Where Has All My Spam Gone? 597
An anonymous reader writes "I have my own domain, which has its own email server, where I receive all my personal email. I've been getting about 800 emails a day, of which perhaps 20 are real. Suddenly, Sunday or Monday evening, the spam pretty much stopped. My volume of mail has plummeted to less than 100 a day, and as far as I can tell, I'm not missing any real mail — I'm still getting the email list subscriptions I'm expecting, and every time I ask someone to send me a test message, it gets through. My domain host insists that it doesn't do any spam filtering before mail gets to my inbox, and that they've changed nothing about their configuration. I run SpamAssassin on my server to mark, but not delete, spam, and download the whole mess to my home client, and I'm still seeing the occasional message tagged by SpamAssassin. But it's virtually all gone. And I haven't changed anything about my own mail configuration, or the harvestability of my site (my personal email has been harvestable for almost a decade). So what's going on? I can't believe that several major botnets would have vanished overnight. Any ideas?"
Re:Okay (Score:5, Insightful)
Re:Okay (Score:5, Insightful)
Re:Exactly. (Score:5, Insightful)
Assuming a third party isn't dropping your email... if they are then that's almost as bad the spam deluge - I'd rather be the one to decide what is spam than a third party who may or may not have a clue.
Still the same old same old (Score:3, Insightful)
We provide a spam filtering service, and our volume hasn't really changed much in the past week or two so perhaps whichever botnet was sending you all the trash went offline or just... stopped sending to you.
I can confirm this (Score:3, Insightful)
This happened to me too about a week ago, and I was as surprised as you. I am from Italy, and I got about 200 mails a day, about 5 of them not spam. Now I get about 80/day. They are not vanished, but the volume of Spam mails dropped significantly the last week or so.
Re:Exactly. (Score:5, Insightful)
I, on the other hand, consider sudden, dramatic, and completely unexplained changes to the operation of systems under my control to be a reason to worry.
I'm just funny that way.
Re:we are all doooomed (Score:5, Insightful)
Re:the russian business network is busy (Score:4, Insightful)
they need the botnet resources for ddosing georgia
The sad thing is, you might be right...
Re:Exactly. (Score:5, Insightful)
Amen.
It's like we speak the same language.
Change is good. Unexpected change is very, very bad.
Re:One down (Score:3, Insightful)
Re:I'm getting it (Score:5, Insightful)
It's an arms race. They come out with a new message that tricks the filters into thinking it's real. The filters update and adapt. They rethink things and come out with a new junk message which sometimes succeeds, sometimes doesn't. When they find one that works, I start getting spam again until the filters adapt. Ad nauseum.
I've got my SpamAssassin filters set to update on a daily cron job, and it's always the same... Every week or two, I get a handful of spam messages getting past the filters. They're all basically the same. And it lasts for about a day before I stop getting spam again. So it comes in bursts for me, every time the spammers rethink the message they send out.
I've had my domain, and the same e-mail address for half a decade. My IP address did recently change when I moved into a new colo, but all of the DNS has updated already, so the spammers still know who I am. It's annoying. But it is manageable.
Re:Hmm (Score:2, Insightful)
Bush and the Georgia-Russia conflict
http://www.indymedia.org.uk/en/2008/08/406684.html [indymedia.org.uk]
Re:I'm getting it (Score:5, Insightful)
Don't you hate it that you have to deal with this sort of thing because some other mail server isn't configured correctly?
If all mail servers instituted the policy of "reject...don't accept then bounce", then there wouldn't be any blowback spam. Unfortunately, there is some MTA software that can't do the right thing without non-standard add-ons (qmail, I'm looking at you).
Re:Hmm (Score:4, Insightful)
Actually, I just checked one of my e-mail addresses that has historically gotten about a hundred a day, and the Spam bucket only has 26 for yesterday and similar numbers for the last couple of days.
I read recently about some big spam king (czar, whatever) that got arrested. I wonder if taking him out of the equation actually had an effect on the world.
Let go of the Cold War (Score:1, Insightful)
Maybe if we didn't try to make every neighbor of Russia a member of NATO (It isn't aimed at Russia, really! Relax!) they wouldn't have gotten nervous to the point of doing this. The definition of "North Atlantic" has been stretched to the limit of reason. Between NATO and that bullshit missile defense system in Eastern Europe (Iran, yah, right) I don't blame them for being pissed, we would've done the same thing.
I guess keeping the Cold War alive is better than having voters pay attention to the fact that they can't pay for gas or their homes.
Re:Hmm (Score:3, Insightful)
Sure... and when a big mafioso is killed, it's the small shop owners that are the suspects. Riiiiight. Find out who's running the botnet now, and you got your prime suspect.
Re:Exactly. (Score:4, Insightful)
Re:Hmm (Score:3, Insightful)
A good way to complement spam source filtering thru greylisting is to block home/dynamic IPs, ranges where mail servers arent supposed to be, but where are the majority of personal pcs (that gets owned by botnets). Spamhaus PBL i.e. have this particular target (or zen that combines this one with other known sources of spam)
Please don't. There is no reason that mail servers shouldn't exist on home/dynamic IP addresses. This is one area where I'm actually happy with my AT&T DSL service - they block outbound port 25 connections by default, but allow you to opt out of the blocking if you want to run your own mail server.
I disagree. If you want to run an outbound MTA, get a static IP and some reverse DNS. While not having those two things doesn't prove you incompetent, having them indicates that you may have a clue as to what you are doing.
With the unfathomable amount of zombie machines on dynamic consumer IP ranges, there is no reason for me to absorb the spam just to allow you to be cheap and lazy. If you can't be bothered to show some signs of being clueful, why should anyone be bothered to accept your email?
If you can't bring yourself to get a static IP with non-generic rDNS, you can always use a smarthost. Barring those two sensible options, I suspect most postmasters would view not delivering your MTA's emails as lossless compression.
Re:Hmm (Score:4, Insightful)
Unfortunately we live in an age where some sort of accountability is necessary before I'll accept your email. A dynamic IP address means no accountability, and it means your email doesn't get through.
As far as I can tell, the only people still self-delivering email from dynamic IP addresses are hobbyists who collect knives and home-school their kids, and whom neither I nor any of my clients have ever wanted to correspond with. I have never once received a report of email delivery problems that traced back to dynamic-IP blacklisting.
Don't get me wrong - when I first got DSL in 1999 I was thrilled about running my own mail server in the hall closet and did so for years. But times changed and I changed with them.
Re:Hmm (Score:3, Insightful)
Ok, Agent Mulder, settle down.
I Want To Believe...
seriously bit more information ? (Score:4, Insightful)
well the first thing that scully would ask is ?
where is the scientific evidence....
so the serious question its nice that your spam level dropped but where/ip was it all coming from in the first place ?
regards
John Jones
http://www.johnjones.me.uk [johnjones.me.uk]
Re:Hmm (Score:5, Insightful)
Its long been suspected that the Russian government and Russian organized crime have cooperative links, if not outright overlapping "membership"
What is a government anyway but the most successful group of thugs imaginable?