Slashdot Mirror

← Back to Stories (view on slashdot.org)

Where Has All My Spam Gone?

Posted by kdawson on from the yesterday-upon-the-stair dept.

An anonymous reader writes "I have my own domain, which has its own email server, where I receive all my personal email. I've been getting about 800 emails a day, of which perhaps 20 are real. Suddenly, Sunday or Monday evening, the spam pretty much stopped. My volume of mail has plummeted to less than 100 a day, and as far as I can tell, I'm not missing any real mail — I'm still getting the email list subscriptions I'm expecting, and every time I ask someone to send me a test message, it gets through. My domain host insists that it doesn't do any spam filtering before mail gets to my inbox, and that they've changed nothing about their configuration. I run SpamAssassin on my server to mark, but not delete, spam, and download the whole mess to my home client, and I'm still seeing the occasional message tagged by SpamAssassin. But it's virtually all gone. And I haven't changed anything about my own mail configuration, or the harvestability of my site (my personal email has been harvestable for almost a decade). So what's going on? I can't believe that several major botnets would have vanished overnight. Any ideas?"

37 of 597 comments (clear)

  1. Hmm by geminidomino · · Score: 5, Informative

    *Checks mail logs*

    Yeh, you need to ask the ISP again. No sign of slowing here.

    1. Re:Hmm by ElizabethGreene · · Score: 5, Funny

      A group of the original SpamAssassin developers got together with a group of mercenaries and created SpammerAssassin. It's in alpha, and looks good except it seems to have started a teeny-tiny war in the eastern bloc. Oops. They have an open bug ticket on it.

      :D

    2. Re:Hmm by Southpaw018 · · Score: 5, Informative

      Thirded over here. Solid 7000/day for months (small business).

      --
      ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
    3. Re:Hmm by oldspewey · · Score: 5, Funny

      Seriously though ... if spammers started turning up dead where would the police even begin their investigation? There's only a pool of what, half a billion suspects?

      --
      If libertarians are so opposed to effective government, why don't they all move to Somalia?
    4. Re:Hmm by VenomPhallus · · Score: 5, Funny

      Yup, and here; still getting 250 a day+ or so.

      Maybe they finally clicked that you've already got a huge penis and legendary bedroom performance?

    5. Re:Hmm by tha_mink · · Score: 5, Funny

      Perhaps the botnets are busy fighting amongst themselves, vis a vis the Georgia v. Russia conflict.

      --
      You'll have that sometimes...
    6. Re:Hmm by y86 · · Score: 5, Informative

      Agreed. No changes in spam over here, my domain is still receiving the daily average of about 100 per day.

      You should REALLY consider trying postgrey.

      http://postgrey.schweikert.ch/

      Postgrey on non whitelisted servers rejects the first mail attempt with a fail. The sending email server will retry X times, but the 2nd time it accepts it and adds the server to the whitelist.

      Postgrey will add a 5 minute lag to an email that's sending server has never sent an email to you. It's worth it to screw the spammers zombies over IMHO.

      Also, I would check your postfix/whatever you are using for a mail servers policy. I get 0 spam emails now and my address is posted all over the web.

      I do have spamassassin running as well with sieve filtering to put what is marked as spam in a junk folder but the junk folder is empty, every now and then I'll see something -- but very rarely. Like once every 2 months.

      Here's my spam prevention system :-)

      smtpd_recipient_restrictions =
          permit_mynetworks,
          permit_sasl_authenticated,
          reject_unauth_destination,
          reject_non_fqdn_sender,
          reject_unknown_sender_domain,
          reject_non_fqdn_recipient,
          reject_unknown_recipient_domain,
          reject_unauth_destination,
          reject_rbl_client zen.spamhaus.org,
          reject_rbl_client bl.spamcop.net,
          check_policy_service inet:127.0.0.1:60000

    7. Re:Hmm by Like2Byte · · Score: 5, Funny

      Perhaps the botnets are busy fighting amongst themselves, vis a vis the Georgia v. Russia conflict.

      Ok, Agent Mulder, settle down.

    8. Re:Hmm by xtinct · · Score: 5, Interesting
      yeah, that guy got arrested & sentenced to minimum security prison.

      then he proceeded to escape, kill his wife & baby daughter (a teenager escaped) and then himself.

      pretty crazy, no?: http://www.dailycamera.com/news/2008/jul/26/spam-king-murder-suicide-surviving-daughter-in/

    9. Re:Hmm by Anonymous Coward · · Score: 5, Funny

      The Russian spammers can't get bandwidth because the military is busy using it against Georgia.

    10. Re:Hmm by j-cloth · · Score: 5, Informative

      A huge second to PostGrey. It kills 90% of my incoming spam before it even touches spamassassin. However, I have noticed a few people who receive failure messages from their mail systems telling them that they've been greylisted before the mail goes through. Then uppy-ups whine to me.

    11. Re:Hmm by swb · · Score: 5, Interesting

      There's something to that, even if the original poster's claim of not having spam anymore is local to him through unknown upstream changes.

      Its long been suspected that the Russian government and Russian organized crime have cooperative links, if not outright overlapping "membership" (Putin is FSA/KGB, and its well known that ex-KGB members have been deeply involved in the Russian Mafia).

      With this in mind, its not hard to speculate that if botnets controlled by Russian organized crime were put use against pro-Georgian assets, the ensuing defenses, publicity and exposure at the political/military level could possible cause these botnets to be far more vulnerable than they otherwise would be in the course of normal criminal activity.

      This higher level exposure might lead to weakening them and reduce their effectiveness at normal tasks like spam.

      Its also possible they may also be overutilized and prioritized for cyberwarfare and not for spam.

    12. Re:Hmm by DriedClexler · · Score: 5, Interesting

      After I read this article yesterday (single page), that's what I thought: given all the spammers that are Russian, there's a chance there might be a slowdown in spam as patriotic Russians "pitch in" by helping DDOS Georgian resources.

      It's pretty amazing if you read that article how easy it was for just an average person to find out how to "volunteer" for the Russian army: independent helpers have made it so you can find out which Georgian sites you should ping in order to maximize your effectiveness, and have programs that you can download that do most of the work with minimal hassle.

      However:

      a) According to most posters, spam hasn't actually abated.
      b) Spammers wouldn't do something as selfless as pitching in for their country.

      --
      Information theory is life. The rest is just the KL divergence.
    13. Re:Hmm by TTURabble · · Score: 5, Funny

      So Saakashvili is getting 100 emails a minute about pen1s enlargement?

    14. Re:Hmm by wmbetts · · Score: 5, Informative

      I use to read a lot of not so nice forums when I was really into Info Sec and I always heard them referred to as "The Russian Business Network"

      --
      "Ubuntu" -- an African word, meaning "Slackware is too hard for me". - stolen from Dan C alt.os.linux.slackware
    15. Re:Hmm by Lazyrust · · Score: 5, Funny
      I would be happy to purchase those genuine watches but first I would need your assistance in moving a large sum of money out of the country of Nigeria. It seems that a rich uncle of mine has passed away this year and unfortunately his wife is unable to accept the money due to governmental restrictions. Therefore, if you would be willing in assisting me in transferring the sum of $5,000,000,000,000,000.00 I will be happy to give you 10% in return for your time and effort. In addition I will purchase all of your fine genuine replica watches of the highest quality. In addition, I will be in need of a great selection of products of high quality from your canadian pharmacy online drug store. Therefore, if you would be willing to send me your name, address, bank name and account number via email, I will be able to begin processing this information with his bank and will contact you shortly by international certified mail.

      Thank you for your time.

  2. Did you install Skynet 1.0? by bugeaterr · · Score: 5, Funny

    Did you install Skynet 1.0?

    Hey, what's that siren going off for....

  3. One down by canderley · · Score: 5, Informative

    Per Ars, a 100,000 machine bot net was shut down recently. http://arstechnica.com/news.ars/post/20080814-police-nab-shadow-creators-force-botnet-to-commit-suicide.html

  4. Oops... by bhamlin · · Score: 5, Funny

    Sorry, we've been down for maintenance and it's taking a lot longer than we originally planned. You can expect normal service to resume by next monday.

  5. Re:Okay by kinzillah · · Score: 5, Insightful

    Perhaps he'd like to leave it to systems he controls? I, for one, would rather a third party weren't silently dropping mail that could be false positives.

    --
    Douglas P. Price
  6. So it's become real... by Seakip18 · · Score: 5, Funny

    Spam Assassin is actually assassinating spam.

    On another note, has anyone heard from cousin who is a Nigerian prince? He hasn't called in days and we're beginning to get worried.....

    --
    import system.cool.Sig;
  7. those chinese spam factories are shut down ... by Anonymous Coward · · Score: 5, Funny

    ... to save the health of the athletes.

  8. The Russians are busy in Georgia... by NMBob · · Score: 5, Funny

    ...and the Chinese are busy watching 13-year olds win gold metals. Bob

  9. We Can Test by awitod · · Score: 5, Funny

    We're happy to help you solve this mystery.
    What is your email address?

  10. We got bored of the joke by Bogtha · · Score: 5, Funny

    Okay, here's the thing: nobody but you ever got spam. We all just thought it would be funny to fool you into thinking there was some kind of worldwide scamming epidemic. You don't seriously think people would be stupid enough to buy pills off strangers who email them out of the blue, do you? I thought we'd gone a bit too far and stretched the limits of credibility when we came up with the idea for the Nigerian scams, but I was wrong, you even fell for that! Nobody is stupid enough to send all their money to a "Nigerian prince".

    Anyway, enough's enough. The joke's stale now, so we decided to stop sending it all to you.

    --
    Bogtha Bogtha Bogtha
  11. Re:Okay by qortra · · Score: 5, Insightful

    He isn't complaining. It isn't wrong to ask questions when things unexpectedly go well.

  12. I can kinda confirm this. by suso · · Score: 5, Interesting

    I run a web hosting company and over the past couple weeks I've had a few customers report that the amount of spam has dropped. Of course, they thought that this was something wrong, but I couldn't find any evidence of increased failures, it was just that there was slightly less mail coming in.

  13. Botnets current tasked to higher priority jobs by Wrath0fb0b · · Score: 5, Interesting

    http://it.slashdot.org/article.pl?sid=08/08/12/191255&from=rss
    http://bits.blogs.nytimes.com/2008/08/11/georgia-takes-a-beating-in-the-cyberwar-with-russia/

    When the crisis abates, I expect the botnets will be returned to their regularly scheduled duties. Quite a versatile tool those botnets -- pimping V!agr4, collapsing government sites, enhancing the male doodad, distributing pr0n, bullying your neighbors (http://news.bbc.co.uk/2/hi/europe/6665145.stm). For the cost of one M1A1 tank tread, Putin bought himself a whole lot of firepower.

    Advantage: Putin.

  14. Re:Exactly. by Minwee · · Score: 5, Insightful

    I, on the other hand, consider sudden, dramatic, and completely unexplained changes to the operation of systems under my control to be a reason to worry.

    I'm just funny that way.

  15. Re:I can forward you some of mine if that helps... by Noexit · · Score: 5, Interesting

    That might actually be a not bad idea. Sending him something that can be confirmed as having been sent, and as being spammy.

    --

    Never argue with a man carrying a water buffalo

  16. Re:Exactly. by Bandman · · Score: 5, Insightful

    Amen.

    It's like we speak the same language.

    Change is good. Unexpected change is very, very bad.

    --
    Check out my sysadmin blog!
  17. Re:Okay by camperdave · · Score: 5, Funny

    And you're complaining because .... ?

    Without having the spam to process, the server doesn't run as hot as it's "supposed to". This causes a power imbalance, sending more current to the other servers and tripping breakers. Also, because of the lack of that heat, the server room is too cold. The UPS batteries are not storing enough of a charge as they are less efficient when they're cold. If a power sag, brownout, or blackout happens during one of these spam free moments, well, the results could be catastrophic.

    --
    When our name is on the back of your car, we're behind you all the way!
  18. Black Hat by machine321 · · Score: 5, Funny

    They all just got back from Black Hat / Defcon, and they're still hung over.

  19. Re:Check by MPAB · · Score: 5, Funny

    I find your lack of spam disturbing ...

  20. Infected PC are offline during summer ^_^ by Kirys · · Score: 5, Informative

    Most spam is sent by bot-nets, mostly composed by infected pc of workplaces, school and private homes. In many countries during the second and third week of August many schools and workplaces are closed so their pc are just turned off, this mean that the bot-nets have less active nodes and so are less effective. I do receive less spam too but I think that it will be back to the sad old amount at the end of the summer :(

    --
    Unluckily Murphy was right.
  21. Something did change... by r_cerq · · Score: 5, Interesting

    I've just checked my work's logs (an ISP). The number of hits in the spam taggers fell from 12/sec to 3/sec earlier this week.

    So either we're identifying less spam, or there is in fact less of it.

  22. Re:I'm getting it by petermgreen · · Score: 5, Informative

    and you will block quite a few legit bounces too for two reasons

    1: 12 hours is nowhere near long enough
    2: the message may be routed through multiple servers before finally getting bounced.

    --
    note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register