Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

De-spamming Your Inbox The Hard Way 631

ajain writes "Even after using precautions like dummy email address in public forums, I have been plagued by the spam mails for long time now. Accidentally, I hit upon a not-so-elegant but effective solution recently: Ever thought of shutting down the mail server temporarily to stop spam to your inbox permanently? Well, it seems to work. In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic! Here are the details and a step-by-step guide to this desperate-method of spam reduction. I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero!"
This discussion has been archived. No new comments can be posted.

De-spamming Your Inbox The Hard Way

Comments Filter:
  • Another approach... (Score:3, Informative)

    by beh ( 4759 ) * on Thursday December 09, 2004 @03:36PM (#11045001)
    You might entertain another method - if you have an internet domain of your own. Make use of mail-subdomains that you cycle through regularly.
    And only trusted friends give permanent (or ermanent sub-domain) email addresses.

    And as for mailing lists, if you use procmail to filter inbound messages on mailing lists, scan for specific things in it, e.g. don't just scan for the recipient, but also for specific mailing list headers. Anything that falls through this sieve you throw away (or, at least, quarantine it in a separate location).

    • by admp ( 778242 )
      This is the same as not using email at all. Personally I find this technique useless. Don't you?
    • by Steepe ( 114037 )
      I personally use alternate email aliases on my mail server that forward to my real account. then, once every couple of months, I delete those aliases and create new ones to post to websites, or use when I sign up for something. Only close personal friends get my real address, and if spam ever does show up directly at that address, I attack the spammer in every way possible. (spamcop, the spam fcc email address, etc)

      Seems to work fine for me, and I can keep my mail server up 24/7.
      • by gcaseye6677 ( 694805 ) on Thursday December 09, 2004 @03:49PM (#11045207)
        Speaking of attacking in every way possible, I'm surprised some group of "white hat hackers" hasn't come up with a DDOS spammer attack bot, kind of like the Lycos screensaver. This is something that couldn't be done by a corporation for liability reasons, but I doubt the FBI or other law enforcement groups are going to care if people are DDOSing known spamming networks. Even better, the spammers can't sue anyone unless they want a class action countersuit on behalf of those spammed.
        • by whoever57 ( 658626 ) on Thursday December 09, 2004 @04:14PM (#11045498) Journal
          Speaking of attacking in every way possible, I'm surprised some group of "white hat hackers" hasn't come up with a DDOS spammer attack bot, kind of like the Lycos screensaver.

          You have not looked at artists against 419 [aa419.org], have you? It's not a bot, just a few web pages that continuously reload images from spammers' sites, but it seems to be effective.

        • by billstewart ( 78916 ) on Thursday December 09, 2004 @05:16PM (#11046169) Journal
          Active cracker DDOSing is mean and nasty and you shouldn't do it. But there are better-behaved ways to use group efforts to stop spammers.
          • Blocklists are of course a critical tool - identify the spammers or the relays/proxies/zombies they exploit, publish their addresses so that people can reject mail from them.
          • Sugarplums and other spam poisoners [devin.com] generate web pages full of bogus trap addresses for spammer address harvesters, so that they can DDOS themselves. Infinite-loop web pages, bogus email addresses, email addresses of other spammers, email addresses of teergrubes, spambait addresses on your machines that tell you to block anything from that IP address. Imagine if everybody set your 404-not-found page to include a few bogus addresses for spammers to email to...
          • Teergruben [] are modified tarpit mail servers that answer SMTP v...errrrryyyyyyyy... sssssssllllloooooooowwwwwwwlllllllly, and can keep SMTP senders that talk to them tied up for minutes or hours. If you're running real SMTP on the same machine, you can configure the tarpit function to only happen for recognized spammer IP addresses, or else you can run a dedicated server (e.g. if you're not running your own SMTP on your DSL or cable modem.) One of these doesn't make much difference. Lots of teergrubes can tie up lots of spammers.
          • Bandwidth Suckers like Artists Against 419 [aa419.org] repeatedly download images from spammer websites to tie up their bandwidth. Because many web sites and ISPs charge for bandwidth on a 95th percentile basis, two days of heavy downloads can totally jack their bandwidth bill for a month, and small sites (e.g. free web pages) that have quotas can be taken out for the month by aggressive downloads (1GB is about 6 hours at 384kbps, so you can blow out a small quota overnight.)
          • by jonastullus ( 530101 ) on Thursday December 09, 2004 @07:36PM (#11047338) Homepage
            - "blocklists" are also questionable because the maintainers of these lists gain a lot of power and often ask for huge amounts of money for address-ranges which were accidentally added to be removed again!

            - "teergruben" are a nice idea, but they would have to rely on source address filtering or only kick in after a few hundred messages. and if the spammer simple multithreads his sending "server" he might not be THAT bothered with slower delivery, as he can have thousands of concurrent deliveries, totally bogging down the receiving server!
            and also, if teergruben should just be the exception it is trivial to add a timeout to the delivery routine to abort after 1 minute or so of trying to deliver!

            - "bandwidth suckers" - this is just the kind of anarchistic vigilante justice that SHOULD SIMPLY NOT occur! even if it were not for the "collateral damage" to the network infrastructure and "innocent" pages being accidently hit, this is no better than stoning criminal suspects to death without proper trial...

            - "sugarplums" - this idea is actually pretty good but looking at the small return that spammers are getting at the moment this won't really slow them down much. even at 1% reached mail addresses the spammers still have virtually no cost in sending millions of mails out and thus will be hindered but far from stopped by injecting wrong mail addresses! also you have to generate those fake addresses without the spammers getting behind your mechanism of randomizing the addresses and you MUST also take care NEVER to inject a valid mail address by chance!

            there has actually been quite a discussion how to make mailing more "reliable" on a grand scale and i still find the idea of forcing mail servers to solve some computationally expensive computation rather nice. although this will cost legitimate service providers a little in hardware this will hit the mass mailers by far worse because they simply rely on cheaply mailing millions of mailings in a short time frame...

            well, so much for "innocent" protocols used in a hostile, mercantilistic, hard-to-trace and more-or-less-anonymous environment...

    • by Xeo2 ( 301694 )
      I don't think you understand. Your way is hard. His is easy.
    • by theblackdeer ( 453464 ) on Thursday December 09, 2004 @04:20PM (#11045587) Homepage
      Our ISP has set up a slightly more elegant way to fliter out lots and lots of spam. They call it DoubleVerify.

      From the FAQ (http://www.olympus.net/doubleVerifyNL):

      DoubleVerify gets two chances to automatically identify mail. When mail arrives at our mail server the first time our server requests the sending mail server to send it a second time. Spammers rarely comply. Legitimate mail servers typically resend the mail about fifteen minutes later. Once OlympusNet receives mail the second time, it immediately delivers that mail and continues to immediately deliver mail from that sender. The DoubleVerify process works invisibly and is handled automatically by the mail servers.

      You can whitelist entire domains (like your company, for example), too. It's worked pretty well for us.
    • by Anonymous Coward on Thursday December 09, 2004 @04:26PM (#11045660)
      Actually if you own a domain. Simply use abuse@yourdomainhere.com as your e-mail address. You will never receive any spam. I know this is not practical for most people but it works flawlessly.
  • by BaldGhoti ( 265981 ) on Thursday December 09, 2004 @03:36PM (#11045009) Homepage
    ...if you don't mind missing potentially important emails. It's a bit overdrastic and if you're supporting multiple users, it's going to be a totally unacceptable solution.
    • by jxyama ( 821091 )
      >...if you don't mind missing potentially important emails.

      exactly. if this method is an option for you and you don't want to get pissed off at spam, simply don't check your email for a few days... you'll forget all about spam after a while.

      of course, when you check the email after a few days, you'll have greater number of spam to go through and get even more pissed.

      i'd like to call it the "serenity now!" method. :P

    • How about modifying your mailserver, such that when an email message is marked as spam it sends a message to the sender saying it bounced. That way you don't drop any valid emails, and at best you get dropped from the spammer's list, at worst you make it so spammers have to keep long lists of invalid email addresses in case they are implementing this filter.

      Just a thought.

      • by fafaforza ( 248976 ) on Thursday December 09, 2004 @03:49PM (#11045201)
        Most spammers use joe-job attacks so you'll likely get a double bounce back on your server, or someone innocent will get your bounce.
    • A better solution would be to implement blackhole lists on your firewall itself. The firewall sees an incoming connection, checks with Spamhaus/SPEWS/whoever for whether or not that IP is blacklisted. If so, it simply doesn't respond to the packet. So rather than a "550 FOAD Spammer!" error message, the spammer will see it as completely not there. Same effect, but it doesn't punish legitimate uses.
  • by Anonymous Coward on Thursday December 09, 2004 @03:37PM (#11045021)
    They left out a t.
    • by Kaimelar ( 121741 ) on Thursday December 09, 2004 @04:57PM (#11045995) Homepage
      Sir (or Madam), I salute you. I've been editing technical proposals all day, and when I took a break to check Slashdot I was still in grammar-Nazi mode. The blatent screwup on the department line made me want to kill someone -- until I read your comment. I'm sure my coworkers are wondering why they keep hearing supressed laughter from my office.

      Thanks for lightening up my entire afternoon.
      • The
        blatent screwup on the department line made me want to kill someone -- until I read your comment. I'm sure my coworkers are wondering why they keep hearing supressed laughter from my office.
        When will Slashdot get an Ironic mod option?
  • Shutdown (Score:5, Funny)

    by Anonymous Coward on Thursday December 09, 2004 @03:38PM (#11045029)

    In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic!

    Rumour has it that shutting down your server permanently will result in a 100% reduction in spam traffic.

  • by Neil Blender ( 555885 ) <neilblender@gmail.com> on Thursday December 09, 2004 @03:38PM (#11045030)
    Manually deleting them one by one is the hard way.
  • by fireboy1919 ( 257783 ) <rustyp AT freeshell DOT org> on Thursday December 09, 2004 @03:38PM (#11045031) Homepage Journal
    Don't be fooled: there are plenty of stupid ones.

    I shut down my e-mail server for a year and a half when I was getting the strange Spanish spams.

    When I brought it back online again, I started seeing them again.
    • You get those ones too? I have absolutely no idea how I attracted those, as nobody I talk to ever seems to get them. Most of my spam is in spanish, and it's all the usual stuff, mortgages, increase your whatsit, whatever. It's been going on for a couple years now, and none of my other email accounts get them.
    • I had an e-mail address I used primarily for signing up to services that I needed to get an e-mail back from (with an autogenerated password). This was hosted on a domain that I took offline for nearly two years. When I brought it up again and created an account for the old e-mail address, lo and behold, spam kept coming.

      There's little to no incentive in purging spam mail lists.
  • by Tezkah ( 771144 ) on Thursday December 09, 2004 @03:38PM (#11045040)
    Just unplug your ethernet cable and your Windows box will be safe from worms!

    Beware the airborne version. [wi-fi.org]
  • KDEMail? (Score:2, Informative)

    by datastalker ( 775227 )
    If I'm not mistaken, doesn't KDEMail have the ability to send back "fake" bouncebacks to spam messages? I've been hoping that Evolution would get something like that for a long time, but it would seem like a good idea for just about any email client.

    That way, you click a button and send the "bounceback", and hopefully after enough, the spammers would remove you from their lists.

    • Re:KDEMail? (Score:4, Insightful)

      by rf600r ( 236081 ) on Thursday December 09, 2004 @03:43PM (#11045127) Homepage
      Bounce != no SMTP session at all

      Spammers care little if at all about bounces. Ponder, for a moment, how many bounce messages his server sent when it was off if this is still confusing you.
    • Re:KDEMail? (Score:5, Insightful)

      by Erik Hensema ( 12898 ) on Thursday December 09, 2004 @03:47PM (#11045179) Homepage

      No. Bounces never reach the spammer. Ever. Spammers always use fake sender addresses, so the bounces will go to an innocent bystander.

      So, while totally ineffective, you also burden the innocent bystander with yet another bounce.

      The only way to combat spam is to reject it on the SMTP level.

      Note that the guy in the article was wrong. When a mailserver is offline for two days, no bounces are sent. Sending mailservers will usually retry for 5 days before bouncing the message.

      However, spammers don't use mailservers to send their spam, they deliver the spam direcly to the receiving mailserver. They've got instant feedback on wether the spam is accepted by the mailserver or not.

      When a mailserver is offline, spammers will know immediately. However I doubt they'd remove your name from the list because of this simple fact. Mailservers are regulary offline for multiple days.

      In this case I rather think they installed a very good spamfilter on that brand new Exchange Server.

      • Re:KDEMail? (Score:3, Insightful)

        by jonwil ( 467024 )
        Thats why we need to push for much greater adoption of Sender Permitted From (SPF).
        That should prevent fake email addresses from being used.
        Unfortunatly, large ISPs and email providers dont seem to want to implement SPF records for their mailservers.
  • What are the odds the new mail server he is using put spam filters on there for him and he just didn't notice?
  • consequence: (Score:5, Insightful)

    by Progman3K ( 515744 ) on Thursday December 09, 2004 @03:39PM (#11045055)
    A few hundred random people received
    "The message you sent X was undeliverable"
    spam instead.

    • by Mr. Bad Example ( 31092 ) on Thursday December 09, 2004 @04:23PM (#11045621) Homepage
      > A few hundred random people received
      > "The message you sent X was undeliverable"
      > spam instead.

      That's the worst haiku I've ever seen.
  • by barcodez ( 580516 ) on Thursday December 09, 2004 @03:41PM (#11045081)
    I've got domains that I have left inactive for year then re-added them to dns and set up mail accounts for them and the spam comes in immediately.

    Spammers simply aren't diligent when it comes to maintaining their list, they don't remove bounced emails (as they have spoofed all the headers anyway so they don't receive the bounces) they don't remove the address from domains without MX records or no reponding hosts(as they send all the spam from botnets that don't report failures back anyway).

    I don't know what this guy did but he is thoroughly mistaken.
    • You're right. What incentive do they have to go through their lists? The variable cost of sending each spam is negligible, if not zero, since most heavy duty spam servers actually guarantee that email will go out from that machine for x amount of time before they have to shut it down. I've seen people selling use of a spam server in Asia for $10K/week, for example (this was years ago).
    • by SoTuA ( 683507 ) on Thursday December 09, 2004 @03:51PM (#11045233)
      I don't know what this guy did but he is thoroughly mistaken.

      I'd bet a beer that the new mail server installed at his institute includes some form of spam protection. My university's mail system has gone down for two days, and I still get one or two hundred spam mails a day. (of course, only one or two make it through the spam filters :)

  • So this is the equivilant of reinstalling windows every six months on your computer, I guess. I imagine the spam will begin again after a time. "I will be unavailable by e-mail for two days while I de-spamify, contact me later." Of course, you'd like to have that as an auto-reply, but then I guess this wouldn't work. For me, GO GMAIL SPAM FITLER GO!
    • I would have to agree with the Gmail spam filter.... it really does kick some major ass.

      I have had a couple of "personal spam" (messages that are from legitimate people - but are SPAM to me - on college campuses this happens all the time) get through - but after Reporting those as spam it hasn't messed up since. On average it has been eating about 30 spam emails a day.

      I used Mozilla Mail's spam filter for the last year or so - and just completely switched to Gmail last week - and have found it to be supe
  • by ntr0py ( 205472 )
    That sounds to be like a really inefficient form of greylisting [puremagic.com].

    By the way, I started greylisting on my mail server a couple of days ago, and my spam has gone down to virtually zero.
    • That sounds to be like a really inefficient form of greylisting.

      It sure does. A greylistning is a better approach. And with greylistning you lose no legitimate emails (unless the sender use a seriously broken mail server). Before greylistning was introduced on our mail server approximately 90% of all incoming mail was removed by spamassassin. And that is even with a very high threshold, so a lot of spam still made it past the filter.

      Once greylistning was introduced the amount of incoming mail dropped b
  • I'll just give my IT folks a ring and see what they think of that. Mmmmkay.

    You want us to what?!?!?!

  • the fact they might have installed some anti-spam filters when they were upgrading the mail server? duhhh
  • Nice for personal email, but... What do I do for my business email addresses? I cannot afford to have my business email down for more than 24 hours. If my client at xyz.com domain sends me an email, and my email host is unreachable, the server will attempt periodically for 24 hours to resend the email. If it's not successful by that point, it notifies the person at xyz.com that the email is undeliverable, and will try again for another 24 to 48 hours (depends on server configuration). Let's just say that
  • Couldn't we just ask spammers to stop? I'm sure if they were aware that many people didn't enjoy their email messages they would likely find a new way to advertise. They surely wouldn't want to offend potential customers, right?

    Simple solutions for simple problems, lol!
  • by hobo2k ( 626482 ) on Thursday December 09, 2004 @03:42PM (#11045103) Journal
    Anybody want to help me shutdown hotmail for a couple days?
  • Other option.. (Score:3, Interesting)

    by Coleco ( 41062 ) on Thursday December 09, 2004 @03:42PM (#11045107)
    ..perhaps won't slow the flow of spam but will let you know who that bastards are that are selling your email in the first place. Buy a domain name then use a different email address of every site that asks for an email.. for example 'amazon_email@yourdomain.com' if you fill in a form at amazon.com.

    You'd be suprised at the sites that promise to protect privacy and don't.
    • So far Ive had my setup email address (based on our account name) and I created one just for me. My email address is in the format blahblah_nospam@mindspring.com - Note: There actually is _nospam in my email address.

      Account based email box ~ 25 spams/week over the past year.
      My email account : 0!

      Reasoning : spammers do s/nospam//ig; on their email addresses.

      I really feel for that blahblah_@mindspring.com - They're getting my spam ;)

      (For the pedantic yes I know mindspring whitelists - mindspring.com i
  • This would require shutting down or disabling backup MX servers also. Or, maybe changing the DNS records to remove backup MX servers.

    Regardless, it would be pretty desperate to do that.

    BTW, it took 48 hours to upgrade a MTA?! I'm glad I don't use Exchange.

  • by sterno ( 16320 ) on Thursday December 09, 2004 @03:42PM (#11045115) Homepage
    The article says that the school upgraded to a new version of Exchange during that two day period. IS it possible that during the course of the upgrade they also added some anti-spam features that aren't visible to the end user?

    I know that personally I've had my mail server go down for more than two days without a backup relay and had no notable drop in spam traffic.
    • My thoughts exactly. This is a non-article, its amazing that it was posted to this site. With DNSRBL lists, some reasonable SMTP level filtering and spamassassin, I have had similar success in reducing the amount of spam.
  • it's not going to stop brute-force dictionnary-based spam.

    I find it especially annoying that gmail forwards me spam (albeit in my spam box) based on variants of "day.of.the.tentacle", eg dayofthe[whathaveyou]@gmail.com (yes, even without the dots between each word).

    Thank you Google.
  • Greylisting? (Score:5, Informative)

    by Doomie ( 696580 ) on Thursday December 09, 2004 @03:43PM (#11045135) Homepage
    Isn't this just a variant of greylisting [puremagic.com]? (the link is the first hit on google for 'greylisting')

    In case of our university mailserver it worked like magic. I was getting 100 spams per day and now I get 4-5 and these are mostly from 'professional' "spamming houses" (the ones with proper mailing lists and proper mailservers, but which don't like poeople who try to unsubscribe).
  • I think I'll model, simulate and then optimize the amount of shut-down time required for spam levels to drop to zero!

    Until spammers will send you a ping email to verify if your box awakes next week. Without any unnecessary top theoretical models...
  • Wow. I guess the popularity of web-based email addresses made this technique viable again. Back in the day when almost everyone except AOLers had to configure an email client to send and receive email, proxies that would bounce spam were used. It was effective at first. Then the spammers chose to ignore the bounced emails and just send them anyway. Now that there are so many people online that use the likes of Yahoo, Hotmail and GMail, this might be viable again. Anyone know how to bounce the mails in the Y
  • ... i simply unplugged it off the router. The procedure resulted in 99% percent of logged attacks, give or take 2%.

    Seriously, isn't that a bit extreme? Making the service unavaiable is no cure for spam when is unavaiable for everyone else aswell.
  • Why not just bounce all email for n days but deliver it as well. So you'll have to tolerate the spam and the recievers will have to tolerate the bounces, but the bounce message could include a line saying that it has actually been delivered. That way you avoid shutting down but get the same effects.
  • More than the religious custom, fasting has a scientific reason behind it: It detoxifies whole internal system by a) giving the body some much-needed rest and b) by cleansing the traces of toxins (as there's no fresh inflow, the bodily processes work on the left-over inventory and makes sure that it is digested properly and taken care of to give a fresh start the day after the fast).

    I heard this all the time when I worked at a natural foods store. I call bullshit. From QuackWatch.org [quackwatch.org]:

    It can be terr

  • Unacceptable (Score:4, Insightful)

    by DanteBlack ( 656808 ) on Thursday December 09, 2004 @03:46PM (#11045175)
    This is a totaly unacceptable solution in a real-world business environment. Two days worth of bounced emails and even a moderate size company could miss over a $100K worth of online orders. Worse yet they could lose a current customer or, almost certainly, a potential customer. Customers as a rule don't take kindly to bounced orders and then they go to a competitor.

    There are drop in solutions out there. Use them if it's a real issue.
  • by jakedata ( 585566 ) on Thursday December 09, 2004 @03:47PM (#11045185)
    I decomissioned a mail server recently. The IP address is empty. The MX record is flat out gone.

    Despite this, my packet sniffer still sees ~20 connection attempts per hour to that old address, nearly three months later. They are all bot-infected PCs according to sbl-xbl.spamhaus.org

    That address was being mercilessly spammed and under constant dictionary attack.

    Ultimately, I was able to use my log files to reconstruct the dictionary they were hitting me with. I put the whole thing under blacklist_to and saw a big drop in junk getting past my filters.

  • by Anonymous Coward
    6) T to Y: a) If you have a girlfriend, take a vacation with her.
    b) If you dont have a girlfriend, check mails on the temporary alternative email ID.

    This just in: Apparently airlines, the U.S. highway system, hotels, parks and other attractions have now opened their doors to people without girlfriends. Also, coffeeshops, bars, music venues, theaters, yoga studios and other local businesses are consdering joining this pilot program on a case by base basis.

    Those without girlfriends, then,
  • Sacrifice a few days of legitimate e-mail for a drastic reduction in spam, but I'm wondering if it's possible to let some e-mail through while bouncing all the rest - a whitelist approach. This would entail not turning off the server entirely, but responding "no such address" to all but those few names on the whitelist. So you could still hear from Grandpa or Aunt Jo, but all other mail would bounce. Would that be as effective as a complete shutdown? I'm guessing it would, because either way the recipient i
  • Greylisting (Score:2, Informative)

    by mpeppler ( 128232 )
    I added greylisting to my mail server, and that cut down on both spam and virus messages by a tremendous amount. See http://greylisting.org/ [greylisting.org] for more info.
  • ...is a way to receive email, but reserve the right to send a 'bounce' message sometime in the next, say, 24 hours. So once a day you can go into your server, sort the spam out, and just send out bounce messages en-masse to clear the address out of those lists. It's more work than shutting down the server, but lets you keep the 'good' email coming.
  • It's /.'d, so I can't RTFA. However, submitter says:
    In my case, a two-day shutdown resulted in 97.5% decrease in spam traffic!
    Is it just me, or does it seem like one should see a 100% spam reduction after shutting down your mail server.
    Additionally, if your mailserver is your laptop, you can actually preserve fertility by using this method as well.
  • "Bounce"ing Mail (Score:2, Interesting)

    by Salvo ( 8037 )
    Mac OSX Mail has a feature which lets you "Bounce" Mail, which essentially mimics the Server Response to an invalid Email Address.
    I was recently shocked to find that neither Outlook Express or Outlook have this feature.

    Very useful for Spammers and Annoying Ex-Girlfriends.
  • ... for about three years. Here is my plan.

    I have an account through usa.net. I only give it out to people I trust, i.e., friends and family.

    These people gain trust by first using temporary accounts I set up from my ISP (I should point out that usa.net now allows you to create 8 such accounts.) If anyone betrays my trust when using their temp account, e.g., signing me up for crap, giving out my email without permission, sending me "funny" crap, I cut them off. Their temp account is deleted and they ne
  • by Anonymous Coward on Thursday December 09, 2004 @04:09PM (#11045443)
    Your post advocates a

    (x) technical ( ) legislative ( ) market-based ( ) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which vary from state to state.)

    ( ) Spammers can easily use it to harvest email addresses
    (x) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    ( ) It will stop spam for two weeks and then we'll be stuck with it
    (x) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    ( ) Requires cooperation from too many of your friends and is counterintuitive
    ( ) Requires immediate total cooperation from everybody at once
    (x) Many email users cannot afford to lose business or alienate potential employers
    (x) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business
    ( ) Ideas similar to yours are easy to come up with, yet none have ever worked
    ( ) Other:

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    ( ) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    ( ) Asshats
    ( ) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    ( ) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    (x) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    (x) Extreme stupidity on the part of people who do business with spammers
    ( ) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook
    ( ) Other:

    and the following philosophical objections may also apply:

    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures cannot involve wire fraud or credit card fraud
    ( ) Countermeasures cannot involve sabotage of public networks
    ( ) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    ( ) Feel-good measures do nothing to solve the problem
    (x) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough
    ( ) Other:

    Furthermore, this is what I think about you:

    (x) Nice try, dude, but I don't think it will work.
    ( ) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
  • by telemonster ( 605238 ) on Thursday December 09, 2004 @04:09PM (#11045445) Homepage
    Come up with a white list of good addresses, and then reject all others. This way you loose a good amount of mail for the 2 days your shut down, but some important stuff would still get thru. Allow whitelist on border router or host firewall, deny everyone else.
  • mxlogic.com (Score:3, Interesting)

    by dj42 ( 765300 ) on Thursday December 09, 2004 @04:16PM (#11045526) Journal
    I use www.mxlogic.com to deny all medium-high risk spam completely. It intercepts it before it even hits my mail server. I like it.
  • by Obfuscant ( 592200 ) on Thursday December 09, 2004 @04:40PM (#11045813)
    doomed to repeat it. From the article:

    During that time, all the mails sent to my mail account were of course bouncing.

    Of course they were NOT. During that time, emails sent to your account were being held at the sending server, or, in the case of spammers who aren't using open relays, there was a timeout during the connection to port 25 on your server. Neither results in a bounce. Most intelligent email systems are set up with a 5 day queue.

    In other words, it will take 5 days for bounces to start being sent. That's for real email. For the spam, the bounces will be sent to fake addresses and the spammers will never see them.

    I've had systems in place on many of my accounts for YEARS that bounce (reject with "unknown user" errors) spam and the same spammers keep sending the same shit over and over again. I've waatched the mail logs on my domain's servers where 99% of the incoming email is undeliverable spam (it ALL bounces) and the same spammers keep sending the same shit over and over again. Spammers simply either DO NOT CARE if they get a bounce, or do not see the bounces anyway.

    There must be a different explanation for the reduction in spam. A new spam filter on the server, for example. Spammers seeing bounces and stopping is patently ridiculous.

  • Dumb article (Score:3, Interesting)

    by fimbulvetr ( 598306 ) on Thursday December 09, 2004 @05:21PM (#11046220)
    This guy has no clue what's going on. His knee jerk reaction is that it must have been because they shut the system off.

    Never, not once, did he consider the fact that his admins *upgraded* the exchange server. The probably went from 5.5/2000 to 2003.
    By no means am I an M$ guru, but I know for a fact that 2003 comes with a large amount of internal things to help control and minimize spam.
    In fact, anyone upgrading to 2003 sees drammatically better spam controls.

    Someone revoke this guys geek license, as he just failed the critical thinking test.
  • by rich42 ( 633659 ) on Thursday December 09, 2004 @05:35PM (#11046336) Homepage
    my car started running poorly a few months ago - so I took it into the shop. when I came back to get my car - they charged me $400. it runs great now. not driving my car for two days fixed it! now I'm going to try not driving it for 3 days to see if it fixes the rips in my upholstry. Also - did anyone else hear that you can reformat your 120GB drive to 260GB with no ill effects? I read that on slashdot a while ago!
  • by ari_j ( 90255 ) on Thursday December 09, 2004 @05:43PM (#11046392)
    The problem here is that spamming is easily modeled by game theory, and the spammers have a dominant strategy.

    Your move: optimize how long you need to shut down your e-mail in order to minimize spam. Their move: check one day longer than your precaution allows for.

    They can keep pushing it back until it is no longer useful for you to even have e-mail in the first place (i.e., you have more downtime than uptime), and either you end up not using e-mail at all or you end up receiving lots of spam.
  • Occum'on (Score:3, Interesting)

    by PeterHammer ( 612517 ) on Thursday December 09, 2004 @08:25PM (#11047662)
    All technical considerations aside (3 day retry periods, no central spam DB etc.........) let's just read up on Exchange 2003 marketing literature (not that we should normally trust Microsoft marketing literature, but it suffices that they cannot outright lie about it). They claim to have all sort of *new* spam block features. Perhaps the author may have considered the hypothesis that his IT dept made the switch with these features in mind. At the very least it would be nice if he did a little due diligence (or if he did do some, that he would note that fact) to rule out simpler explanations? Why on earth would spammer's care about keeping lists clean anyway? It's not like they all of a sudden grew a conscience?

    Didn't that Occum guy have something to say about crazy theories like this author's rant?
  • Bah (Score:4, Informative)

    by SCHecklerX ( 229973 ) <greg@gksnetworks.com> on Thursday December 09, 2004 @08:32PM (#11047701) Homepage
    What works well for me is mimedefang with spamassassin. My "It's Spam for sure" threshold is now about 3 points after a year or so of bayesian training. Most stuff I really want to look at comes in at -3 or less.

    In mimedefang:

    1. 554 reject spamhaus sbl/xbl in filter_sender. This list is easy for people to get off of if they aren't spammers. Just tell them that is why they are rejected. Spammers, of course, won't even pay attention to the 554 and continue to hammer on your server *sigh*
    2. have spamassassin continue to do the RBL checks anyway, as those other lists will add to the score (but we don't want to just reject on anything but spamhaus)
    3. configure sendmail to use greet_pause (1000ms on my server)
    4. reject helos that claim to be your own server in filter_sender
    5. reject helos that are not a fqdn or ip address in filter_sender(just make sure that the helo has a dot in between something...spammers and zombies LOVE using single-word helos)
    6. have mimedefang just discard anything that is above a certain spamassassin threshold in filter_end

    You wouldn't believe how much stuff gets outright rejected just by checking the helo, greet_pause, and spamhaus. Spamassassin gets the rest.

    I really don't know how I managed to run sendmail without mimedefang before.

Adding features does not necessarily increase functionality -- it just makes the manuals thicker.