|
|
New Articles:
Southern California Glider Landout Database Soaring 5-Inch Sky Robot FDM in Vacuum Gin Books Hacktastic e-bike Farnsworth Fusor Land Anchor Turchickentato Bowmaking Custom Discovery Roof Rack August, 2012 - Sierra Backpacking July 22nd, 2012 - Hiking in Santa Barbara July 15th, 2012 - Valley of Fire May 5th, 2012 - Afton Canyon April 28th, 2012 - Devils Playground Alpine Tripod Convict Creek Trail January 2012 - Mustangs January 3rd, 2012 - Heart Lake August 7th, 2011 - Kelso Dunes August 5th, 2011 - Lundy Canyon Hike August 2011, Mammoth Archery Birds in the garden June 4th, 2011 - San Gorgonio May 29th, 2011 - Sequoia National Forest April 23rd, 2011 - Living Desert April 2nd, 2011 - Death Valley March 8th, 2011 - Mountain Palm Springs February 13th, 2011 - Iron Smelt Blacksmithing November 13th, 2010 - Mojave October, 2010 - Mammoth Android September, 2010 - Mammoth September, 2010 - Duck Lake Trail Backpacking Red Iron bloom forging August 28th, 2010 - Mt. San Jacinto OSM Import: US Designated Wilderness July 25th, 2010 - Mojave Mustangs July 17th, 2010 - Mojave Exploration Bloomery furnace iron smelting Open Street Map: Mojave Project June 13th, 2010 - Mojave June 6th, 2010 - El Cajon Trails Wolf Mountain Sanctuary Carrizo Gorge March 28th, 2010 - Salton Sea March 21st, 2010 - South Main Divide March 13th, 2010 - Anza Borrego Wildflowers March 7th, 2010 - CSULB Japanese Garden February 2010 - Mammoth GeoRSS AISlib OpenStreetMap Dakota and Asha Celebrate Christmas, 2009 November 21st, 2009 - Mojave Road November 14th, 2009 - Anza Borrego Exploring The East Mojave: The Afton Canyon Area Broken flex plate Remote Image Serving Astro/night photography in Inyo National Forest Wild Mustang Sightings RSS September 26th, 2009 - Night Photography In Frazier Park Whiskey Brandy August 15th, 2009 - Catalina dive trip Astrophotography Sensornet January 24th, 2009 - Mojave Exploration July 2008 Mammoth Vacation AIS President Barack Obama! Rachel Maddow Big Geek Barack Obama April 12th, 2008 - Wildflowers and Landmarks My Grandfather's Alfa Romeo Spider March 8th, 2008 - Carrizo Plain Bridge To Nowhere High Availability October 20th, 2007 - Big Bear Camping October 22nd, 2007 - Fire Scottish Highlands, Aug 7th, 2006 Scottish Highlands, Aug 6th, 2006 August 5th, 2007 - Duck Lake Trail May 26th, 2007 - Kelso Dunes Culloden Battlefield, Aug 5th, 2006 May 20th, 2006 - Irwindale Renaissance Faire Edinburgh, Aug 4th, 2006 The Clifs of Moher, Aug 3rd, 2006 The Burren, Aug 2nd, 2006 Bunratty Castle, Aug 1st, 2006 May 5th, 2007 - Mojave Truck Audio/Data Network 2007 - Master Bath Remodel Centrum: Exit The Ring of Kerry, Jul 31st, 2006 Nikon D200 Victory in 2006! Blarney and Killarney, Jul 30th, 2006 Dublin and Cork, Jul 29th, 2006 Dublin, Jul 27th & 28th, 2006 Married! What Can I Do? April 30th, 2006 - Anza Borrego New desktop: Intel 805 D Macro Photography Jan 7th and 14th, 2006 - Hiking Whiting Ranch Hiking Engaged! Digital Photography with Linux September 5th, 2005 - Living Desert August 19th, 2005 - Mammoth Hiking and Photography July 30th, 2005 - Tucker Wildlife Sanctuary Nikon D70 Death, Fright and Photography Mmmmmm Eggs MythTV Inova T4 May 14th, 2005 - Red Rock April 2nd, 2005 - Death Valley Count Every Vote Act of 2005 Image Archiving Linear Logic ScanGuage Gentoo Linux November 6, 2004 - Mojave Super Tuesday, 2004 John Kerry Kayaking Irish Stew ImageServer Ireland, 2004 Canon A80 Camera Jul 25, 2004 - Death Valley Chronic Hiccups May 4th, 2004 Landscaping - My Front Slope Stump Pullin' Yeeee Haw! Feb 22nd, 2004 Feb 16th, 2004 PostgreSQL Logfile Analysis Spam Mountains? Desert? Jan 30th, 2004 Jan 28th, 2004 Encryption Ceiling Cargo Basket Front Bumper Version 2 Asha Exide Orbitals Land Rover Valve Jobs Spirits The Matrix: Revolutions Halloween 2003 Greg Davis CDL Linkage Ouzo Democracy Mom's Turkey Gravy Grandma's Guacamole Top Nodes Julian Pie Company DeCSS The KB1DIG 2-meter Halo Antenna Incomming searches Gardening is hard! Aug 13th, 2003 SQL and Perl Cancun 2003 Jul 9th, 2003 Aprs intelegence Jun 17th, 2003 Some People's Comments Dakota is a silly dog The Matrix: Reloaded Chris' Stage Bottle Harness April 23rd, 2003 Cracked Radiator! Black Wednesday DVD Burning Under Linux My Satellite Phone Wind! My Near-Death Experience Laser Cannon Revival Front Bumper, Version 2 SpamAssassin The Critters Dakota Milton KPC 3 Plus and HTX-252 My House Moving, moving moving... Mobile 1 Portola Hills New new house Suse Linux Database images In Truck Dr. Pepper My Favorite Toilet Kelso Dunes Desert Trips Ifulmuh Late Thoughts: Dr. Pepper Cooler 265/75-R16 Tires on a DII Linux George W. Bush Rants Driving Reservations Horses Sep 14 2002 Obsession August 17th Yukon Dives Less notifications My Custom Front Bumper Bracketless, Renamable Links Discreet Winch Welding Jul 28 2002 Day Trip My Firewall Jedi Group, my T1 and money A Bumperless Discovery! My Custom Rear Bumper Vanessa's 24th Birthday Jun 30th Dive to Long Beach Canyon PHP/PostgreSQL String Quoting Tonsillectomy, Uvulaectomy and Turbinite Reduction Searching functionality 240 Watt CO2 Laser Cannon My Workspace Dr. Pepper The Tulsa Rib Company The quality of hard disks these days Email notification of articles Email notification of comments erikburrows.com source code User Bios User Preferences Login feature Renisance Faire Jun 9, 2002 Computers hate me, and it is mutual. Star Wars Sucks! Horses, Jun 1, 2002 Land Rover Mileage Insomnia, Robin goes evil. 100 Watt Diode Laser Test Firing 1 Amateur Radio The Matrix 2001: A Space Odyssey TDI Deco Class Horses, Apr 30, 2002 APRS Movies Blackbird My Truck Batteries My Truck Vasquez Rocks The Zope Bible PSK31 Mojave Apr-12-2002 100 Watt Diode Laser The New www.erikburrows.com Hunter the Kitty Horses Geeks Yukon May-13-2001 Computers Matts Desert Pics Mojave Feb-10-2001 Mojave Apr-01-2001 Programming Languages Ironage Jul-4-2001 Mojave Jan-27-2001 Ironage Feb-03-2001 Mojave Jun-09-2001 SCUBA Jedi Group
|
|
|
|
Spam -   2004/02/16 | Viewed 111 times this month, last update: 2004/07/08
|
| In addition to being a somewhat odd lunch meat, spam is the single most destructive force on the internet.
Looking at my spam folder today, I noticed a funny thing:
I'm now getting almost 1 spam every two minutes. That's 720 spam messages per day. Since I get maybe 5 real emails per day, spam accounts for 99.3% of my email. Thankfully SpamAssassin does a good job of filtering them, so I only see about fifty per day, but am I alone in thinking that's just ridiculous?!
I know I get more spam than most people. It comes from having my email address being all over the internet, and almost all of the email addresses I've ever had still work, but still, I get so much spam, I'm loosing real email! Well, maybe loosing isn't the right word: It gets lost in the torrent of spam I live in every day!
What am I supposed to do?! I can't try to migrate to a private email address, I need people to be able to actually contact me from my web site, or from mail forums, or resume postings!
Update 2004/07/06
I'm on a spam killing rampage! I've replaced sendmail on my mail server with Postfix, and setup several spam filters. In addition to the truly awesome SpamAssassin, I'm doing lots of validation at the connection phase, six real-time-black-hole lists in addition to the ones SpamAssassin uses, Greylisting, Vipul's Razor, DCC and SPF validation!
I'm now down to about 10 spam messages per day that actually make it into my inbox. 20-30 more make it into my spam mailbox. I'm cured! But does that stop me? No! I'm very happy that by using DCC and Razor, I'm contributing to a community driven database of spam messages, helping others, who help me. It's great, but, now that the flood of spam has cleared, I can see other problems: People are spoofing me in their spam! I'm getting 20-30 messages per day from other mail servers saying that I was trying to send spam to their users! This is a known problem. Anyone can send an email with a from line of foo@erikburrows.com, and when that email failes to be delivered, the remote mail server will dutifully send a failure message to foo@erikburrows.com, which, of course, is me!
So now I'm going to get into the SPF promotion game. If these other servers were checking the SPF records I publish in the erikburrows.com TXT records, they would see only one server authenticated to send email from erikburrows.com, and the offending spammers wouldn't be able to spoof from me. SPF people! SPF! How's this as an auto-response?
"You have been duped! This email is not from me. If you institute SPF on your mail servers, you'll save us both bandwidth, CPU cycles, and stress." |
Comments:
Steve Kehlet (2004-02-16): buy a mac :-). the mac mail client's filtering is very good, hardly any spam gets through to me.
I saw someone a while back with a cool autoresponder, white list sort of deal. You send the person an email, you get an automated response with instructions on how to proceed to actually get through to the guy. Once you're on the list, you're in. Not too much hassle. Might not be good for resumes though.
Matt Bell (2004-02-16): The're otta be a law, goshdarnnit!
I feel that commercial advertising via e-mail should simply be banned. It takes up way too much bandwith for little return.
Erik (2004-02-16): Steve, I'm very happy with SpamAssassin. I don't think it's given a false-positive for any human-written message, but it has flagged a couple of emails from monster.com, where the job posting looked like a "work from home" spam message. An auto-whitelist system would be good for a public email address. That might make the public/private address system workable...
Matt: There are several laws. They're very hard to enforce however. I was on the other side of the fence for a while with my previous employer (passive! I never sent one spam message!), and I got to see just how hard to track down the hard-core spammers are, and how hard it is to defend against them.
Matt Bell (2004-02-16): I think the enforcement should fall on the advertisers, without them as clients, the spammers whould have no income and therefore no reason to continue. IE: make it illegal to advertise via spam not illegal to send spam, since that is damn near impossible to enforce. This would require an international accord, since most of the worst offendors are hiding in offshore nations that have no enforcement at all.
Erik (2004-02-16): That would only catch the least offensive spammers: Those who outsource the actual mass-mailing. These spammers are already being pretty severely limited by the mass-mail companies, simply because those companies can't afford to have too many complaints, or they're shut down as well.
The really nasty spammers are those who crack into machines to spam, with viruses, worms and script kiddies. These are the same spammers using email address "harvesters", and seem to have a staff of regular-expression writers to decode things like erNOSPAMik (At) erikburrows.no-spam.com.
Matt Bell (2004-02-16): They still need a customer to pay for the ad. Heavily fine the company paying for the spam and it will dry up. (For the spam to be effective, you must be able to identify the company being advertised otherwise how could you buy something from them)
Erik (2004-02-16): Actually, it's often very hard or impossible to identify the real company or person behind a spam email. These guys go to great lengths to hide their real identity. All they're interested in is getting your credit card number. If you're too smart to buy from someone who you can't identify, you're probably not the kind of person who is even going to open their email. I think it'd be fairly easy once you actually got the product you ordered, since it'd have to have a UPS or FedEx account number or street address on it, but there are ways around that too.
Matt Bell (2004-02-16): I suppose you're right, there are probably more fake companys trying to scam someone than actual companys advertising. Evil fucktards, kill them all. (Not that I'm bitter or anything..)
Erik (2004-02-16): They are evil. Truly evil. They're ruining the internet.
Jon (2004-02-17): We need registration and authentication for mail servers. Anything else will make the problem worse.
Erik (2004-02-17): Registration for which mail servers? earthlink's? aol's? erikburrows.com's? Even if that was feasible, how would that protect us against spammers who hack into otherwise legitimate mail servers (or personal computers) to send spam? Unless we're all willing to run OpenBSD (nearly unhackable), and be willing to go through a application process just to talk to each person we've never emailed before, I don't think registration would work.
One idea I think is intriguing is: Everyone should run spam filters, where for each email you receive, the spam filter program downloads every image, and accesses every HREF link, downloading all the images on that page, and maybe even walking the site a bit. For the individual, this would mean a small increase in bandwidth, but for the spam sender, it means that each of the 100,000,000 recipients is hitting their site HARD all at the same time. The load would be unbearable for most sites, and would at least limit their rate of send.
Matt Bell (2004-07-07): Chris just got Spamassassin working, what a difference! I'm also using Thunderbird and after a little training, it's almost getting them all.
Erik (2004-07-07): Since Monday morning, I've gotten 50 spam messages. Nearly all of those were caught by Spamassassin. RBL! SPF! Razor! DCC!!! RBL! SPF! Razor! DCC! Yeah!!!
Steve Kehlet (2004-07-08): You're nuts man. But I guess if I were taking in as much spam as you I might go crazy too.
Erik (2004-07-08): Yes, you would, but you don't fool me. I know you suffer as much as I do, if not personally, as an admin for lots of people. The same recipe for ham that worked for me will save your mail servers and spool files too!
Steve Kehlet (2005-06-03): Recently I've been getting a lot of spam, and I finally realized it's because my Mac at home is going to sleep and not filtering anything! Ahh well, client-side filtering isn't the best solution anyway. So I just set up SpamAssassin on my mail server and have been enjoying watching it identify spam as it's pouring in. I've got procmail ready to automatically file it away. Also, I noticed SpamAssassin is doing SPF detecting, so that encouraged me to register an appropriate SPF entry for my domain.
Erik (2005-06-15): Sorry it took me so long to respond. I know the SPF thing didn't work out for you, but how has your filtering setup progressed? More spam lately has been getting through my filters somehow, I'm up to maybe 10 per day. Grrr...
Steve Kehlet (2005-06-15): SpamAssassin has been working great. It's successfully tagged 40 in the last week. A couple spams have slipped through, but only because I haven't (yet)lowered the required spam score threshold from the default of 8. Thanks for the inspiration...
Erik (2005-06-15): I still have SpamAssassin's threshold set to the default, and maybe I should tweak it, but I still find a ham in with my spam folder every so often...
I have two special mail folders, called train-good and train-bad that I have sa_learn scan nightly, so I can copy emails into those folders for easy training, and I've been trying to give it as much ham as possible (The SA docs say a 10:1 ratio of ham:spam is good), but it's hard to get it enough!
Combine that with decisions like: Are the promotional emails from American Express, that look an awful lot like my monthly statements, spam?
permalink
|
|