De-spamming Your Inbox The Hard Way 631
ajain writes "Even after using precautions like dummy email address in public forums, I have been plagued by the spam mails for long time now. Accidentally, I hit upon a not-so-elegant but effective solution recently: Ever thought of shutting down the mail server temporarily to stop spam to your inbox permanently? Well, it seems to work. In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic! Here are the details and a step-by-step guide to this desperate-method of spam reduction. I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero!"
Another approach... (Score:3, Informative)
And only trusted friends give permanent (or ermanent sub-domain) email addresses.
And as for mailing lists, if you use procmail to filter inbound messages on mailing lists, scan for specific things in it, e.g. don't just scan for the recipient, but also for specific mailing list headers. Anything that falls through this sieve you throw away (or, at least, quarantine it in a separate location).
Re:Another approach... (Score:3, Insightful)
Re:Another approach... (Score:4, Insightful)
Not a good idea (Score:5, Insightful)
Re:Not a good idea (Score:3, Interesting)
Re:Not a good idea ??? (Score:4, Interesting)
How do I know this? I've owned my domain since 1996, and I've been administrating the email since 1998. I get spam nearly every single day for beth@ahab.com (no point in cloaking it, really), and it has NEVER been a valid address. It often bounces back to the postmaster (me) after not bouncing back to their forged yahoo address and after NOT getting the word out to a single baby-eating spammer (you do know they eat babies, right?), and I see it when I bother scanning my postmaster folder for anything interesting.
Sure, it's worth my hassle if it bounces back to them, but it's probably not worth it to the poor sucker whose yahoo address they forged.
Get a clue: SPAMMERS DON'T CARE. You're kinda hoping that the guy who lets his dog shit on the sidewalk in front of your house is going to be annoyed by the smell.
Re:Another approach... (Score:3, Interesting)
Re:Another approach... (Score:3, Interesting)
Re:Another approach... (Score:3, Interesting)
The logic is that a if a spam zombie is the source, they would just react to a problem by going to the next victim. A legitimate server will store the e-mail and try again.
Very few ISPs are so clueless that they don't queue and retry when they get a 4xx response (indicating a tempory failure). There are a few, but not many.
So if you refused all incoming e-mails the first attem
Re:Another approach... (Score:3, Interesting)
Seems to work fine for me, and I can keep my mail server up 24/7.
Re:Another approach... (Score:4, Interesting)
Re:Another approach... (Score:5, Informative)
You have not looked at artists against 419 [aa419.org], have you? It's not a bot, just a few web pages that continuously reload images from spammers' sites, but it seems to be effective.
Blocklists, Teergrubes, Bandwidth Suckers (Score:5, Informative)
Re:Blocklists, Teergrubes, Bandwidth Suckers (Score:4, Insightful)
- "teergruben" are a nice idea, but they would have to rely on source address filtering or only kick in after a few hundred messages. and if the spammer simple multithreads his sending "server" he might not be THAT bothered with slower delivery, as he can have thousands of concurrent deliveries, totally bogging down the receiving server!
and also, if teergruben should just be the exception it is trivial to add a timeout to the delivery routine to abort after 1 minute or so of trying to deliver!
- "bandwidth suckers" - this is just the kind of anarchistic vigilante justice that SHOULD SIMPLY NOT occur! even if it were not for the "collateral damage" to the network infrastructure and "innocent" pages being accidently hit, this is no better than stoning criminal suspects to death without proper trial...
- "sugarplums" - this idea is actually pretty good but looking at the small return that spammers are getting at the moment this won't really slow them down much. even at 1% reached mail addresses the spammers still have virtually no cost in sending millions of mails out and thus will be hindered but far from stopped by injecting wrong mail addresses! also you have to generate those fake addresses without the spammers getting behind your mechanism of randomizing the addresses and you MUST also take care NEVER to inject a valid mail address by chance!
there has actually been quite a discussion how to make mailing more "reliable" on a grand scale and i still find the idea of forcing mail servers to solve some computationally expensive computation rather nice. although this will cost legitimate service providers a little in hardware this will hit the mass mailers by far worse because they simply rely on cheaply mailing millions of mailings in a short time frame...
well, so much for "innocent" protocols used in a hostile, mercantilistic, hard-to-trace and more-or-less-anonymous environment...
jethr0
Re:Another approach... (Score:5, Funny)
Re:Another approach... (Score:4, Funny)
Re:Another approach... (Score:3, Informative)
Conversely, a white hat hacker is someone who breaks security for altruistic purposes.
I think DDOSing spammers is altruistic, but there's an argument for malevolent intent, so there needs to be a third category: Vigilante Crackers.
The term for this I've seen is "grey hat hacker".
Re:Another approach... (Score:4, Insightful)
Repeat after me: Do not fight abuse with abuse.
Re:Another approach... (Score:3, Interesting)
Re:Another approach... (Score:2, Insightful)
Or delay delivery, and check again ... (Score:5, Interesting)
From the FAQ (http://www.olympus.net/doubleVerifyNL):
DoubleVerify gets two chances to automatically identify mail. When mail arrives at our mail server the first time our server requests the sending mail server to send it a second time. Spammers rarely comply. Legitimate mail servers typically resend the mail about fifteen minutes later. Once OlympusNet receives mail the second time, it immediately delivers that mail and continues to immediately deliver mail from that sender. The DoubleVerify process works invisibly and is handled automatically by the mail servers.
You can whitelist entire domains (like your company, for example), too. It's worked pretty well for us.
Re:Another approach... (Score:5, Interesting)
Re:Another [failed] approach... (Score:5, Funny)
To: undisclosed-receipient
Subject: Don't buy this: Get it free!
For a limited time you can get the Wally Whizbanger FREE!!!!
...
Sure, that's fine... (Score:3, Insightful)
Re:Sure, that's fine... (Score:3, Interesting)
exactly. if this method is an option for you and you don't want to get pissed off at spam, simply don't check your email for a few days... you'll forget all about spam after a while.
of course, when you check the email after a few days, you'll have greater number of spam to go through and get even more pissed.
i'd like to call it the "serenity now!" method. :P
Re:Sure, that's fine... (Score:3, Interesting)
Just a thought.
Re:Sure, that's fine... (Score:5, Informative)
NO, don't bounce, reject at MTA level ONLY (Score:5, Informative)
No no no. DO NOT bounce mail that doesn't pass though spam filter after you accepted it for delivery. You are only spamming someone else.
What you need to do is to reject the email BEFORE you accept it in the queue. That is, after DATA is complete, scan the email and if it fails the test, then reject it at the MTA level. If you accept the email in MTA (ie. after DATA is complete), then DO NOT bounce it because the headers do not have the real FROM: anyway (in case of spam)
Also, if you are bouncing mail after DATA, then your servers will try connecting to some other MTA raising your load. Bad idea.
Re:NO, don't bounce, reject at MTA level ONLY (Score:5, Informative)
Our previous method was with qmail-scanner which would then quarantine viruses and mark spam and pass it on to the end-user MTA. That method caused many pages due to high CPU usage when spammers hit hard.
The new SimScan system is C based so it is a tad easier on load, hardly see any red events anymore.
An alternative is available with Exim's exiscan patches for those using Exim.
After applying this system at my ISP the incoming spam levels have been reduced dramatically, we can still pass thru to those not wanting the filtering but for the rest of the customers they are very happy to not have nearly as much junk in the inbox.
Some have actually called wondering why they are only really getting their legitimate email now
Re:NO, don't bounce, reject at MTA level ONLY (Score:3, Informative)
Maybe I'm not following you, but even if you reject at the MTA level won't the exploited mail relay bounce the message to the forged originator anyway? The only difference is who is doing the bouncing. Either way, the rejected message is bounced, assuming that a 3rd party relay (and not custom spam software) is doing the sending.
I agree that rejecting at the MTA level
Re:NO, don't bounce, reject at MTA level ONLY (Score:5, Informative)
Most spam is coming from an exploited box directly. If it gets a 5xx Denied message, it just fails to send that message and generates no bounce. Legit mail from a real mail server will drop a bounce message in the sender's mailbox.
Re:NO, don't bounce, reject at MTA level ONLY (Score:3, Interesting)
It also does a 20 second delay before sending the reject code, to slow down the spammer from moving on to their next target.
Read about it and download the source code on my web page.
http://highlandsun.com/hyc/
I've been using it for over a year and my spam-to-mail ratio dropped from 95% spam to 5% spam.
Re:NO, don't bounce, reject at MTA level ONLY (Score:3, Informative)
So you what you want then is spamass-milter and clamav-milter (both available from the dag RPM repository for modern redhat/fedore systems - so you can update them automatically for errata packages).
There must be something similar for postfix - its more advanced than sendmail, right? No sarcasm there either - I'm sure there's a way.
The only thing to watch
Re:Sure, that's fine... (Score:2)
Re:Sure, that's fine... (Score:2, Informative)
Most of my friends are not heavy e-mailers, and often more than a month goes by between e-mail messages from them.
Re:They're not going to be missed. (Score:3, Insightful)
Legitimate servers do that. Spammers and SMTP trojans on hijacked home computers don't usually try again.
There's a typo in the dept. line (Score:3, Funny)
Re:There's a typo in the dept. line (Score:4, Funny)
Thanks for lightening up my entire afternoon.
Re:There's a typo in the dept. line (Score:3, Funny)
Shutdown (Score:5, Funny)
In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic!
Rumour has it that shutting down your server permanently will result in a 100% reduction in spam traffic.
Re:Shutdown (Score:3, Insightful)
Would look more professional that eveyone getting email around the lines of "Your email could not be sent for the past X hours......"
Sendmail will do this almost out of the box if MX records are correct.
That's not the hard way (Score:3, Funny)
That only works for smart spammers (Score:5, Informative)
I shut down my e-mail server for a year and a half when I was getting the strange Spanish spams.
When I brought it back online again, I started seeing them again.
Re:That only works for smart spammers (Score:2)
Re:That only works for smart spammers (Score:3, Interesting)
Re:That only works for smart spammers (Score:3, Informative)
There's little to no incentive in purging spam mail lists.
Sounds a lot like worm prevention! (Score:3, Funny)
Beware the airborne version. [wi-fi.org]
KDEMail? (Score:2, Informative)
That way, you click a button and send the "bounceback", and hopefully after enough, the spammers would remove you from their lists.
Re:KDEMail? (Score:4, Insightful)
Spammers care little if at all about bounces. Ponder, for a moment, how many bounce messages his server sent when it was off if this is still confusing you.
Re:KDEMail? (Score:5, Insightful)
No. Bounces never reach the spammer. Ever. Spammers always use fake sender addresses, so the bounces will go to an innocent bystander.
So, while totally ineffective, you also burden the innocent bystander with yet another bounce.
The only way to combat spam is to reject it on the SMTP level.
Note that the guy in the article was wrong. When a mailserver is offline for two days, no bounces are sent. Sending mailservers will usually retry for 5 days before bouncing the message.
However, spammers don't use mailservers to send their spam, they deliver the spam direcly to the receiving mailserver. They've got instant feedback on wether the spam is accepted by the mailserver or not.
When a mailserver is offline, spammers will know immediately. However I doubt they'd remove your name from the list because of this simple fact. Mailservers are regulary offline for multiple days.
In this case I rather think they installed a very good spamfilter on that brand new Exchange Server.
Re:KDEMail? (Score:3, Insightful)
That should prevent fake email addresses from being used.
Unfortunatly, large ISPs and email providers dont seem to want to implement SPF records for their mailservers.
Exchange spam filter (Score:2, Insightful)
consequence: (Score:5, Insightful)
"The message you sent X was undeliverable"
spam instead.
Nice.
Re:consequence: (Score:5, Funny)
> "The message you sent X was undeliverable"
> spam instead.
That's the worst haiku I've ever seen.
Re:SPF Records (Score:3, Insightful)
It just seems that the more security layers you have to go through, the more chance you have of something failing.
What if you wanted to communicate with a non-compliant e-mail recipient?
Obviously, if SPF becomes the law of the land, and EVERYONE starts using it, the problem of spam would go away, at least for a while
But it's the same phenomena slowing IPv6 adoption, things wor
This simply doesn't work. (Score:5, Informative)
Spammers simply aren't diligent when it comes to maintaining their list, they don't remove bounced emails (as they have spoofed all the headers anyway so they don't receive the bounces) they don't remove the address from domains without MX records or no reponding hosts(as they send all the spam from botnets that don't report failures back anyway).
I don't know what this guy did but he is thoroughly mistaken.
Re:This simply doesn't work. (Score:2)
Re:This simply doesn't work. (Score:5, Insightful)
I'd bet a beer that the new mail server installed at his institute includes some form of spam protection. My university's mail system has gone down for two days, and I still get one or two hundred spam mails a day. (of course, only one or two make it through the spam filters :)
Reinstall Windows for E-mail (Score:2)
Re:Reinstall Windows for E-mail (Score:3, Interesting)
I have had a couple of "personal spam" (messages that are from legitimate people - but are SPAM to me - on college campuses this happens all the time) get through - but after Reporting those as spam it hasn't messed up since. On average it has been eating about 30 spam emails a day.
I used Mozilla Mail's spam filter for the last year or so - and just completely switched to Gmail last week - and have found it to be supe
you mean greylisting? (Score:2, Informative)
By the way, I started greylisting on my mail server a couple of days ago, and my spam has gone down to virtually zero.
Re:you mean greylisting? (Score:3, Interesting)
It sure does. A greylistning is a better approach. And with greylistning you lose no legitimate emails (unless the sender use a seriously broken mail server). Before greylistning was introduced on our mail server approximately 90% of all incoming mail was removed by spamassassin. And that is even with a very high threshold, so a lot of spam still made it past the filter.
Once greylistning was introduced the amount of incoming mail dropped b
Ummm, yeah ... (Score:2)
I'll just give my IT folks a ring and see what they think of that. Mmmmkay.
You want us to what?!?!?!
have you ever considered.... (Score:2, Insightful)
Nice for personal email, but... (Score:2)
Wrong Approach? (Score:2)
Simple solutions for simple problems, lol!
Sounds like fun (Score:5, Funny)
Other option.. (Score:3, Interesting)
You'd be suprised at the sites that promise to protect privacy and don't.
Here's MY answer and it works 100% (Score:3, Interesting)
Account based email box ~ 25 spams/week over the past year.
My email account : 0!
Reasoning : spammers do s/nospam//ig; on their email addresses.
I really feel for that blahblah_@mindspring.com - They're getting my spam
(For the pedantic yes I know mindspring whitelists - mindspring.com i
backup MX? (Score:2)
Regardless, it would be pretty desperate to do that.
BTW, it took 48 hours to upgrade a MTA?! I'm glad I don't use Exchange.
-molo
Maybe they added spam filtering? (Score:5, Insightful)
I know that personally I've had my mail server go down for more than two days without a backup relay and had no notable drop in spam traffic.
Re:Maybe they added spam filtering? (Score:3, Insightful)
bah ummm bug (Score:2)
I find it especially annoying that gmail forwards me spam (albeit in my spam box) based on variants of "day.of.the.tentacle", eg dayofthe[whathaveyou]@gmail.com (yes, even without the dots between each word).
Thank you Google.
Greylisting? (Score:5, Informative)
In case of our university mailserver it worked like magic. I was getting 100 spams per day and now I get 4-5 and these are mostly from 'professional' "spamming houses" (the ones with proper mailing lists and proper mailservers, but which don't like poeople who try to unsubscribe).
Yes, like greylisting. (ie, Postgrey for Postfix) (Score:5, Interesting)
-Mark
Guess what'll happen... (Score:2)
Until spammers will send you a ping email to verify if your box awakes next week. Without any unnecessary top theoretical models...
Everything old is new again. (Score:2)
I secured my windows box in a similar fashion... (Score:2)
Seriously, isn't that a bit extreme? Making the service unavaiable is no cure for spam when is unavaiable for everyone else aswell.
Why bother shutting down? (Score:2)
Arghh! (Score:2)
I heard this all the time when I worked at a natural foods store. I call bullshit. From QuackWatch.org [quackwatch.org]:
It can be terr
Unacceptable (Score:4, Insightful)
There are drop in solutions out there. Use them if it's a real issue.
Didn't work for me. Bots are stubborn. (Score:3, Informative)
Despite this, my packet sniffer still sees ~20 connection attempts per hour to that old address, nearly three months later. They are all bot-infected PCs according to sbl-xbl.spamhaus.org
That address was being mercilessly spammed and under constant dictionary attack.
Ultimately, I was able to use my log files to reconstruct the dictionary they were hitting me with. I put the whole thing under blacklist_to and saw a big drop in junk getting past my filters.
-j
Odd girlfriend comment (Score:2, Funny)
b) If you dont have a girlfriend, check mails on the temporary alternative email ID.
This just in: Apparently airlines, the U.S. highway system, hotels, parks and other attractions have now opened their doors to people without girlfriends. Also, coffeeshops, bars, music venues, theaters, yoga studios and other local businesses are consdering joining this pilot program on a case by base basis.
Those without girlfriends, then,
Interesting approach... (Score:2)
Greylisting (Score:2, Informative)
What we need... (Score:2)
Since the article is /.'d (Score:2)
In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic!
Is it just me, or does it seem like one should see a 100% spam reduction after shutting down your mail server.
Additionally, if your mailserver is your laptop, you can actually preserve fertility by using this method as well.
"Bounce"ing Mail (Score:2, Interesting)
I was recently shocked to find that neither Outlook Express or Outlook have this feature.
Very useful for Spammers and Annoying Ex-Girlfriends.
I've been practically spam free... (Score:2)
I have an account through usa.net. I only give it out to people I trust, i.e., friends and family.
These people gain trust by first using temporary accounts I set up from my ISP (I should point out that usa.net now allows you to create 8 such accounts.) If anyone betrays my trust when using their temp account, e.g., signing me up for crap, giving out my email without permission, sending me "funny" crap, I cut them off. Their temp account is deleted and they ne
Your post advocates a.... (Score:3, Funny)
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which vary from state to state.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires cooperation from too many of your friends and is counterintuitive
( ) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
(x) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
( ) Ideas similar to yours are easy to come up with, yet none have ever worked
( ) Other:
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
( ) Other:
and the following philosophical objections may also apply:
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures cannot involve wire fraud or credit card fraud
( ) Countermeasures cannot involve sabotage of public networks
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
(x) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
( ) Other:
Furthermore, this is what I think about you:
(x) Nice try, dude, but I don't think it will work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Logically shut it down! (Score:3, Interesting)
mxlogic.com (Score:3, Interesting)
Those who don't understand technology are ... (Score:5, Interesting)
During that time, all the mails sent to my mail account were of course bouncing.
Of course they were NOT. During that time, emails sent to your account were being held at the sending server, or, in the case of spammers who aren't using open relays, there was a timeout during the connection to port 25 on your server. Neither results in a bounce. Most intelligent email systems are set up with a 5 day queue.
In other words, it will take 5 days for bounces to start being sent. That's for real email. For the spam, the bounces will be sent to fake addresses and the spammers will never see them.
I've had systems in place on many of my accounts for YEARS that bounce (reject with "unknown user" errors) spam and the same spammers keep sending the same shit over and over again. I've waatched the mail logs on my domain's servers where 99% of the incoming email is undeliverable spam (it ALL bounces) and the same spammers keep sending the same shit over and over again. Spammers simply either DO NOT CARE if they get a bounce, or do not see the bounces anyway.
There must be a different explanation for the reduction in spam. A new spam filter on the server, for example. Spammers seeing bounces and stopping is patently ridiculous.
Dumb article (Score:3, Interesting)
Never, not once, did he consider the fact that his admins *upgraded* the exchange server. The probably went from 5.5/2000 to 2003.
By no means am I an M$ guru, but I know for a fact that 2003 comes with a large amount of internal things to help control and minimize spam.
In fact, anyone upgrading to 2003 sees drammatically better spam controls.
Someone revoke this guys geek license, as he just failed the critical thinking test.
for love of logic... (Score:5, Funny)
This won't work - game theory (Score:3, Insightful)
Your move: optimize how long you need to shut down your e-mail in order to minimize spam. Their move: check one day longer than your precaution allows for.
They can keep pushing it back until it is no longer useful for you to even have e-mail in the first place (i.e., you have more downtime than uptime), and either you end up not using e-mail at all or you end up receiving lots of spam.
Occum'on (Score:3, Interesting)
Didn't that Occum guy have something to say about crazy theories like this author's rant?
Bah (Score:4, Informative)
In mimedefang:
You wouldn't believe how much stuff gets outright rejected just by checking the helo, greet_pause, and spamhaus. Spamassassin gets the rest.
I really don't know how I managed to run sendmail without mimedefang before.
Re:In case it's Slashdotted... (Score:2)
Re:Better Ways (Score:2)