Tired of Email Spam & Fighting Back…
By Angsuman Chakraborty, Gaea News NetworkSunday, November 4, 2007
I finally grew tired of email spams, having to delete several thousand spams a day while fishing out for valid emails is no fun. Occasionally I deleted valid emails too in the process. I realized I was wasting valuable productive hours dealing with junk from cretins and morons (aka spammers). I decided to fight back.
I implemented a series of anti-spam measures in postfix over the last couple of weeks and testing them to death.
Today is my first spam-free day in probably a decade or more.
My crusade is so far with various RBL’s and email header & SMTP protocol compliance checks. I haven’t added spamassassin to the mix yet nor have I added clamav. I seriously doubt if clamav is required on Linux.
BTW: I never realized how effective RBL’s were till I tried them. Here is the stats from my latest mail log (from Oct 28 04:09:49):
Total mails rejected: 21141
Total mails blocked using RBL data: 16551
I am checking all my protection measures for effectiveness and more importantly false positives. I plan to publish them in details soon.
|
November 5, 2007: 1:06 am
You’re very welcome! Thanks for clarifying your stance on RBLs, your careful attention to false positives, and for only supporting RBLs with easy removal systems. |
|
November 4, 2007: 9:44 pm
I too am using RBL’s which provide an easy unpaid way of removal. I would never use APEWS, for example, which doesn’t provide any way of removal for normal users. RBL’s have a definite issue with dynamic IP addresses and shared IP addresses in typical shared web hosting scenario as you well illustrated above. I am spending hours trying to see if we hit any false positives. None so far. Still I am observing it closely, looking for errant patterns and such. Thanks for the clarifications and a much needed reminder. |
|
November 4, 2007: 1:40 am
If you’re using RBLs for IP checks, are you checking the emails that are being blocked by RBL data? They sure are great for blocking spam, but they also blacklist quite a few dynamic IPs and shared servers. Here are a few scenarios to consider: 1. One evening, a spammer sends a million spam emails and logs off his ISP. An RBL takes note of the spam, and adds his IP to its blacklist. The next morning, John logs on to email a report to his boss, but his boss never receives it. Why? Because when John logged on, his ISP assigned him the very same IP that the spammer used the night before, and his boss uses an group of RBLs to block email from “known spammers”. 2. John’s small, niche-market online retail site is hosted on a shared server with 100 other domains. Domain #93 begins to send massive amounts of spam emails. An RBL takes note and adds the server’s IP to its blacklist. Suddenly, John’s invoice and shipping confirmation emails are not received by certain customers. It turns out that these customers are using RBLs to block emails from “known spammers”, and they are not receiving John’s critical emails because he (and 98 other domains) share a server (and therefore an IP) with the evil Domain #93. It was for these specific reasons that Bad Behavior scaled back its usage of RBLs to only those with a way for users to remove their own IP and provided instructions for how to do so on its block page. |
Sunandar