Anurag Jain's Blog
Thursday, December 09, 2004

De-Spamming The Inbox: The Hard Way

Even after using precautions like dummy email address in public forums, I have been plagued by the spam mails for long time now. Two years back it used to be a few per day. And since then it has been a steady increase in the volume. As a result, till last weekend I used to get around 200 spam mails a day on my Institute's life-time email account. Then, one fine day (well, actually we were given notice 3 weeks in advance) our Institute decided to upgrade the Exchange mail server to the latest version. Hence the mail server was shut down for approximately 2 days/48 hours (4th Dec evening to 5th Dec noon). During that time, all the mails sent to my mail account were of course bouncing. Between the time when the system was shut down and the time when the system came back online on 5th noon, something miraculous had happened: My spam traffic had reduced considerably. Now I am receiving 'only' (!) 5-6 spam mails everyday! That is a 97.5 % drop in spam traffic! Interesting, eh? So what's happening is that the spammer dudes are dropping the bounced mail IDs like a mad-cow disease affected, well, cow. There doesn't seem to be a second try from spammers: Apparently they don't use the bounced email IDs again. I would assume that after the two-day shut-down/start-up of mail server, my spam traffic would have become zero. My current 'very low' spam traffic is only probably because of my email being available in public domain on webpages where I can not remove it from (damn my early Internet days' Naivete).

Essentially, for this De-Spamming methodology we can draw an analogy with the routine detoxing of the body. Example: On the basis of specific relgious beliefs, people fast once in a while. More than the religious custom, fasting has a scientific reason behind it: It detoxifies whole internal system by a) giving the body some much-needed rest and b) by cleansing the traces of toxins (as there's no fresh inflow, the bodily processes work on the left-over inventory and makes sure that it is digested properly and taken care of to give a fresh start the day after the fast).

So, is De-Toxing (De-Spamming) the Inbox by fasting/starving! (shutting down the Mail Server) a good idea? Well its effetive for sure, but it has its costs. You lose the genuine mail traffic for the duration of shut-down. Hence, if you are in a desperate need of De-Spamming your Inbox, here's what you should do. Let's say you plan to shut your mail sever down on Date T and you plan to bring it back to life after Y days. The question is for how long do you shut down the mail server? Well, I think most mail programs try to re-send the mail for a maximum of 48 hours. If the message doesn't go through even in 48 hours, the mail program gives up and finally returns error to the sender. Hence, to be on the safer side I would say, shut the mail server down for at least 48 hours (2 day). So once you have decided on a shut-down date and duration, here's the how-to guide to shutdown survival and resurrection thereafter!
1) T-30 (days) : Include in your mail signature at the top the "Please Note" clause stating that during days X to Y, your email won't be available and hence on those days, they should communicate to you on an alternative email ID. This should be highlighted in Bold and in a different color if possible.
2) T-15 (days): Remove all possible traces of your email ID from the Internet, public egroups, discussion boards or any other public forum.
3) T-15 (days): If you have to keep your email ID on a particular webpage in the public domain, encrypt your email ID by using simple HTML Codes for characters.
4) T-2 (days): Send all the people in your contact/address list a "Please Note" notification that during days X to Y, your email won't be available and hence on those days, they should communicate to you on an alternative email ID.
5) T-0: Well, shut the damn thing down!
6) T to Y: a) If you have a girlfriend, take a vacation with her.
                b) If you dont have a girlfriend, check mails on the temporary alternative email ID.
7) T+Y (days): Bring the server back to life and enjoy the miracle of spam-free/reduced-spam Inbox!
8) T+Future: Make sure you do not release your email ID in public domain. Always use dummy email ID, like aj@example.com . Also, If you are the guy who was checking mails on alternative email ID during shutdown, go get a girlfriend just in case it didn't work very well the last time and you need to shut it down again sometime!

Happy De-Toxing/De-Spamming! Here's one to long spam-free life of your email ID!

83 comments                                                                                              

Comments:
Couldn't it be possible that after the admin guys updated the Exchange server, they also added some good working spam filter?
That would clearly explain the decrease in spam ...

Just my 2 cent ...

G.
 
This is a very interesting and useful observation!
However, I'd like to point out that the question is not how long an email server keeps retrying (professional spammers don't use standard email servers) but rather how long it takes for all of the different spammers to try and fail on your address.

FYI - a regular mail server will typically retry for up to 3 days so something short of that would be preferable for this exercise.
 
Or you could just set up a way to send bounced email IDs on a per email basis. For instance, you find a spam email in your inbox and have an option of sending a bounced email back to the spammer.

1.5 cents

-MLL
 
pls post your email so i can test your mail server :-P
 
Jumped over here from Slashdot.

Intuitively, this explanation doesn't seem to work. Why wouldn't spammers just keep bad names on their lists? It costs them little, while the effort to update lists of tens or hundreds of thousands of email addresses is ridiculous.

This seems to be borne out in practice as well. As of a few years ago, the few people who have done research on spammers and have managed to get their hands on the 'victum lists ' (can't recall the actual term off the top of my head) have stated that around a third of them were for domains that no longer exist.
 
I would opt for the Spam Filter reasoning. I'm not sure what bounced back here when your box was down...considering there was no mail server online to generate NDRs back to the spammer mail servers (unless they have their servers set to try once and then fail if they don't hear back in a specified amount of time, which I doubt). Hence most likely their mail servers have a high 'retry' or time to live.

This is much different from a mail server being online and telling the other server that a name isn't listed...or that a mailbox is full, etc. In your case the other servers didn't hear back at all...which in turn would cause them to keep trying until they do...in nmost situations that's 2, 3 or sometimes 5 days worth of trying before they 'give up'.
 
When I moved a company website and email over to a new server. I subscribed to dynamic block lists and setup spam assasin. Our spam went from a lot to practically none and something quite humorous occured. A lot of spam kept being sent to the old server because Spammers did not keep their dns records up to date. This actually went on for some time.
 
You should read more "good" science. The "De-tox your body by fasting" hooey is a myth. Your body actually stops detoxification when you stop eating. So Don't!
 
You have nothing to complain about because you are handing the spammers and other advertisers your personal information. Why don't you take your email address, phone number, and address off your site?
 
The RFC says that MTA should try to redeliver for "a few days"
http://www.faqs.org/rfcs/rfc1894.html

The general consensus is 5 days.
 
updated the exchange server?

buhahahah.. that was a good one!
 
I've tried to do the same with my sister's email adress which managed to receive about 100 spam messages per day. I've let it fill up and it's been like that for a few months, I'd already forgot.. Hope it worked :)
 
What kind of crackpot advice is this?

Why are you suggesting using bold or coloured text in an email message?? The prevelance of spam is somewhat dependent on the misguided opinion that html email is a good thing.
 
This is totally stupid for a number of reasons

1. If a spammer sends spam to you while your mail server is down, the spam does not bounce back to the spammer. This is because spammers do not use a real e-mail address in their spam. So, the spammers will never see the 'bounced' e-mails and they will never know that your mail server is down.

2. Spammers don't care. They send out millions of spam mails a day. All spams are sent automatically and many are sent from zombied computers. The spammers couldn't care less if some of the names on their lists are no good. (See the story of 'Nadine@honet.com'). The idea that a spammer is going to spend time editing his address list (which contains millions of addresses) to remove a few invalid ones is .... well it's just plain stupid.
 
Spammerns don't sent junk through "normal" e-mail servers.. The spam software is it's own server. Also, the return path is almost always forged, so bouncing e-mails never reach them. Assuming this isn't the result of anti-spam software having been added, disconnecting the mail server is what did the trick.
 
neat observation. but shutting down the server completely is a bit harsh. here's my suggestion: compile a white-list of 'good' sender adresses, e.g. from all e-mailes you cared to read and didn't put in the trash, and of course all addresses you ever send a message to. let messages from these senders through as usual. bounce all other mails at least once. if one keeps coming back one or two times, it's very probably not spam. of course, that way, no one who's not on your whitelist will be able to send you an urgent e-mail in a timely manner. (is that important?)
 
I noticed the same when our ISP got cut off the Internet for a few days. Much of the spam that probably would have arrived at that time never did, but the legit mail during that period arrived soon after the connection came back up.

One explanation is that much spam comes from open proxies or hijacked machines. These machines get turned off or don't bother retrying after a bounce.
 
Coincidentally I just tried this method a month or so ago. While I did not exactly shut down the mail server (hotmail!), I let my emails overload and use up all space. So to Hotmail servers, my account is maxed out and new mails are undelivered.

Result: Some of the spam did disappear, while others continued. I think the spammers are not just spamming on a daily basis, but also replicating the user list to other spammers. So While my email may have actually been removed from the earlier list, it might have found its way to some new spammers.

Right now I cannot try this method for awhile, because Hotmail finally decided to increase my storage to 250MB ... and I am at like 2% of it ... ;) Yahoo acct likewise at 2~3% ... in any case, I notice that some of the spam mails' unsubscribe options really do work, you just have to read the whole unsubscription page carefully; sometimes there are options to unsubscribe to a particular list and others to completely unsubscribe.

Strangely, can't the spammers get it? ... that some of us are just not gonna buy it!
 
You could just try using the product from http://www.outlook-spam-filter.com/ I started using this about 2 weeks ago and have seen about a 50-60% reduction in my spam. This product allows you to 'Bounce' emails after they arrive in your inbox. The 'Bounced' emails looks as if you shut down your server or lost you account but you still can receive you emails.

my 2cents.

Derik
 
you sir are a moron, spammers always spoof the orignating email.. so how would they get a bounce back saying your server was down?

your theory is flawed, you said it your self.. they UPGRADED the exchange server.. its not like they just unplugged the mail server for 2 days, didnt change anything on the mail server then plugged it back in and *poof* spam was reduced.. get real..

They took the server down, upgraded exchange and installed some spam filtering software due ignorant users like your self kept getting hundreds of spam messages a day...

you can reduce spam by 100% by perminatly taking down your mail server... but ive taken a server down almost a year and as soon as I brought it back up it started to get bombarded by spam..

-nayr
 
You can tell that the Slashdotters were here, their egos are overfilling the comments area.

To re-iterate an earlier comment, the myth about detoxifying your body is something believed by the simple-minded who are too lazy to do any scientific research themselves. Put yourself in with the people who believe in the "miracle diets".
 
I've had my mail server shutdown for days at a time and it never effected the amount of spam I receive at all.

Spammers don't pay attention to rejects or bad connects ... they just blast their garbage out.
 
I use ZoEmail (http://www.zoemail.com/), so I don't have spam problem. If I do have one or two spams, I can tell who sold my email address and always have an option to kill it anytime I want.
 
If it works it is not because of bounced messages. If a spammer is sending mail and it tries to connect to a e-mail server and it isn't there it is going to show up as a bad host. It is much more likely that a spammer will respond to this type of error than a bounced message, as their e-mail application would wait for the server to time out and would slow down e-mailings.
 
Interestingly, I had done this myself about a month ago, but it wasn't a planned outage; I lost a hard drive and spent 4 days rebuilding my server.

I had this same theory that perhaps I would receive less spam once I brought the new server up.

Of course, I was wrong. I'm getting roughly the same amount as I was before.

The commentor who mentioned that spammers will never know if email sent to you has bounced is spot-on: they are almost all using compromised machines with forged headers -- these aren't normal mail relays. They don't know, nor do they care, if your email address is bouncing.
 
"my Institute decided to upgrade the Exchange mail server to the latest version"

If that's the case, your spam problem was addressed with this component of Exchange 2003:
http://www.microsoft.com/exchange/downloads/2003/imf/default.asp
 
postfix, qmail, sendmal
all three have a default retry of 5 days
 
If the spammer decides to spam you that day and they are using a standard qmail retry, you will have to shutdown your server for 7 days.
http://www.cyber-sentry.com/index.php?id=34

This method is completely useless. What business could actually shut down their mail server for more than 1 day, on purpose :). How about adding spam filtering to the exchange server? With new version it's built in.

I am sure you spent time writing this up, even got it on slashdot. People have very different profiles, shutting down a server isn't even an option. Short of like shutting down the city so their won't be a terrorist threat. EXTREME. Cheers
 
(Richard Tallent: http://www.tallent.us/)

1. Probably had something to do with spam blockers on the new Exchange server. Most reply-to addresses are fakes, so spam does not bounce back to the spammer.

2. To do this *without* losing email, try MailWasher: it pre-scans your POP3 account for addresses/domains in your own back/qhite list as well as RTBOLs, and sends a fake "bounce" reply to those you label as spam. Used to be quite effective until (1) above became true, but I still use it.

3. If you shut down your mail server permanently, you'll get even less spam! ;)
 
In general, bounce is bad. Spammer uses bounce nowaday to spam. Reject is better, IMHO.
 
everyone here are being total jerks about this, i know first hand this works. after receiving around 600 spam emails a day for a few weeks, i took the drastic step of shutting down my mail account (the server was in my bedroom, so it was easy) for about a week, then reinstated it, and had virtually no spam.. for a while anyway.

just some food for thought.
 
There's an easier way: Use postfix (2.1+) and enable these checks: reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unverified_sender

reject_unverified_sender is especially powerful. It cut 90% of my spam traffic in an instant! (It checks that email can be delivered to the purported from: address, but initiating - and then cancelling - an email delivery probe.)
 
You could probably simulate/emulate/mimic the same behaviour without actually shutting down the server. Just have the server *not* complete connections from the IP addresses of *known* spammers for rotating 2-5 day periods of time, if not permanently.
 
Yeah, yeah, understand the "people coming from slashdot have massive egos and like to pick on people attitude." It's more than a little warranted.

However, there's an excellent point here. Claiming "I did this and it reduced spam" without understanding the mechanism by which that would work is no better than a folk remedy. There are a lot of folk remedies out there, and people believe them because of generally unverifyable anecodtes. But most of them are in fact hooey.

I apologize for sounding elitist for saying this, but if you don't understand how spam software works, then your opinion on how to stop it, frankly, isn't all that interesting. Especially in a case like this, where the "It must work like this" explanation sounds plausible, but it WRONG.

As several people pointed out, the amount of work it takes for a spammer to process e-mail responses and edit their mailing lists is significantly less than the effort of sending extraneous e-mails. Which is why they don't do it.

Also, there's a difference between a server bounce (the server sending back a "no such e-mail message" and there being no response from a server (as you'd see in this case, where the server's unplugged). On a bounce, there's at least the possibility of someone recieving the bounce and acting on it.

In the "no response" case, the mail server would need to queue the message for a redlivery attempt, try for several days, and then give up. Again, spammers don't work like that--they're all about throughput, and the effort to catch a "not responding", note the address, keep retrying, and then give up (deleting the address in the process) just isn't worth it. Spam software is optimized for speed, which is why it doesn't have these kinds of features (which standard MTA's like sendmail DO have). This is why "greylisting" and similar tactics work.

Basically, the approach suggested sounds plausible, but simply isn't credible if you understand how spam ACTUALLY works and how it's NOT like a list server or normal e-mail. More to the point, it's not nearly as credible as the alternative hypothesis--in upgrading the mail server, the spam filtering capability was signficiantly enhanced. Occam's razor.
 
the easy way

drop smtp connections that have no reverse PTR record (gets rids on 98% of the zombied machines)

use spam assassin, set it at 3.5 as the spam threshold.

Use SPF

Use spamhuas RBL and spamcop block lists for DSNBL

create a 15 line times 70 characters Helo (HELLO) message, RFC stats no more than 15 lines at 70 char. per line, many spam email sending application choke on it.

do that and i garuntee your spam load will drop to 1% or less.

We know we had a 80% incoming spam to good email ration now it is only .5% spam to 99.5 good incoming mail.
 
Not a prayer that this will work. The servers at scruznet.com has been down for years, the domain does not exist anymore and the addresses associated with this domain show up on a regular basis in the spam listings. In addition, I've been rejecting the same bad email addresses for years without any affect on the people using these bad addresses. If they would clean up their list based on the server being missing they'd also be cleaning it up on rejections. I doubt very seriously if they even noted the mail server was down.

I suspect that the people installing the new mSexChange server added one (or more) of the spam filtering system that are now available. I do know that the level of spam at work has been reduced dramatically (from about a hundred a day to single digits numbers) through the use of gateway level filtering.
 
This works because the spammers weed out address that do not connect to a mail server. It has nothing to do with bounced email.

This doesn't help with spammers that use regular email server, but special spam software.

It is costly to keep trying to connect to dead email servers depending on how long the software trys to open a TCP connection, when your trying to send 100K emails having 10K bad servers can really increase the time to send spam. It is actually much easier to deliver an email to a server and have it bounce than a failed connect.

The principal is much like the beepers you can put on your phone to stop telemarketers, it fools there computer to signal that your number has been disconnected and they take you out of there system.

-lp
 
I've had this occur with me. I disabled a yahoo account which i entirely used just for signups on the web. It was all spam in my inbox. after a year i went back to the account and found that 95% of the spam had stopped once i reactivated the account. although im still surprised someone is selling my email address for profit a year later. the audacity of spammers is ridiculous. anonymity on the web sucks sometimes!
 
I put my server on a low carb diet and all my spammers went to eat somewhere where the food tasted better. That reduced my spam by 60%. Then I gave my server decaf coffee during the day and alcohol-free beer on weekends. Now I am spam free for life! But I still crave carb!!!

:|
 
Question: How many of you are spammers? How do you know exactly what they do?

I happen to know someone who was a part-time spammer (apparently there's a lot of money in it.) Spammers sell their lists to each other. A list with a few million addresses isn't uncommon. If even 20 - 30 percent of those are invalid, then that list isn't worth as much as a list with 90 - 95 percent valid addresses. The guy I know set up his system to take the bounced emails and remove them from his list, thereby making it more valuable. Also, if a list is filled with invalid addresses, that's wasted computer time that can be used to spam valid addresses. Not all spammers work this way, but many of them do. Therefore bouncing back spam can be somewhat effective in getting it to stop. One last thing, many spammers set up their servers to try only once, not for "a few days." If an address can't be reached the first time, they give up and move on to valid addresses.
 
As the Network Admin. for a company of around 4000 e-mail users the best thing I've ever done to fight Spam/viruses/spyware is a baracuda spam firewall it routes all e-mail through it then to your mail server. One cool thing about it, is it gives ou live statistics and in one week of installing it it had blocked over 20,000 pieces of spam.
 
"This works because the spammers weed out address that do not connect to a mail server. It has nothing to do with bounced email"

This is silly & stupid.

The way spammers work is use a zombied machine and send it one spam e-mail after another, each with thousands of recipients, and let the zombied machine do the real work of contacting thousands of receiving mail servers. Received: lines are almost always forged, as well as the Return-Path, SMTP MAIL FROM, etc. Bounced mails will always go back to the zombied machine.

Even if the software is designed for throughput as somebody stated, one thing spammers want to avoid at any rate is that somebody can trace them back. As we all know, the largest part of spam still comes from the USA, and there is now the CANSPAM act (strange name for a law regulating spam, don't you think?). So they'd run the risk of being sued, blacklisted, tracked down, etc.

Please go read the Internet Storm Center page, top right corner at http://isc.sans.org/, about the average survival time. This is the average time from connecting a new machine to the net until it gets scanned / attacked for the first time. 15 minutes. If the OP's mail server got rid of spam, it's definitely not just because they shut the server down for a few days.

Question: Did you even care to ask the administrators what actually changed???
 
1) The exchange server could have been upgraded with better anti-spam software, thus reducing spam.
2) Spammers DO NOT watch for bounced messages. Period.

SysAdmins handling email have been trying to do the right thing by sending properly formatted bounces to tell the remote server to stop spamming, account is gone, etc. None of this has worked.

More likely, your email server has been temporarily removed from the spam host target list for the spam run currently being done. Spammers tend not to cull lists by bounces. They don't care about bounces, but they DO care about their emails getting out on time and in sufficient quantity. If your mail server was down and their relays were "stuck" waiting for your email server, that costs them time, money, etc.

What they probably did was remove your server from their listing temporarily to expediate their own spam runs. If you are down for 2 days, it would be reasonable to assume you are offline. Note that this doesn't mean your server and email address has been removed from their list. It just means you've been shuffled for the time being.

There's my 2 cents.
 
This strategy is pretty similar to a strategy of "don't use email at all." I think you are accidentally heralding the end of email, as has been predicted by various net pundits for a few months now.

Another way of phrasing this is: what happens when the spammers start resending the bounced emails? You just inconvenienced yourself by stopping your server, but didn't acutally solve the spam problem. Strong work.
 
I don't think OP is a moron.

OP, please post a retraction when you find out that your e-mail server was upgraded with a better filter. Probably greylisting, eh?

There is enough misinformation on internet already.
 
This SPAM epidemic is getting way out of hand. There are now businesses relying on the fact that spam continues, and that their solution keeps up with the technology rat race. Now they can advertise their services and software as one of the best technological solutions. I think this is giving a false impression as to what the real solution needs to be.

Solution, simple! DNS and some added SMTP server code updates.

Current DNS mail related records that I know about are as follows:
MB – Mailbox
MD – Mail Destination
MF – Mail Forwarder
MG – Mail Group
MINFO – Mailbox or mailing list information
MR – Mail rename domain name
MX – Mail Exchanger
PX – Pointer to X.400/RFC822 mail mapping information

Given the current DNS system, most viable businesses, organizations and institutions that have a web presence and a corresponding DNS entry, also maintains a suitable MX record.
Not to my knowledge, with the current DNS registrar system that is already in place, has anyone been able to overtake on a regular basis a valid DNS name. Therefore, use the existing set of DNS mail records or define a set of new records to rid the world of SPAM almost over night (figuratively speaking).
Initially have the receiving SMTP server check for a valid MX record. Next, have the SMTP software allow the administrator to add any valid domain that a particular entity is interested in receiving. Not only stop there, but have a rating system for the size of a company and their type of business. Likewise, size and rate every type of business, organization and institution. The size and rating would be tied to the DNS information. Most importantly is the fact that each SMTP server would be able to query the DNS system and get some reliable information to test against. Also, there could be time-to-live(TTL) information associated with the DNS information so that each SMTP server would know how long to hold onto the information and not have to query for the information each and every time.
There are other deciding factors that should be put into place, and obviously one would want a system such as this to be scalable for any unforeseeable future needs. After this type of system was in place for at least a year, have the ability for servers to invoke a “permission to send” option. This would create two reasonable effects. One, if the DNS information did not check out then deny the request, and the administrator would be notified and could add it to the valid list of SMTP servers if needed. This first scenario would be for older original SMTP services. Additionally, if the sending SMTP server(example a spam server) was not to first get “permission to send”, then the receiving SMTP server would simply hand back an invalid delivery request or drop all the packets that were associated with that particular request.

There are in fact a lot of “holes” to be closed with this system, but like the communication itself on the Internet, it would be a free fix. Spammers are making it costly in both time and dollars needlessly to many innocent victims. Likewise, don’t be like the others in commenting here, and provide needless name calling. Tear apart each other ideas, but be ready to provide your expertise to building a better ship. Everyone is in this battle together, and it is just a matter of what your perspective is on the subject.

Most importantly…
Give people back the right to choose to whom they would like to communicate with and when.

I would love to see a solution as such and watch all the Spammers get really frantic. Hasn’t it been long enough that we have been frantically trying to block their malicious spam and infected emails? Now let them stew for a little while (or likely much longer) on how they are going to get their junk out to their next victim!
We are the victims now, however we are the professionals, ethical, moral or just people wanting to pursue a life of happiness and freedom from being bombarded by someone else’s demented approach to our invasion of privacy!
So I say, is it now time to take back that right and play their game, but only better!
~ NETMGR ~
 
So simple yet it might work very well!

Good job!

/ MackanZoor
 
For a detailed explanation why the author of this article is wrong: http://tinyurl.com/6houy
 
as previously stated, this idea is flawed. the company i work for in fact sends some spam, and if we do get a bouce, we just mark the a record in the database that it bouced, however we still send to that address. No i am not proud of the fact that we do that, but we legally have the opt out link in every message.

I am a big fan of using GFI's mailessentials and mailsecurity to take care of all my message filtering, however it still lets crap through since the admin department bitches at me if a message is tagged as [spam]. im half tempted to just turn the damn smtp interface off, and getting exactly what i want... no spam.

Has anyone tried using SPF records for spam filtering?
 
Hmmmmm. Doesn't seem to work that way for me.

I moved hosting in 2001 from provider X to provider Y. During that transition I did not create a large number of accounts that had previously existed on provider X. In effect, beginning with the move, many, many addresses started bouncing. Remember, that was the fall of 2001.

Fast forward to fall 2004. Because of a "screwup" at provider Y, all mail addresses "vaporized" and all mail addressed to any userid at my domain was delivered to the "postmaster" address. Among the messages I had to fish thru were the addressees that had been deleted at the move.

Frankly, I do not believe your technique works at all.
 
Taking down the mail server for two days!! If I do this I am sure the first email I will get when the mail server is back up would be from my boss with the subject: "PINK SLIP".

Taking down mail server to stop spam is the most extreme yet unguaranteed method to stop spam. Cheers!!

P.S. Take a moment and thank the folks who upgraded the Exchange Server.
 
Thu 2004-12-09 17:54:14: Session 4254; child 3; thread 1900
Thu 2004-12-09 17:54:14: [4254:3] Accepting SMTP connection from [200.48.36.148 : 47390]
Thu 2004-12-09 17:54:14: [4254:3] Looking up PTR record for 200.48.36.148 (148.36.48.200.IN-ADDR.ARPA)
Thu 2004-12-09 17:54:14: [4254:3] Name server reports domain name unknown
Thu 2004-12-09 17:54:14: [4254:3] Reverse lookup configured to drop connection on PTR record miss-match.
Thu 2004-12-09 17:54:14: [4254:3] --> 501 Domain must resolve
Thu 2004-12-09 17:54:14: [4254:3] SMTP session abnormally terminated (Bytes in/out: 0/25)
Thu 2004-12-09 17:54:14: ----------
 
Thu 2004-12-09 17:54:14: Session 4254; child 3; thread 1900
Thu 2004-12-09 17:54:14: [4254:3] Accepting SMTP connection from [200.48.36.148 : 47390]
Thu 2004-12-09 17:54:14: [4254:3] Looking up PTR record for 200.48.36.148 (148.36.48.200.IN-ADDR.ARPA)
Thu 2004-12-09 17:54:14: [4254:3] Name server reports domain name unknown
Thu 2004-12-09 17:54:14: [4254:3] Reverse lookup configured to drop connection on PTR record miss-match.
Thu 2004-12-09 17:54:14: [4254:3] --> 501 Domain must resolve
Thu 2004-12-09 17:54:14: [4254:3] SMTP session abnormally terminated (Bytes in/out: 0/25)
Thu 2004-12-09 17:54:14: ----------
 
For some ignorance is bliss++
 
Most ridiculous advice ever to be linked from Slashdot. "Removing traces from Internet", "colored bold text" in email, mail bouncing after two days... what a confused heap of nonsense.
 
If you actually believe that turning off the server for 2 days will reduce spam, you are officially adorable.
 
OK. calm down all /.ers... Time to go back home and read some real *news*
 
When I moved 6 months ago, my DSL line was unavailable for about 10 days. Everything was bouncing. When my line came back up, all of the spam came back.

I block mail from many IPs in China and Korea. I'm rejecting 180 messages a day with code 553 responses; if the mailers were at all intelligent, they would stop trying. (See http://fadden.com/techmisc/asian-spam.htm)

I am, frankly, surprised this had any effect whatsoever.

- Andy
 
I have the same questions that others had, do spammers really clean their lists from the bounce results. I would have assumed not from hijacked machines (afterall who cares if it's overloaded with undeliverables), but I suppose at some point they must clean their lists or they would eventually just become too full with junk.

If they don't clean lists, then I believe the correct counter-measure is to populate their lists with as many bogus emails as possible (preferably with names that cost them lots of time to look up, but don't put a load on any innocent servers).

Perhaps they just cycle through, gathering emails over a few months and then spamming/selling those lists for a couple weeks/months then starting over.

--D
 
Regarding:
"It checks that email can be delivered to the purported from: address, by initiating - and then cancelling - an email delivery probe."

A friend of mine wrote a program a couple of years ago to do exactly this. It was specifically to verify email addresses. While working on this program, he had many, many offers from spammers to buy it. The prices ranged from $15,000 to $40,000 dollars.

Spammers care about valid addresses, because while only 0.015 % of their valid addresses result in more sales/profits/traffic/etc. Exactly 0.0% of their invalid addresses result in any type of profit.

Think about it. If you are going to send out 4 million emails, wouldn't you rather send them to 4 million valid addresses? or 2 million valid, and 2 million invalid addresses? (A way to verify the lists and increase the profits was why everyone wanted that program so badly.)

Of course there are lists that contain invalid addresses, which is why you could still receive some emails if you bounced all messages. The least successful spammer isn't going to go with all the most efficient methods. He or she will use outdated lists and not care about invalid addresses. But that doesn't mean that this won't PERMANENTLY reduce SOME, not all, of the spam you receive.

If spammers didn't care about invalid email addresses, why not just try every 8 character combination at every website? Assuming lower case letters only, that's only 208,827,064,576 combinations per website . . . Oh yeah, that's right, they do care about throughput. The more valid addresses, the more idiots will respond to them and thereby validating their existence and making them a tidy profit.

Of course, shutting off your server isn't the answer, but bouncing back spam as undeliverable does work. With all these people on here saying that it can't work, it doesn't work, it's BS, etc., I tend to wonder if maybe these people are spammers, and don't want people doing this as it affects their income . . .
 
You are speaking NONSENSE.

1) A mailserver that goes down does not bounce messages. The remote MTA that is delivering mail temporarily defers the message and keeps retrying until a certain pattern is achieved.

2) Spammers do not use normal MTAs and know nothing about bounces or 4xx deferrals. Most of spamware doesn't actually TALK to your MTA. It connects, writes a bunch of predefined protocol statements, checks if it gets a go-ahead, dumps the content, and disconnects. The statistics is gathered during the checkpoing when spamware issues a DATA command.

Conclusion: instead of suggesting a stupid thing to stupid people, get some blocklists like SBL and start firewalling off netblocks that are considered spammy . Alternatively, temporarily drop MX records . Hell, just firewall off 200/8; you will see an immediate drop in spam:

iptables -I INPUT 1 -s 200.0.0.0/8 -p tcp --dport 25 -j DROP

Signing off, your NANAE friends @/.
 
By the way, you said your mail server was down for 2 days, from the evening of Dec 4th through noon on Dec 5th. That's only half of one day's worth of time, not 48 hours worth. 48 hours from the evening of Dec 4th would be the evening of Dec 6th.

On a side note, I ran a small hosting business for years and decided to try out this thing called SpamAssassin. The day I implemented it, I thought I broke my Email server 'cause it was barely receiving any Emails - turns out only 1% or 2% of the spam targetting me and my virtual domain clients was actually getting past SpamAssassin, and with a little training once a week, I may get two spam messages a week instead of, like you, 200 per day.
 
Is this a HOAX? Our exchange server cannot stay up for 48 hours
 
Without having read through all the othe posts (someone else may have had this thought), the perceived solution seems unlikey.

Really, how many spam emails have a real return address? So how would they know they have bounced?
 
I have one thing to say www.barracudanetworks.com the Barracuda Spam Firewall is the best antispam device in the world. 75% of my companies email traffic never sees the inside of my network now. This thing stops spam dead in its tracks.
 
Ok. So I had 3 things to say......
 
I tried this very same thing with a very different result. I stopped using e-mail all together. You see, after two weeks of not using e-mail, I realized I didn't need it. As you liken your process to religious fasting, mine was a religious conversion.
 
This is why I love Kmail's Bounce Feature, does anyone know one for Windows?
 
and you, dear sir, have to get a clue about the internet in general and mailservers in particular real soon.
 
De-spamming needn't be so painfull.

Using "Mailwasher" downloaded for free from www.download.com, I was able to reduce my daily spam load from about 120/day to practacally 0. It took about 3 weeks of adding to, and editing a blacklist of source email addresses every other day, and automatically sending back "unknown user" service messages to blacklisted addressed. (Aparently, spambots pay attention to these messages.)

The effects were noticable in a week, substantial at the end of the next week, and complete within a month. After that, I discontinued running MailWasher, and haven't received any spam since (several months).

I didn't lose any messages I wanted, but it killed all the spam.
 
The only thing I see evidence for here is that our high schools don't teach critical thinking skills.
 
My suggestion for you:

www.dodgeit.com

Oh, and if you use it often, please donate. Keep them alive!
 
All Irishmen are drunken, wife beating louts.
 
Why bother with shutting down mail servers or anti spam software? The best way to deal with spam......everyone just boycott products advertised by spammers. When these companies go bust, so do the spammers. Finally, they will realise that there is no point and no money to be made from spamming.
 
"automatically sending back "unknown user" service messages to blacklisted addressed. (Aparently, spambots pay attention to these messages.)"

Not according to my mail logs. We have accounts that have been gone for years that still show up in the "Unknown users" report as frequent targets.

Also, with the amount of spam sent from forged addresses these days, sending *anything* back to the sender (as opposed to issuing an SMTP reject as part of the transaction) is likely to hit an invalid address or some third-party's catch-all account.
 
I had a 90% reduction in spam on my home pc beginning about 4 Dec. and lasting about a week. A possible explanation is that a large spam network was taken down or moved. Members at security forums I visit reported a similar experience. Doesn't seem likely that unplugging a server would reduce spam, but if so it should be reproduceable by others.
 
Great comments to a ridicous article. What kind of moran would think this would work? He even devised a step by step plan! That's hilarious. Someone sell this guy a bridge!
 
Hi! If I shut down my Gmail account, I can't sign up for it again. It's still in beta. Also, If I shut down my Yahoo Account, I can't sign up for the same name for three months. Hmm.
 
Time for someone to create some kind of a spam-filter for ignorant but opinionated slashdotters? What a load of nonsense. S/N ratio of 5%? 2%? And those two who think fasting is pointless have obviously never tried it. BJ
 
Just use SpamPal. www.spampal.org

Latest beta version requires NO SETUP on email programs for WINXP and WIN2K

SpamPal is able to use plugins, including RegExFilter, Bayesian filter and HtmlModify (which filters out ALL web-bugs, virus attachments and tacking code)

It rocks and it's free!
 
I use mailblocks.com. it allows you to setup trackers for computer generated mail and challanges the mail sent to your actual address. It holds unrecognized mail in pending until a proper response is received, hence, no spam mail gets through to my main account. If a tracker becomes infected, you just delete it and create a new one.
 
mailwasher bounces for you
 
This comment has been removed by a blog administrator.
 
Post a Comment


Home