey's fault.
Using QMAILQUEUE, I can use my own binary which calls spamc and clamdscan (but not necessarily in that order...) and returns locally-defined error codes for spams and viruses.
Then I modify qmail.c to handle those error codes and give a 443 for viruses and spam instead of a bounce.
Really frustrating that qmail isn't smart enough to do this without patching. What's the point of having qmail be so secure or whatever if nobody can actually use unpatched qmail in production? I'd ditch it in a heartbeat if I felt like learning a new MTA (I don't)."Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
What's truly ironic is that I took a net hit to my karma for utilizing my karma to draw attention to the parent comment, which was ultimated modded up to 5 in the end.
Oh well, I have excellent karma, I can afford it.
Deven
"Simple things should be simple, and complex things should be possible." - Alan Kay