Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Spam

I am the Most Spammed Person in the World 478

jefp writes "In November 2004, Microsoft's second-in-command Steve Ballmer made some headlines by mentioning that Chairman Bill Gates was getting four million spams per day. At the time, I was dealing with a little spam problem of my own - I was getting around a million spams per day. I found it a little comforting that my problem wasn't quite as bad as Bill's. However, a couple of weeks later Ballmer corrected himself, saying he mis-remembered the stat and Gates actually gets four million per year. This means I was getting one hundred times as much spam as Bill Gates. I've written a tutorial explaining why I get so much crapmail and how I deal with it."
This discussion has been archived. No new comments can be posted.

I am the Most Spammed Person in the World

Comments Filter:
  • by fizz ( 88042 ) * on Wednesday June 08, 2005 @01:29PM (#12760206) Homepage
    he just went from 1 million a day to about 1.3 million a day.
    • by PopeAlien ( 164869 ) on Wednesday June 08, 2005 @01:34PM (#12760276) Homepage Journal
      I dont get nearly as much spam as that, but even a few hundred a day is pretty irritating. My solution is to delete all email as soon as I get it.

      I figure if its important I'll get a phone call.
    • by Anonymous Coward on Wednesday June 08, 2005 @01:59PM (#12760555)

      Mail Filtering

      Or, how to block a few million spams per day without breaking a sweat.

      © 2005 by Jef Poskanzer.

      Introduction

      In November 2004, Microsoft's second-in-command Steve Ballmer made some headlines [slashdot.org] by mentioning that Chairman Bill Gates was getting four million spams per day. At the time, I was dealing with a little spam problem of my own - I was getting around a million spams per day. I found it a little comforting that my problem wasn't quite as bad as Bill's. However, a couple of weeks later Ballmer corrected himself [slashdot.org], saying he mis-remembered the stat and Gates actually gets four million per year.

      This means I was getting one hundred times as much spam as Bill Gates.

      Nevertheless, after filtering we both get about the same amount: around ten spams per day in our inboxes. Ballmer says that Microsoft has an entire department dedicated to protecting their mailboxes from spam. At ACME Labs there's just one guy, one server, and a T1 line. And yet my filters are a hundred times as effective as Microsoft's. How do I do it?

      These pages will show you how, and help you deploy similar filters on your own system.

      Goals

      What am I trying to do here?

      • Keep my email service running and useful.
      • Keep my web service running too, since it's on the same machine.
      • Avoid losing real email by mistake.
      • Delay growth in resource use, so I can delay spending money on hardware upgrades.
      • Spend as little time as possible on the above, so I can get more important things done.
      • Help other people do the same.

      Results

      For those who like to read the end of a novel first, here are some overall stats showing how the filters are performing.

      Environment

      This is all based on a Unix system running sendmail. If you're not using Unix, or you're using a different Unix-based mail system, most of the specific advice here will not help you. You may still find some value in the general ideas.

      Sendmail Config

      The first layer of spam defense is sendmail itself, because that's the first piece of software to touch each message. Sendmail has a number of different config options that can help you block spam and keep your machine stable.

      greet_pause

      As of version 8.13, sendmail added an anti-spam feature called "greet_pause". It is both simple and clever.

      In a normal SMTP transaction [slashdot.org], first the client connects, then the server sends back a "220" greeting message, then the client sends its HELO command. Some spam programs, however, don't wait for the greeting message. They just send their commands immediately without listening.

      The greet_pause feature detects this misbehavior by pausing briefly before sending out the "220" greeting message. If any commands arrive during that pause, then the connection is marked bad and anything coming over it is ignored.

      This one is interesting because it actually cuts down on the number of spam attempts, not just the spam deliveries. I figure when the spammers hit the pause they are somehow getting stuck. I'll have a graph of this later - before I enabled greet_pause, I was getting a couple million spam attempts per day; after, only 600,000.

      To enable the feature, you need to make two changes. First, in your sendmail.mc file:

      FEATURE(access_db)dnl FEATURE(`greet_pause',5000)

      You probably already have access_db defined; it just needs to appear somewhere prior to greet_pause. The number is how many milliseconds to pause; 5000 = five seconds. Then in your access file you should add this:

      GreetPause:localhost 0

      The second change prevents the pause from applying

  • by Anonymous Coward on Wednesday June 08, 2005 @01:30PM (#12760221)
    for Spamalot
  • by The Woodworker ( 723841 ) on Wednesday June 08, 2005 @01:30PM (#12760230) Homepage
    you don't post your email address to farmgirls.com!
  • by ccozan ( 754085 ) on Wednesday June 08, 2005 @01:30PM (#12760235) Homepage
    ...but not with one slashdotting.
  • by Njoyda Sauce ( 211180 ) <jnjpepper@NospaM.hotmail.com> on Wednesday June 08, 2005 @01:31PM (#12760242)
    He's really just using Slashdot to break his server farm so he won't have to get spam anymore.
  • nowhere (Score:4, Interesting)

    by magarity ( 164372 ) on Wednesday June 08, 2005 @01:31PM (#12760244)
    I'm pretty sure whoever runs nowhere.com can give you a run for your money in the most spam inbound. Although a lot of those are probably from organizations thinking they're sending to legit opt-in requests.
  • by xtracto ( 837672 ) on Wednesday June 08, 2005 @01:32PM (#12760248) Journal
    Keep my web service running too, since it's on the same machine.

    You try to do this by submiting a story to /. front page?
  • by caferace ( 442 ) on Wednesday June 08, 2005 @01:32PM (#12760250) Homepage
    Seeing as how he's the one who wrote it.

    Hi Pokey!

    -jim

    • This does not reflect well on thttpd. Not that I'm saying it is a poorly designed web server (indeed, I know it is not!), but it did not last long during this Slashdot barrage. I hope this doesn't become an incident people will refer to when attempting to denegrate thttpd.
      • by jefp ( 90879 )
        Thttpd is handling the load just fine. My CPU is 90% idle. The problem is collisions. The two-foot ethernet link from the DSL box to my switch is half-duplex. At the height of it I was getting about 400 collisions/second out of 1500 packets/second. It's tapering off now.
  • by Peter Cooper ( 660482 ) on Wednesday June 08, 2005 @01:32PM (#12760251) Homepage Journal
    the server got as far as spluttering this part of the page out:

    What am I trying to do here?

    Keep my email service running and useful.
    Keep my web service running too, since it's on the same machine.


    I guess 1,000,000 spams a day isn't as bad as 1000 people simultaneously trying to access your Web server!
    • by LuckyStarr ( 12445 ) on Wednesday June 08, 2005 @02:11PM (#12760659)
      In fact his Webserver still runs perfectly. Why do I know? Because I am reading his article. Slashdottings occur when webservers use more RAM than the system has. Kernel swaps, webserver allocates some more memory, tilt. So the obvious solution is to configure your webserver not to. :) I guess this is what he did. All incoming connects get queued by the kernel and handed over to the webserver if a slot gets available. It gets terribly slow (I can tell!), but if the user has a high timeout-value (of a minute or 2) then no error will occur at his end either.

      Very reliable tech I guess. :)
  • Greylisting (Score:5, Informative)

    by nocomment ( 239368 ) on Wednesday June 08, 2005 @01:32PM (#12760253) Homepage Journal
    Just yesterday I enabled Greylisting in OpenBSD spamd, and today I got 6 spams, compared with my usual 150. (per day).

    It's easy to set up and works with your existing mail server. OUr mail server is qmail on red hat, but openbsd just ahppily redirects the legit (what it suspects might be legit rather) to the mail server. The load has dramatically decreaed on the mail server.
    • ugh! pardon my spelling a grammar in that last post, I guess I should "preview" more often eh? ;-)

      Also I just checked and technically no spams were received today they came in yesterday. So I've gotten 6 spams SINCE enabling greylisting yesterday morning.
    • Re:Greylisting (Score:3, Interesting)

      by Greyfox ( 87712 )
      It would appear that a number of phishers actually go through real mail servers rather than some spam software designed to blast out thousands of mails at a time. Since I installed postgrey, the vast majority of the spams that have made it to my desk have been from phishers. Enabling spf checking filters out a good number of thouse, although for some reason I get soft-fails instead of fails from forged e-bay addresses (Easily solved, just blacklist anyone claiming to be from ebay at the mail server, since I
  • Stop signing up for all those free porn sites!
  • by nganju ( 821034 ) on Wednesday June 08, 2005 @01:33PM (#12760265)

    Your name in the posting is a link that resolves directly to your email address.

    Don't know what you're doing right now to reduce the spam, but maybe putting your email address on the front page of Slashdot is a step in the wrong direction.
    • Don't know what you're doing right now to reduce the spam, but maybe putting your email address on the front page of Slashdot is a step in the wrong direction.

      If you're standing in the surf, a little rain ain't gonna matter much...

    • Your name in the posting is a link that resolves directly to your email address.

      I always wondered this. OK, Bill Gates gets a lot of email just because of who he is. But why do "everyday" people get hundereds of SPAM messages a day? I don't get it. Are you just handing out your email to everyone? Are these unfiltered messages on your own mail server? I just don't get how you can possibly get that many SPAMs in a day. I have 5 email accounts at various providers, and I get maybe 5-10 a day TOTAL.

      • by argent ( 18001 ) <peter&slashdot,2006,taronga,com> on Wednesday June 08, 2005 @02:29PM (#12760857) Homepage Journal
        I have had the same address since 1989, long before there WAS a spam problem. My email address was all over Usenet when Cantor and Seigel sent out their first spame, which means it's all over Google Groups. The horse is so far out of the barn its grandchildren are headed for the glue factory.

        In 2000, the last time I added it all up, I was getting 300M a month *after* applying blacklists. At this point my mailserver is blocking several countries and ISPs, using multiple blacklists, and running some custom greylist software I wrote myself (for qmail... sorry, Jef), and my local mail client's only seeing 20-30 spams a day out of the hundreds of thousands (maybe as many as a million, it's too depressing to keep track) of delivery attempts that show up in my logs.

        If you don't mind changing your email address now and then, more power to you, but I'm damned if I'll give the bastards the satisfaction.

        A billion MIPS for defence, but not a byte for tribute!
        • If you don't mind changing your email address now and then, more power to you, but I'm damned if I'll give the bastards the satisfaction.

          Or if you don't have a choice. I used to use my work email for all my usenet stuff back in the late 90s. Then I left that job, and started using my own email address. That provider changed domain names, then I dropped them altogether when they took away all shell accounts. Then I had Earthlink for several years. I then moved across the country, and now have a new pr

        • Same here (although for not nearly as long a time), and I'm not about to replace my address - it's too widespread to migrate my friends and family to something else.

          I wrote an article [freesoftwaremagazine.com] about my Postfix + Amavisd + SpamAssassin + ClamAV + Greylisting setup; I'm down from many-thousand spams per day to one or two. We've reached the point where technology can do an excellent job of separating the wheat from the chaff, but people seem slow to adopt it. I'd go as far as to say that if you or your company stil

      • I've had my current email address for the past 13 or 14 years.

        (In fact the ISP it's hosted with currently hosts ONLY that email address and a tiny hunk of web space for me; I get my actual connection and everything from Cox).

        My address has been plastered all over the Internet from since before there was a spam problem. Even if I were to take it off of all the sites I've made, or ask it to be taken down from all the other sites, there's still hundreds of UseNet posts from before there was need to spam-proo
  • Mirror (Score:5, Informative)

    by schnurble ( 16727 ) * on Wednesday June 08, 2005 @01:33PM (#12760267) Homepage
    Just to alleviate some of his bandwidth, I have mirrored [parad.net] the mail_filtering pages. Looks like it's all there. Let me know if you want me to take it down.
  • I used to have more GPF's than anyone I had ever heard of or met.

    Damn. I could have submitted a story about it and used that same box as the web server.
  • I wonder.. (Score:4, Funny)

    by Mikey Rowan ( 890208 ) on Wednesday June 08, 2005 @01:34PM (#12760278)
    I wonder if Bill changes email addresses as much as I install security patches. Karma's a bitch.
  • "I'm the most popular person on the planet with people who want to enlarge penises and make them work all night long" isn't one of them.

    Weird article, someone ASKING to have themselves put under Slashdot's thumb.
  • Well duh! (Score:2, Funny)

    by Lugor ( 628175 )
    They are ACME Labs! They have everything I ever need. I order my gear to get that nasty Road Runner from them all the time! Its great stuff!
  • ... my thousand a day or so was bad.

    I can't even imagine getting that much, i'm already spamfiltering on at least 3 levels (bay server, bay client, manual client).

    Spammers should die. If i had to pay for line charges, id just kill my accounts.
  • by johansalk ( 818687 ) on Wednesday June 08, 2005 @01:36PM (#12760301)
    Does Ballmer "mis-remember" his others stats too; he's been showering us with them lately.
  • Why does ACME Labs get so much spam? That's a good question. There are probably two main reasons.

    Lots of people use "acme.com" as an example or fake address. It even appears in the HTML specifications. They shouldn't be using my domain name for this; in fact there's actually an official recommendation for which domain names to use as examples; but few people follow it.
    Acme.com's web site is fairly popular - we get about 25,000 visitors per day. That means our web pages are cached on a lot of people's disk

  • Heh (Score:5, Funny)

    by aftk2 ( 556992 ) on Wednesday June 08, 2005 @01:37PM (#12760320) Homepage Journal
    That is impressive, but I imagine that any catch-all email addresses at foo.com [foo.com] or test.com [test.com] might beat even that.
  • then FORWARD all of yours to bill.

    Problem solved!
  • What I Use (Score:3, Funny)

    by pastpolls ( 585509 ) on Wednesday June 08, 2005 @01:38PM (#12760332)
    For my fake email I have used john@holmes.com. I just thought it was funny to use. Then I realized there was a holmes.com. I would surely hate to some guy named john if I work there. I can imagine his email box is going nuts from 10 years worth of stuff.
  • Outlook Spam Filter (Score:2, Informative)

    by Langley ( 1015 )
    If you work in a company like mine where Outlook is de rigueur and the Boss is too worried about missing an email to even allow for simple spam filtering at the head end. I can't recommend enough that you give SpamBayes Outlook plug-in a try. It operates nearly perfectly if you train it well (only about 600 spam messages needed).
  • I started to email you, but then I started thinking, what if you are collecting and selling email addresses.... Wouldn't this be a good way to get bonafide email addresses? So now I am just wondering how you filter out the three real emails you get daily from the unwanted million.
  • Seems a trifle slow..

    Coral cache [nyud.net]
  • For those who do not know, Jef Poskanzer is the author of the thttpd webserver. I'm just wondering what sort of hardware you're running your site and email server on, Jef. I know that thttpd is extremely quick and efficient, so it wouldn't surprise me if you were running on an older 486 or early Pentium I machine.
  • Sheesh, tell Ballmer and Gates to use Thunderbird. Or drink it first (better). Then politely tell them how to use junk mail controls. They'll forget anyway, or probably ask: "Hey how can we buy more Thunderbird?"

    I'll point them to the corner liquor store instead, as they just wouldn't understand, anyway.
  • Coral cache (Score:3, Informative)

    by gregbaker ( 22648 ) on Wednesday June 08, 2005 @01:43PM (#12760393) Homepage
    The site seems to be slowing down, but the coral cache [nyud.net] is going strong.
  • wyle_e_coyote@acme.com

  • For those too lazy to RTFA, his hall of shame [acme.com] is interesting -- especially the AOL bit *insert generic AOL hate*
  • qmail (Score:4, Interesting)

    by mmkkbb ( 816035 ) on Wednesday June 08, 2005 @01:47PM (#12760430) Homepage Journal
    I like his slam on qmail. Does djb ever address such concerns?
    • Re:qmail (Score:5, Informative)

      by spun ( 1352 ) <loverevolutionary@@@yahoo...com> on Wednesday June 08, 2005 @03:17PM (#12761368) Journal
      Short Answer: No, but other people do.

      Long Answer: The concern is the misdirected bounce. By default and in accordance with the RFC, qmail bounces messages it accepts then later decides it can't deliver back to the sender. Spammers use false return addresses, so you end up bouncing spam back to innocent third parties. When used with naive spam-filtering techniques, this can be a problem i.e. qmail accepts the message, but a spam filter rejects it, and it is bounced. Here's what SpamCop.net [spamcop.net] has to say about it:

      Qmail: Qmail is one popular mail exchanger which suffers from this problem by default. If you use qmail, please apply a patch: spamcontrol [fehcom.de] or qmail-ldap [nrg4u.com].

      There is also an experimental patch for qmail which allows you to send bounces, but isolate them on a different IP address (so that spamcop can block them without blocking other mail): Richard Lyons BOUNCEQUEUE patch [theaimsgroup.com]

      PZInternet.com reports chkuser is a very good qmail patch to avoid misdirected bounces - very easy to install too! [interazioni.it] http://www.interazioni.it/opensource/chkuser/ [interazioni.it]

      For users of qmail-toasters, check out the simscan patch [shupp.org]

      Everything anti-spam is done by people other than djb. I love qmail, but it really isn't the easiest server to set up for spam control. One needs about a dozen patches to get it working right.
  • Though one lawsuit won't put a spammer out of business, 50 lawsuits might. Or 15 will make them reconsider thought business of spamming like Avtech [barbieslapp.com].

    Having over a million spams a day should make easy to find some spammers that can be tracked and sued. With that volume, it may be easy to find an attorney that can do it on contigency.

  • Is what you call spamalot [montypythonsspamalot.com].
  • ...getting back at you for all those screwed up acme rockets, boots, springs, hammers, etc. that you sold him. You were the road runner's best friend.

  • The best thing to do is what I did: Get yourself a T1 connection, which is not quite as expensive today as it used to be. Set up a domain name. Set up a mail server. The way you set it up is as follows: You have a primary account, which you actually check. This is a secret account, and you give it to nobody. Then, to each person who might one day send you email, you give a unique email address. So you'll have thousands of email addresses, one for each person who might send you an email. You set up SpamAssas
  • I would just like to say I am utterly impressed by acme.com, if anyone read cartoons you probably seen A Company Making Everything (ACME) advertised in almost all major comics made the last decade. The domain is so cool I am almost upset to tears that it is not mine (and also that it is unavailable right now because it is on slashdot)
  • What to do... (Score:5, Interesting)

    by SamMichaels ( 213605 ) on Wednesday June 08, 2005 @02:07PM (#12760627)
    Well his site is dead, mirrordot chokes on frames, and I'm too lazy to google....so I'll risk getting -1 RTFA and post anyway.

    This guy's SMTP server:
    220 gate.acme.com ESMTP Sendmail; Wed, 8 Jun 2005 11:53:27 -0700 (PDT)
    EHLO myhostname
    250-gate.acme.com Hello [myip], pleased to meet you
    250-ENHANCEDSTATUSCODES
    250-PIPELINING
    250- 8BITMIME
    250-SIZE
    250-ETRN
    250-STARTTLS
    250-DE LIVERBY
    250 HELP
    Pipelining is turned on for untrusted hosts. Nice.

    Either way, a good portion of the spam hitting my system never even makes it to EHLO/HELO time because if there's any sort of resolution problems with the dns/rdns or if the hostname contains the IP address in it (RFC violation) I delay the connection 20 seonds before the greeting. RFC states clients WILL NOT send data unless asked to do so, except for pipelining which is not advertised for untrusted hosts. When the MTA sees a bunch of incoming crap, it drops the connection because they violated the RFC rules for handshaking (clients MUST wait for the greeting). This does not affect legit MTAs with temporary problems.

    I go through a whole bunch of other checks even before DATA time, delaying at each step if there's a problem. 90% of the spam/viruses never even make it to scanning for spam/viruses because they violate something before that and the connection get drops (or they drop it from waiting). Once again, delaying 20 seconds does NOT affect legit MTAs.

    Big writeup on SPAM filtering [linux.com]

    My MTA [exim.org]
  • Author is a liar. (Score:3, Insightful)

    by DroopyStonx ( 683090 ) on Wednesday June 08, 2005 @02:07PM (#12760629)
    He wasn't getting a million fucking spam a day.

    Give me a break... 1/4 as popular as Bill Gates? Doubt it.
  • by Alejo ( 69447 ) <`moc.liamtoh' `ta' `1sojela'> on Wednesday June 08, 2005 @03:55PM (#12761774)
    A very nice read:

    http://www.benzedrine.cx/relaydb.html [benzedrine.cx]

"Gotcha, you snot-necked weenies!" -- Post Bros. Comics

Working...