Log in

No account? Create an account
entries friends calendar profile My Website Previous Previous Next Next
Mark Atwood
Junk'ing an old email address.
Instant summary: dont use mark@atwood.name to email me.

I run my own mailserver, and I run a greylister on it. A greylister is currently a near perfect defense against botnet spam. According to my logs it prevents about a thousand messages a day.

The only thing that gets thru is non-botnet spam. A year ago, it was a nigerian scam about every 3 days. Now it's about a dozen nigerian scams, viagra offers, and stock pump-n-dumps per day. Which is not too bad, when I read my mail on my desktop IMAP client. But when I'm reading mail thru my smartphone, its more than a little annoying.

I really don't want to have to take the day to figure out spamassassin.

On the plus, most of the junk is going to the email address I mention in the first line. So what I'm going to do is put in a sieve rule that drops email to that address into Junk.

So, don't use mark@atwood.name to email me.

Tags: ,
Current Location: Home, Capitol Hill, Seattle WA

5 comments or Leave a comment
From: technoshaman Date: November 13th, 2007 08:39 pm (UTC) (Link)
Garret Hunnicut of Speakeasy says SPK's greylister defenestrates 95% of the four million messages a day that hit their MX hosts. He's got his set at 60sec; he doesn't even *care* if something legit slides through, because so *much* of what *does* bounce doesn't bother coming back.

I've taken his advice.

(I've also found that making sure one's email address is suitably obfuscated on public webpages helps a *lot*... there are public CGI programs out there that will translate user @ host . do . main into #octalgibberish, which totally flummoxes most naive web crawlers...

(Just making the address I posted with UUCP-style dropped the spam from 40/day to 4/day to that address in about two weeks... alas, the original address ended up in some hard databases and eventually had to be dumped, but....)
tithonium From: tithonium Date: November 14th, 2007 12:32 am (UTC) (Link)
I wrote my own baysian system years and years ago. Eventually, it wasn't quite enough, so I added in spamassassin. If either system things it's spam, it goes to the spam box. The only things still getting thru that are some address-from-me viagra spams, which I now have a procmail rule especially for, and the rare yahoo-auto-reply fake. As soon as I remember to take the time to do it, I'll be putting global greylisting on my central mail server, which should help everybody on there, and then I need to set up spamassassin globally as well. Sigh.
fallenpegasus From: fallenpegasus Date: November 15th, 2007 01:05 am (UTC) (Link)
You can nail the yahoo stuff by checking DomainKeys.

DomainKeys will also nail phished paypal, ebay, and amazon stuff.
dossy From: dossy Date: November 14th, 2007 02:36 am (UTC) (Link)
I've implemented greylisting on my MX, and it's managed to nail a good amount of spam, but still a bunch gets through.

I wonder: what about greylists combined with a spamtrap? i.e., a "known bogus" email address that you circulate in public places where spammers will harvest it, but no legitimate mail should ever be sent to. Any time a mail for the spamtrap address hits your greywall, you blacklist it--then, any other delivery attempts to actual legitimate addresses on your MX will be rejected outright, no chance to get onto the greylist, etc.

mauser From: mauser Date: November 14th, 2007 04:31 am (UTC) (Link)
My ISP recently put in something that blocks any host for half an hour that sends to too many addresses that don't exist on the server, and some other rules.

My spam dropped from nearly 100 a day on each address to maybe 10. And most of the rest of it gets flagged (I have that set to pass everything, but set the title, in case of false positives, 'cuz I know a lot of folks from adult businesses.). Lately the only thing to actually penetrate that is stuff that seems to have two subject lines, so the thing that alters the subject line misfires. Plus it has a multi-line "Importance" header with the URL of the spam site in it.
5 comments or Leave a comment