I am impressed
I do occasional contracting at a place where I used to be the systems administrator, and, as part of that contracting, I've got a home directory and a mailbox on that machine. I don't actually *use* that mailbox -- my correspondents send mail to pell -- but I left it there as a spamcatcher.
For some reason, I just took a look at it, and it's (in that sort of "crossed the beams" manner) really impressive. At home, the combination of greylist, dial-up and spammer blacklist, and spamassassin have reduced the incoming spam to maybe 5-6 messages a week (out of approximately 2,000 attempts a day), so when I popped open my mailbox and discovered 36565 mail messages -- ALL SPAM -- for the last year and two months, my eyes sort of popped out and fell on the floor.
I think it's time to go back and take a further look at the paranoia code inside postoffice just to see if there is any way to head off the next innovations in spammer technology. For some reason, getting 7-10 spam messages a day just doesn't seem to me to be a way of making electronic mail more useful.
Comments
If I get spam (or attempted spam) from a block that looks like a dialup block, I bung it into my blacklist.
And my feelings about one-shot confirmation messages falling over when they hit the greylist are probably a little less charitable than yours. I already go out of my way to defer the 4xx reply until the DATA part of the mail, and if someone who’s sending me mail can’t handle a 4xx reply to DATA, their MTA is so broken that even if they aren’t a spammer I don’t particularly care if they ever get mail through to me. The one time I encountered a dumb one-shot confirmation script it didn’t fail, but the confirmation cookie it tried to send me had a 45 minute expiration date, which didn’t help when the mail finally got to me 1 hour (actually 10 hours, since I went to bed after provoking the confirmation mail) later it had already expired. In that case, I politely yelled at the website that sent off the cookie, and I presume they fixed it because the next time they sent me one it worked when I tried it the next day.
But how does a block look “dialup.”
When I was trying to use my laptop as my own mta, I got back failure notices from AOL because they wouldn’t accept mail from a machine using dynamically assigned ip addresses. I don’t understand how they knew.
They either (a) buy a dial-up list from the RBL people or (b) do an reverse dns lookup on the ip address coming in.
A lot of the dial-up hostnames will contain the substring ‘(dsl|ppp|dynamic|dip)’ and/or the IP address (either as a dotted 4 with the dot replaced by a different character, or as a single long integer), so a pattern matching rejector like AOL can flag it as a dialup account right off the bat. Your IP address resolves to an address of the form junk-DOTTED4-junk, which is obviously a dialup account. (Roadrunner is a pathological case, since they don’t seem to even HAVE any mail relay machines, or system administrators, OR an abuse desk (mail to roadrunner abuse just falls into a deep hole; Pell has gotten about 400 pieces of spam from rr addresses, but Not One Single reply from the useless abuse desk there.) I’d love to strike their data center from orbit, but someone forgot to give me the access codes for the X industries orbital anvil satellite.
Comments are closed
How are you stopping “dialup”?
I put a nice looking greylisting mechanism (gld) in place but it seemed to completely stop some notification emails that are only sent once. GLD has a whitelist, but it didn’t seem to work. I’ll probably try again in the future.
Lynn