De-spamming Your Inbox The Hard Way

ajain writes "Even after using precautions like dummy email address in public forums, I have been plagued by the spam mails for long time now. Accidentally, I hit upon a not-so-elegant but effective solution recently: Ever thought of shutting down the mail server temporarily to stop spam to your inbox permanently? Well, it seems to work. In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic! Here are the details and a step-by-step guide to this desperate-method of spam reduction. I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero!"

Sure, that's fine...

[BaldGhoti]

...if you don't mind missing potentially important emails. It's a bit overdrastic and if you're supporting multiple users, it's going to be a totally unacceptable solution.

Re:Another approach...

[admp]

This is the same as not using email at all. Personally I find this technique useless. Don't you?

Exchange spam filter

[John the Kiwi]

What are the odds the new mail server he is using put spam filters on there for him and he just didn't notice?

NO!!!!

[Anonymous Coward]

After reception bounces (ie they've hit your inbox) are a BAD, HORRIBLE idea. Most of the information in spam is forged. If you can reject at SMTP reception time, then it's best to use a service like SpamCop to report the offenders.

consequence:

[Progman3K]

A few hundred random people received
"The message you sent X was undeliverable"
spam instead.

Nice.

have you ever considered....

[takitus]

the fact they might have installed some anti-spam filters when they were upgrading the mail server? duhhh

Maybe they added spam filtering?

[sterno]

The article says that the school upgraded to a new version of Exchange during that two day period. IS it possible that during the course of the upgrade they also added some anti-spam features that aren't visible to the end user?

I know that personally I've had my mail server go down for more than two days without a backup relay and had no notable drop in spam traffic.

Business email users cannot afford this

[ChrisPee]

I would much rather spend 2-3 minutes a day deleting those spams that weren't caught by my automated spam filter, then miss even one legitimate business email message.

Re:KDEMail?

[rf600r]

Bounce != no SMTP session at all

Spammers care little if at all about bounces. Ponder, for a moment, how many bounce messages his server sent when it was off if this is still confusing you.

Re:Another approach...

[Xeo2]

I don't think you understand. Your way is hard. His is easy.

Yes

[Anonymous Coward]

That sounds like a more reasonable explanation. I've had domains that got spam which I then didn't host anywhere for years, and then re-hosted, and they still got spam.

Unacceptable

[DanteBlack]

This is a totaly unacceptable solution in a real-world business environment. Two days worth of bounced emails and even a moderate size company could miss over a $100K worth of online orders. Worse yet they could lose a current customer or, almost certainly, a potential customer. Customers as a rule don't take kindly to bounced orders and then they go to a competitor.

There are drop in solutions out there. Use them if it's a real issue.

Re:KDEMail?

[Erik Hensema]

No. Bounces never reach the spammer. Ever. Spammers always use fake sender addresses, so the bounces will go to an innocent bystander.

So, while totally ineffective, you also burden the innocent bystander with yet another bounce.

The only way to combat spam is to reject it on the SMTP level.

Note that the guy in the article was wrong. When a mailserver is offline for two days, no bounces are sent. Sending mailservers will usually retry for 5 days before bouncing the message.

However, spammers don't use mailservers to send their spam, they deliver the spam direcly to the receiving mailserver. They've got instant feedback on wether the spam is accepted by the mailserver or not.

When a mailserver is offline, spammers will know immediately. However I doubt they'd remove your name from the list because of this simple fact. Mailservers are regulary offline for multiple days.

In this case I rather think they installed a very good spamfilter on that brand new Exchange Server.

Re:This simply doesn't work.

[SoTuA]

I don't know what this guy did but he is thoroughly mistaken.

I'd bet a beer that the new mail server installed at his institute includes some form of spam protection. My university's mail system has gone down for two days, and I still get one or two hundred spam mails a day. (of course, only one or two make it through the spam filters :)

Re:Maybe they added spam filtering?

[naelurec]

My thoughts exactly. This is a non-article, its amazing that it was posted to this site. With DNSRBL lists, some reasonable SMTP level filtering and spamassassin, I have had similar success in reducing the amount of spam.

trusted friends

[oliverthered]

Use pgp and sign there email.

Re:They're not going to be missed.

[meme_police]

"The servers trying to reach you will fail to connect, timeout, wait, try again. They don't try once and then give up."

Legitimate servers do that. Spammers and SMTP trojans on hijacked home computers don't usually try again.

Re:Shutdown

[bluelip]

If it was going to take that long, I'd throw up another box, point an mx record to it and hold the email there.

Would look more professional that eveyone getting email around the lines of "Your email could not be sent for the past X hours......"

Sendmail will do this almost out of the box if MX records are correct.

Re:Yes, like greylisting. (ie, Postgrey for Postfi

[bwindle2]

How long until the spammers simply queue undeliverable email, and try again after a few minutes? I'm suprised they all haven't yet.

Re:Logically shut it down!

[bwindle2]

And how is your border router (layer 3) going to see the RCPT TO address (layer 7)? Routers just pass packets, they don't examine packets for certain data. I've never seen a firewall that will examine TCP/25 packets for a RCPT TO address, either.

Re:Another approach...

[Kethinov]

I wonder if someone might write a program or plugins for existing mail programs to adapt on this approach? Every time you mark a mail as junk, it sends it back to your mail server to be treated as if it were bounced. This way anything you mark as junk gets bounced back to the spammer as if your mail server was down. Have the cake and eat it too?

Not a good idea

[Q2Serpent]

Many spam emails have forged 'from' addresses and/or envelope senders, so if you bounce the email, the bounce may end up at some unsuspecting person's email. This only adds to the problem.

This won't work - game theory

[ari_j]

The problem here is that spamming is easily modeled by game theory, and the spammers have a dominant strategy.

Your move: optimize how long you need to shut down your e-mail in order to minimize spam. Their move: check one day longer than your precaution allows for.

They can keep pushing it back until it is no longer useful for you to even have e-mail in the first place (i.e., you have more downtime than uptime), and either you end up not using e-mail at all or you end up receiving lots of spam.

Re:Another approach...

[Chris84000000]

My guess for the reason the spam goes down is because when the mail server is off, it is unreachable, so the spamming program must wait for TCP connection request packets to timeout. Simply bouncing gives an immediate response, and the spammer won't care. But if the spamming operation has to hold up for a few seconds trying to reach a down machine, that actually motivates the spammer to remove you.

Since a TCP session must be set up before the message is transmitted, you can't have your cake and eat it too. At least not as the parent suggests.

Play the alias game...

[whodkne]

I just setup a catchall account on my domain and use whereIampostingmyemail@mydomain.com for every email address I give out. Not only does that identify WHO is sending me spam (shadyecomstore.com@mydomain.com) so I can track back and yell at them, but it allows me to create a rule to block addresses if they get to be too spammed over. This seems to work pretty well along with Baysean filtering and a few rules I have setup.

I already know the answer

[schickb]

I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero

No need for models and simulations... the answer is 'shut-down time' = Infinity

Re:KDEMail?

[jonwil]

Thats why we need to push for much greater adoption of Sender Permitted From (SPF).
That should prevent fake email addresses from being used.
Unfortunatly, large ISPs and email providers dont seem to want to implement SPF records for their mailservers.

Re:Blocklists, Teergrubes, Bandwidth Suckers

[jonastullus]

- "blocklists" are also questionable because the maintainers of these lists gain a lot of power and often ask for huge amounts of money for address-ranges which were accidentally added to be removed again!

- "teergruben" are a nice idea, but they would have to rely on source address filtering or only kick in after a few hundred messages. and if the spammer simple multithreads his sending "server" he might not be THAT bothered with slower delivery, as he can have thousands of concurrent deliveries, totally bogging down the receiving server!
and also, if teergruben should just be the exception it is trivial to add a timeout to the delivery routine to abort after 1 minute or so of trying to deliver!

- "bandwidth suckers" - this is just the kind of anarchistic vigilante justice that SHOULD SIMPLY NOT occur! even if it were not for the "collateral damage" to the network infrastructure and "innocent" pages being accidently hit, this is no better than stoning criminal suspects to death without proper trial...

- "sugarplums" - this idea is actually pretty good but looking at the small return that spammers are getting at the moment this won't really slow them down much. even at 1% reached mail addresses the spammers still have virtually no cost in sending millions of mails out and thus will be hindered but far from stopped by injecting wrong mail addresses! also you have to generate those fake addresses without the spammers getting behind your mechanism of randomizing the addresses and you MUST also take care NEVER to inject a valid mail address by chance!

there has actually been quite a discussion how to make mailing more "reliable" on a grand scale and i still find the idea of forcing mail servers to solve some computationally expensive computation rather nice. although this will cost legitimate service providers a little in hardware this will hit the mass mailers by far worse because they simply rely on cheaply mailing millions of mailings in a short time frame...

well, so much for "innocent" protocols used in a hostile, mercantilistic, hard-to-trace and more-or-less-anonymous environment...

jethr0

Re:Another approach...

[devilspgd]

And when a spammer puts your URL in their spam, you'll just happily pay the bandwidth bill in the name of fighting spammers?

Repeat after me: Do not fight abuse with abuse.

Re:SPF Records

[Progman3K]

I believe it IS good to have as much authentication as possible, but not to the point where it would make the system brittle.

It just seems that the more security layers you have to go through, the more chance you have of something failing.

What if you wanted to communicate with a non-compliant e-mail recipient?

Obviously, if SPF becomes the law of the land, and EVERYONE starts using it, the problem of spam would go away, at least for a while ;-)

But it's the same phenomena slowing IPv6 adoption, things work (albeit with certain problems) now.