I am the Most Spammed Person in the World 478
jefp writes "In November 2004, Microsoft's second-in-command Steve Ballmer made some headlines by mentioning that Chairman Bill Gates was getting four million spams per day. At the time, I was dealing with a little spam problem of my own - I was getting around a million spams per day. I found it a little comforting that my problem wasn't quite as bad as Bill's. However, a couple of weeks later Ballmer corrected himself, saying he mis-remembered the stat and Gates actually gets four million per year.
This means I was getting one hundred times as much spam as Bill Gates.
I've written a tutorial explaining why I get so much crapmail and how I deal with it."
nowhere (Score:4, Interesting)
Good test for thttpd. (Score:3, Interesting)
Hi Pokey!
-jim
Favorite Spam (Score:1, Interesting)
qmail (Score:4, Interesting)
Re:A quick suggestion... (Score:3, Interesting)
I always wondered this. OK, Bill Gates gets a lot of email just because of who he is. But why do "everyday" people get hundereds of SPAM messages a day? I don't get it. Are you just handing out your email to everyone? Are these unfiltered messages on your own mail server? I just don't get how you can possibly get that many SPAMs in a day. I have 5 email accounts at various providers, and I get maybe 5-10 a day TOTAL. Are my providers just much better at filtering? Am I just more careful about who gets my email address?
I have to think that if you get that many SPAMs a day, it is because you are loose and easy with the address, or have a high-profile address.
Re:Tip #1 (Score:5, Interesting)
What to do... (Score:5, Interesting)
This guy's SMTP server: Pipelining is turned on for untrusted hosts. Nice.
Either way, a good portion of the spam hitting my system never even makes it to EHLO/HELO time because if there's any sort of resolution problems with the dns/rdns or if the hostname contains the IP address in it (RFC violation) I delay the connection 20 seonds before the greeting. RFC states clients WILL NOT send data unless asked to do so, except for pipelining which is not advertised for untrusted hosts. When the MTA sees a bunch of incoming crap, it drops the connection because they violated the RFC rules for handshaking (clients MUST wait for the greeting). This does not affect legit MTAs with temporary problems.
I go through a whole bunch of other checks even before DATA time, delaying at each step if there's a problem. 90% of the spam/viruses never even make it to scanning for spam/viruses because they violate something before that and the connection get drops (or they drop it from waiting). Once again, delaying 20 seconds does NOT affect legit MTAs.
Big writeup on SPAM filtering [linux.com]
My MTA [exim.org]
Re:Greylisting (Score:2, Interesting)
Re:Greylisting (Score:3, Interesting)
I'd really like to see everyone adopt SPF so I can start refusing domains that don't have SPF records published for them.
Re:Greylisting (Score:3, Interesting)
I have a high-profile address... (Score:4, Interesting)
In 2000, the last time I added it all up, I was getting 300M a month *after* applying blacklists. At this point my mailserver is blocking several countries and ISPs, using multiple blacklists, and running some custom greylist software I wrote myself (for qmail... sorry, Jef), and my local mail client's only seeing 20-30 spams a day out of the hundreds of thousands (maybe as many as a million, it's too depressing to keep track) of delivery attempts that show up in my logs.
If you don't mind changing your email address now and then, more power to you, but I'm damned if I'll give the bastards the satisfaction.
A billion MIPS for defence, but not a byte for tribute!
Re:And that's why.... (Score:2, Interesting)
This makes it past most filters becuase it is needed for web developers. It renders a page as if you had one of the three forms of color blindness.
That's not all. (Score:3, Interesting)
I replied, saying "Did you actually get modded up to +4 for pimp-slapping yourself?". He had.
--grendel drago
Re:I have a high-profile address... (Score:3, Interesting)
Or if you don't have a choice. I used to use my work email for all my usenet stuff back in the late 90s. Then I left that job, and started using my own email address. That provider changed domain names, then I dropped them altogether when they took away all shell accounts. Then I had Earthlink for several years. I then moved across the country, and now have a new provider. So I have changed my email address, but only about every 3 or 4 years or so. But I have had a Yahoo account for about 5 or 6 years now, and I don't get much spam at all on it.
I think it all comes down to not giving out your email account. But even then, you don't have much control. At my last job, I ONLY used my work email account for work, I never sent email to anyone that wasn't work related. Then some dope at work got their laptop infected, and all of a sudden I was getting spam (my address was in their address book). Or if you get people who use that "send this news story to a friend" link to send you news stories and crappy little animated doo-dads that they find funny. ARGHHH!
Annoying Spammers with pf/spamd (Score:3, Interesting)
http://www.benzedrine.cx/relaydb.html [benzedrine.cx]
Re:Good test for thttpd. (Score:3, Interesting)
Re:I have a high-profile address... (Score:3, Interesting)
I wrote an article [freesoftwaremagazine.com] about my Postfix + Amavisd + SpamAssassin + ClamAV + Greylisting setup; I'm down from many-thousand spams per day to one or two. We've reached the point where technology can do an excellent job of separating the wheat from the chaff, but people seem slow to adopt it. I'd go as far as to say that if you or your company still get significant amounts of spam, then it's a voluntary decision.
My only wish is that SPF were more widespread. One of my domains, honeypot.net, seems to be a favorite for spoofing, and it wouldn't hurt my feelings to never receive another whiny email from someone who just decided that they've had enough and wants to start fighting back.
Re:Greylisting (Score:3, Interesting)
The downside of grey-listing is that the easiest way for spammers to circumvent it is to simply use their bots to flood a recipient mailbox with the same message again and again until the greylisting timeout expires and the message(s) is accepted. To the recipient MTA there is very little difference between a proper message being retried and a spambot crapflooding the hell out of a mailbox - especially since some MTAs make a really poor job of being standards compliant and seem to take a 4xx temporary error as an invitation for an all out DOS to try and get their message delivered.
This has the unfortunate side effect of spam zombies sending 100s of copies of the same message for hours at a time. And on systems without greylisting it means a huge increase in duplicate spams being received.