Collateral Damage in the Spam War 375
MarkedMan writes "The link points to a well researched article on Spam lists and those innocently appended to them. I have seen this myself with MailWasher. A posting will come through as potential spam, with the the bounce already red-flagged, but it is actually from a legitimate source. Only happens once or twice a month but still cause for worry.
" I've found that Spam Assassin has made life easier, but I still have to ban domains like yahoo.com, hotmail.com, mail.com - and *.ru and *.cn. I sort through the spam periodically, but the collateral damage is still there.
Be careful when you Bcc... (Score:3, Informative)
SpamBouncer Spam Assassin (Score:5, Informative)
As with any anti-spam measure you have to keep an eye on it when you set it up that everything is working and you aren't blocking legitimate mail. Any anti-spam software you use will either let some spam through, or catch legitimate mail. Add some procmail scripts to catch any mailing list mail you are on into thier folders, block To: Friend@Public.com and the like and you have a pretty robust system.
I've also found that blocking messages with malformed headers helps alot on spam... For example, the following Procmail recipe blocks all messages that are HTML only without a charset, which is common on spam mailings, and has never caught a legitimate mail for me:
* ^Content-type: text/html
* ! html; charset=
* ! from hotmail
| ${FORMAIL} -A"X-Spammers: text/html only message"
Your Milage May Vary
Yahoo and Hotmail DONT Open Relay (Score:2, Informative)
Spam Assassin (Score:4, Informative)
A few weeks ago I saw mention of software called spam assassin. After about 2 hours of playing, updating CPAN modules on my Mandrake box in the closet, getting fetchmail and sendmail configured/installed.. I must say, the pain of getting it going was WELL WORTH the effort. I now have almost 0 spam get through (not a single one yet). I have setup IMAP on that server, and have all my email going to that one spot.
Spam Assassin is pretty neat, it tags the top of the message with reasons why it thinks it's spam. Some of it's comments are funny as hell.
Sample reults:
SPAM: This mail is probably spam. The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM: SPAM: Content analysis details: (12.8 hits, 5 required)
SPAM: FROM_NAME_NO_SPACES (-0.1 points) From: no spaces in name
SPAM: AS_SEEN_ON (2.2 points) BODY: As seen on national TV!
SPAM: CLICK_BELOW (1.5 points) BODY: Asks you to click below
Anyway, fetchmail + spamassassin is well worth the effort.
Re:Sometimes "collateral damage" is intentional (Score:3, Informative)
The small ISPs would be pretty responsive to complaints, or if they weren't - they'd feel the pain of getting blacklisted, and would usually give in and kick off their problem users.
Nowdays, with most customers on one of a handfull of giant ISPs, it's no longer effective or realistic to ban the whole ISP. (EG. With the number of customers Earthlink has, can you really expect them to always keep *every* user with an open-relay off of their network? Even if they hired whole teams of people just to perform that one task, new people with open-relays would subscribe faster than they could discover them. Hence, Earthlink would almost always be on a blacklist.)
SpamCop chain test (Score:4, Informative)
This is essential if you want to report spam to the sender's ISP. Otherwise, you report addresses being abused by spammers. It's also a useful filtering tool; an e-mail with inconsistent headers is probably spam.
ORDB is the Answer (Score:3, Informative)
My e-mail address was recently harvested by a spammer. I started getting SPAM from the listed domains but the only problem was the mail didn't show up as from yahoo, hotmail or mail in my mail log. Turns out the spammer was forging the return address and sending through an open relay. So I learned about how to set up sendmail to filter incoming mail through the Open Relay Database (ORDB). That particular spam problem has now disappeared. It helps when you run your own mail server but if I can figure this out in less than a day then a paid sysadmin at an ISP, company or school should also be able to do it.
You can find out more about the ORDB here [ordb.org] and this site [wirehub.nl] has very simple instructions for setting up sendmail to use the ORDB filter. Sendmail.org [sendmail.org] has quite a bit of additional stuff you can do to filter SPAM and still let legitimate e-mail through. ORDB also has solutions for people who don't run their own mail server and just connect someplace with a mail client to get their mail.
how to filter asian spam (Score:2, Informative)
(upper and lower case) I havnt recieved an asian spam mail, given that I used to get 20+ asian spam a day this helps a lot. In Outlook you cant(I think) filter on specific headers, but filtring on all Headers should do.
my $0.02
Re:Sometimes "collateral damage" is intentional (Score:3, Informative)
Have to be careful with your e-mail address. (Score:4, Informative)
My personal email address is a yahoo account, and work email is provided from the company I work for. I give out my email addresses to friends and lots of contacts from work (and it's printed on my business cards).
I NEVER do these things:
-post to newsgroups with a real address,
-put my personal address on a website,
-give a real address when filling out surveys, etc. online
-sign up for newsletters
-give my email to anyone who asks over the phone ("Sorry, I don't have a computer, but yes, I'd like to order that CD-ROM drive")
-give my email address to Radio Shack
-enter my personal info into my browser
Basically, I just refuse to allow my email address to proliferate. If I do happen to get spammed, I just don't reply, and it tends to go away, but it's really rare anyway.
Of course, if I ran a website, I'd create a unique email address just for that purpose, and I'd expect to have the sh!t spammed out of it, but at least it would be separate from my real addresses.
Re:Network Solutions, One domain per user? (Score:3, Informative)
Re:Network Solutions, One domain per user? (Score:2, Informative)
Re:Network Solutions, One domain per user? (Score:5, Informative)
TMDA [sf.net] takes advantage of this sort of thing. So it does what you're talking about, but it also adds a cryptographic hash onto the extension to verify that you infact were the person who generated the extension. So my equivalant of what you're doing would be:
mark-keyword-slashdot.abc123@hornclan.com
mark-keyword-msn.a1b2c3@hornclan.com
The generation of the hash depends on a secret 140bit key that only I know. Thus I can create these things whenever I want and use them without modification to my mailsetup and be confident that no one else can generate these things that will get into my mailbox.
Other types of addresses that tmda generates:
Anyway, I'm pretty pleased with TMDA, although, as I say in another post, it can impact one's ego. [slashdot.org]
Overkill (Score:2, Informative)
I don't see why (with SpamAssassin) you would need to be so draconian. SpamAssassin catches all my spam, regardless of where it originated. If your installation isn't catching what you consider spam, adjust the rules a bit. There's a lot of good documentation on how to do this and it isn't real hard (mine seems to be working fine, out-of-the-box). Now, its very possible that a person would get legit email from yahoo/hotmail addresses that they simply don't *want* to get
Re:Network Solutions, One domain per user? (Score:3, Informative)
Something I've started using more is simple mail aliases. Since I run many MTAs, I've taken one of my own domains and create an alias for a mail recipient for when I need to sign up for something. Let's say I order some X10 stuff. I'll create a quick mail alias called "x10" and point it at my usual mail account. I'll add a comment with a date, maybe a URL, etc.. to it and rebuild my aliases.db. There are 2 upsides to this. 1 is that I can easily make that a real account someday and spamtrap all that junk if needed. It's also garunteed to be accepted on every web form I come across. Occasionally I'll come across a web form that only accept alphanumeric characters (and the @) in the email address. Some webmaster thought he was being security-wise and didn't follow the RFCs. Whoops. No biggie. This method gets you around that little problem. The only real downside is that it takes a couple extra seconds to create that alias and add some comments about it. Oh wait, there's another plus. Some mass mailers strip out the plus notation from email addresses. Giving your address to, say, Citibank or CapitolOne as joeblow+citibank@domain.tld might confuse the person or raise suspicion if you're entering your address in a spamtrap. With the email alias, you can use an acronym, gibberish, or whatever you want for your particular situation.
Re:It's not full proof (Score:3, Informative)