How can you block SPAM?

Derek Pomery asks: "My personal address, which I have kept relatively pure, is slowly being overwhelmed. Procmail doesn't seem to be the solution, since most of the e-mail addresses are forged. Does anyone have any ideas on the problem? The only thing I can think of is checking to see if the domain is valid. However, besides sending a verification e-mail from a throw-away address to check for a bounce (which would be an annoying kind of return spam), I can't think of a way to check for an account's validity (unless finger is allowed). Anyone have any spam killing strategies? Particularly for the annoying forged spam? Just some simple method to deep-six anonymous e-mails into /dev/null "

Check To:

[HoserHead]

If the To: address doesn't contain your e-mail address, and it's not from a mailing list, chances are it can be filed away under 'spam.' The best idea would be to actually make a Spam directory or mail folder, somewhere to store mail that you probably won't ever want (so you can go through it every once and a while and pick up the mail that accidentally got filed there from bcc:s or other means).

Re:Check To:

Yep that's what I do.
If To: or Cc: does not contain
1) Your email address(es)
2) Your fav mailing list addresses

And From: does not contain
1) Mailing list addresses which don't end up on To: or Cc:
2) Important People who use Bcc/distribution lists
e.g. ISPs

Transfer to SPAM|Trash|/dev/null

If you are using TIS's FWTK there is a patch for SMAP which does this.

http://www.geocities.com/ResearchTriangle/7003/f wtk.htm#antispam

You need to add your own anti-relay patches.

Re:Check To:

[GoRK]

Remember, the only problem with this is that you aren't in the To: line if you are on the Cc: line or the Bcc: line!

~GoRK

Most people's favourite:

[jfunk]

Procmail.

It's very popular, and has a lot of very advanced features.

There's also lots of documentation.

Re:Most people's favourite:

[Alex+Knight]

Did you not notice he said procmail wasn't fixing his problem. =]

Re:Most people's favourite:

[drix]

I suggest procmail. It's really effective and proven, and it will probably do what you need it to.

;)

not sure

[josepha48]

are you looking for filters to fileter out spam you are getting or is this for a network? if htis is for one person.. you , PINE and NEtscape can both filter spam.. I am using netscape filters.. not sure how good it is thou.. you should be able to set up filters in you MTA.. sendmail or procmail, I have never used procmail thou.. or you can write a shell script..

outlook

although i'm sure using outlook express isn't an option for everyone, it does have it's advantages. the outlook that comes with the ie5 beta's is very good about filtering spam out of the box.

i currently read my mail either by ssh -> pine or outlook on my notebook. (i find it handy to have a portable for games, so it runs 98). of all the filtering solutions for mua's that have come across my desk, oe is by far the best.

if the maintaner of balsa (http://www.balsa.net) is reading, how about some functional spam filters?

RBL

[Pascal+Q.+Porcupine]

If you have control of the mailserver, setup whatever MTA you're using to use the MAPS RBL, which maintains lists of spammer IP addresses. If you don't have control of the mailserver, ask your mailserver admin to do so.
---
"'Is not a quine' is not a quine" is a quine.

Re:RBL

[Bartmoss]

Don't forget ORBS. Check www.orbs.org.

Procmail details

[oneiros27]

But he also didn't say which Procmail scripts he was using.

You might try taking a look at the following:

• http://alcor.concordia.ca /topics/email/auto/procmail/spam
• http://www.panix.com/uce.html

• http://spam.abuse.net

http://www.doofus.org/spam

[cmpayne]

I'd recommend reading the information available on this site. It should give you a start on blocking spam. It also contains detailed instuctions on complaining and shutting down spamming accounts. It is quite satisfactory to recieve a response from an ISP which says that they have suspended the account of the spammer.

Spam Information

Re:RBL/ORBS

[bdjohns1]

Actually, you don't even need to have control over Sendmail (or any other MTA). There's a Perl script you can use which will do the necessary lookups, and can be called from within Procmail, so you can either filter or /dev/null it to your heart's content. I'll post a URL once I can find it.

Try Bright Mail

If you have a POP account, try using Bright Mail. Go to www.BrightMail.com and check it out. If you don't have a POP account, try to convince your ISP/company to buy the site-wide version.

What can you do to block spam? (and what I do)

[dlc]

Unfortunately, there are no really good ways to block spam, and the better ones require that you have access either to your main mail server or another mail server that can act as an intermediate. I'll assume that you don't have access to the mail server.

• procmail is by far the best way to filter your mail. You mentioned that procmail wasn't adequate; I would respond by saying: Recheck your procmail config. procmail is infinitely configurable by using regular expressionss and having procmail run an external script or program for each incoming message. If you know Perl and can download the Net::SMTP module, have procmail fire a Perl script which contacts the originating mail server and attempts to verify the sender's address through VRFY or EXPN. This won't always work, however, because some (*&$%#^) mail servers aren't running a real MTA (sendmail, qmail, smail, etc) or are behind a firewall.
• Someone mentioned this already, and it's a good idea. Everything that doesn't have your specific email address in the To: or Cc: fields is suspect, except for mailing lists to which you may belong. Have procmail file those away in a separate folder for manual checking. This should be the default action; have procmail look first for mail from specific people, then perform your other checks (specific mailing lists, etc), then check for your address in the To: field, then everything else which doesn't match one of those criteria is suspect.
• As a final resort, you can rely on your MUA to filter messages as well. Some people like to do all the filtering at the MUA level; I'm not so sure I'm fully comfortable with this, because you are limited to the filters (or at least the filter-types) that your MUA has predefined. With procmail, you have access to regular expressions and can call external programs on your email messages, and I've never seen a MUA that allows you to do that. Perhaps sorting messages from particular users can be done in the MUA, after procmail flushes the ones that are not directly addressed to you. As an aside, the Netscape mail client lets you write mail filters in JavaScript, which has regular expression support, although it's not as intuitive or as powerful as the regexp support in, say, Perl.

What do I do? I use a combination of fetchmail, procmail, and some custom Perl scripts to sort my mail. By the time I get to it with my MUA ( mutt rules), it has already been cleaned out quite a bit. I have a list of past spammers that gets checked each time a new message comes in from someone my scripts don't recognize or isn't addressed directly to me. It's a bit of work to set up at first, but it's easier in the long run. One thing I've been toying with is creating a database of good and bad addresses, which I can call through Perl scripts from the server to which my mail actually goes (I have several accounts, through school, work, and my ISP). The scripts, and procmail, would run on the individual server, contacting my workstation, which would hold the database (a perl-based server, running on some random port, with a specialized interface to the database).

By the way, if you do have access to a mail server, get the latest version of sendmail, which includes support for the Realtime Blackhole List (which someone already mentioned). It can reject mail based on the sender's originating IP address or domain, if they are known spammers. Very useful, although it can be a resource drain if you get a lot of mail or run a high volume mail server. I have a linux box on my desk which is my primary mail server, and I have all my email forwarded to that machine, which then checks the domains.

SPAM sort of

[Cathy]

I am looking for information from the other side, sort of.

A few days ago I sent a message which was returned by an intended recipient's ISP with this message, "your server is an open relay, see http://www.imrss.org/ Service unavailable"
Going to the site i find that this is an organization which apparently complies lists of open relay sites and ISPs can use this information to block whole domains. I talked to my ISP, they said that they were not an open relay, I talked to the rejecting ISP, they were little help, the recipients of the bounced email did not get any information.

When I search for this organization I find very little information. I am wondering if anyone on this forum has information on this organization.

i manage a tech support group doing support for a lot of games, educational and edutainment things. We send a lot of email around the world. we had never run into this before, i am trying to evaluate the impact of this on our ability to function. is this a list that is widely subscribed to? My ISP and my IT department had not heard of this organization.
So far, my contact with them has been less than positive. I have been called names, had my intelligence and integrity challenged and been sworn at. Behavior i would not condone on any of my support teams.

Cathy