Spam Filtering: August 2007 Archives
I keep a very close eye on our abuse desk.
Most of the time it's fairly quiet. Sometimes there are legitimate abuse reports and sometimes there are reports that make no sense.
In some instances this is because the person submitting the report is clueless and thinks we are responsible for websites hosted in Sweden (or anywhere else really - Sweden just popped into my head!)
In other instances you need to decipher their mumbo-jumbo to work out what they are actually complaining about.
Two incidents in the past couple of weeks were in the "WTF?" category.
In one case someone reported suspected abuse to us. We replied and they then reported us to our own abuse desk.
I'll try that again slowly in case you didn't quite catch it.
They sent a report to our abuse@. We replied. They reported the reply back to abuse@
You've got to love the logic!
To make matters worse they then replied to our second reply suggesting that they would take legal action against us!!
The second case isn't as amusing, but should definitely fall into the "dumb spammer" category.
If you want to send spam check that your list does not include any abuse@ email addresses. I mean really. Why don't you just ring the ISPs and yell down the phone at them instead?
You've guessed it. Yet another "wonderful" newsletter was sent to the abuse desk.
You have to feel sorry for them really...
Has anyone published a "Spamming for Dummies" guide yet? It would be an instant bestseller!
Most of the time it's fairly quiet. Sometimes there are legitimate abuse reports and sometimes there are reports that make no sense.
In some instances this is because the person submitting the report is clueless and thinks we are responsible for websites hosted in Sweden (or anywhere else really - Sweden just popped into my head!)
In other instances you need to decipher their mumbo-jumbo to work out what they are actually complaining about.
Two incidents in the past couple of weeks were in the "WTF?" category.
In one case someone reported suspected abuse to us. We replied and they then reported us to our own abuse desk.
I'll try that again slowly in case you didn't quite catch it.
They sent a report to our abuse@. We replied. They reported the reply back to abuse@
You've got to love the logic!
To make matters worse they then replied to our second reply suggesting that they would take legal action against us!!
The second case isn't as amusing, but should definitely fall into the "dumb spammer" category.
If you want to send spam check that your list does not include any abuse@ email addresses. I mean really. Why don't you just ring the ISPs and yell down the phone at them instead?
You've guessed it. Yet another "wonderful" newsletter was sent to the abuse desk.
You have to feel sorry for them really...
Has anyone published a "Spamming for Dummies" guide yet? It would be an instant bestseller!
Comment spam is really annoying. It's one of the reasons we all end up resorting to captcha etc., to block junk.
Todaynic, who I mentioned previously, are still at it.
It's a pity that the RAA doesn't cover spam ...
Todaynic, who I mentioned previously, are still at it.
It's a pity that the RAA doesn't cover spam ...
I've mentioned DNS blacklists several times in the past.
They can be a very powerful tool in the war on spam, but they can also cause you headaches. You can think of them as the "nuclear option" or "the last resort" if you wish.
Before you implement DNSBL checks at the SMTP level you need to check and doublecheck how the blacklist you are considering works. Please please please check this and check it again.
On my personal mail server, which isn't running Mailscanner, I rely almost entirely on two things to keep spam out:
In any case if you want to add DNSBLs into exim these are the basic steps that you could / should follow.
You will need to edit exim.conf, so make sure you have a backup first:
cp exim.conf exim.conf.backup
Once you have got your backup you will then need to add in the DNSBLs you want to use.
In exim.conf there should be a section labelled "ACLs", which might be around line 300 (or thereabouts).
This section basically controls what or who has access to your SMTP and how to treat mails.
We added in a couple of basis blocks after the first set:
#nuclear customisation to take load off
deny
dnslists = sbl-xbl.spamhaus.org
message = $sender_host_address is listed in $dnslist_domain\
${if def:dnslist_text { ($dnslist_text)}}
So in the example above we're blocking based on SpamHaus' sbl-xbl list.
There may have been other customisations, but that's the main one.
NB: This will also stop users from accessing your SMTP to send mail if their IPs are listed.
Someone asked me to post this example. It may work. It may not. The information is provided as is in good faith. YMMV
They can be a very powerful tool in the war on spam, but they can also cause you headaches. You can think of them as the "nuclear option" or "the last resort" if you wish.
Before you implement DNSBL checks at the SMTP level you need to check and doublecheck how the blacklist you are considering works. Please please please check this and check it again.
On my personal mail server, which isn't running Mailscanner, I rely almost entirely on two things to keep spam out:
- Greylisting
- DNSBLs
In any case if you want to add DNSBLs into exim these are the basic steps that you could / should follow.
You will need to edit exim.conf, so make sure you have a backup first:
cp exim.conf exim.conf.backup
Once you have got your backup you will then need to add in the DNSBLs you want to use.
In exim.conf there should be a section labelled "ACLs", which might be around line 300 (or thereabouts).
This section basically controls what or who has access to your SMTP and how to treat mails.
We added in a couple of basis blocks after the first set:
#nuclear customisation to take load off
deny
dnslists = sbl-xbl.spamhaus.org
message = $sender_host_address is listed in $dnslist_domain\
${if def:dnslist_text { ($dnslist_text)}}
So in the example above we're blocking based on SpamHaus' sbl-xbl list.
There may have been other customisations, but that's the main one.
NB: This will also stop users from accessing your SMTP to send mail if their IPs are listed.
Someone asked me to post this example. It may work. It may not. The information is provided as is in good faith. YMMV
Continue reading Adding DNSBLs Into Exim.
I have a strong dislike of spam and spammers.
On one level I am an email user, so their junk could clog up my inbox and waste my time. I may not read the rubbish, but deleting stuff that actually gets past my filters takes up time I could spend doing other things...
On another level I have no respect for the people who use spam to promote their business.
It doesn't matter if they are competing with me or not. Spam is a lazy and unimaginative way of marketing and people who resort to it should be treated as pariahs.
In any case last night was a case in point.
For the second time in the last few months I got a "charming" spam from an Irish "web design company"
Apart from the obvious fact that I'm big enough and ugly enough to find web designers when I need them (I think most people probably are ie. it's not one of those things that you purchase on a whim) the "designer" in question is second rate at best.
They're also not very good at spamming.
The opening line is really bad:
To whom it may concern
That's just plain lazy. Couldn't you try to be a little bit more inventive? If I was going to start spamming people I'd use much catchier opening lines.
Of course this idiot can't spell either, which is just annoying. Would you hire a "designer" who can't tell the difference between "whether" and "weather"?
The humble apostrophe also gets plenty of abuse at the hands of this genius:
Are Prices are very competitive but our design's always have the wow factor.
What's an always? I didn't think it could own anything ...
"Wow factor" has been upgraded to part of the English language I see.. How charming!
But the bit that really makes me giggle is the last line:
This email was sent according to the guidelines of the Data Protection Commissioner All recipients of this mail were compiled from online directories therefore given permission to be contacted via email.
Oh dear oh dear.
I somehow doubt the Data Protection Commissioner would agree. In fact I know they wouldn't.
If you do get an email from this spammer please report him to his hosting provider. People like this shouldn't be allowed waste space on the internet.
If you do want web design then check out professionals like Edenweb, Forbairt, SpoiltChild, Communicraft, Curratech and many more... At least they don't spam people instead of doing proper marketing!
