[Gllug] OT: Unwanted email

Mon Jan 31 08:26:50 UTC 2005

On Sun, 30 Jan 2005, David Abbishaw wrote:
> Sorry for the off topic post but I need some advice and thought that this is
> probably the best community I know and unfortunately this doesn’t relate to
> Linux at all – and both the mail and filtering software is windows based.

Oh dear.

(`Oh dear' because most Windows filtering software, to be blunt, sucks. Not
all, but most.)

> I recently setup some mail filtering software (sorry trying not to use that
> word that’s not ham) for my home domain of 5 email addresses.  I was fed up
> with receiving something like 150 - 300 rubbish email a day.  All went well
> for the first few weeks and dropped incoming mail down to about 10 junks a
> day.

That's a pretty poor ratio. I get about five hundred spams a day, and
with a suitably trained SpamAssassin I see about one of those a *month*.

>       So in a bid to reduce it further I started reporting these domains to
> spamcop, that was about 5 days ago.  So since then junk email per day has
> risen to a peak at 62'000+ per day (see stats below)

It sounds like you've been joe-jobbed (i.e., a spammer has chosen to forge
your address in the From line of a pile of spams).

If so, it'll die away eventually.

It might be because your SpamCop reports forced the spammer off a connection
and he's pissed off: however, SpamCop won't have told the spammer who you
are, so it's more likely it's simply random bad luck. (I've been joe-jobbed
repeatedly: a real own goal for the spammers, since it was the joe-jobbing
that got me involved in spam-filtration stuff in the first place.)

> So really what should I do – I guess I need to stop reporting these people
> to spamcop as it appears to have made a huge difference (and at the moment I
> wont recommend it to anyone and there is a warning of sorts on their
> website).

SpamCop definitely are not spammers, and it's really *really* unlikely
that they did this. If anything SpamCop's problem is excessive zeal :)

>           Upgrade my internet circuit?  Wait and it will disappear?  Im
> lost for what to do next at the moment.   

Wait and it should disappear, and get some better filtering software.

> So any advice or any one that has been through the same thing I’d like to
> know what your experience was.

All my joe-jobs were in the past when I was on a 33k6 modem line. I
switched temporarily from SMTP to POP3 mail delivery, and deleted the
spam at the server-side using a couple of cheap Perl hacks. (There are
plenty of programs already out there that will do it for you: google for
`pop3 filter'. I'm just a paranoid old sod who doesn't trust code he
didn't write to delete his email).

It's also very useful if you arrange for mail to names at your domain
that don't correspond to a local mailbox to be discarded (I hope you
were doing this already, because about 95% of my spam at least is to
nonsense names that have never existed at this domain!)

-- 
`Blish is clearly in love with language. Unfortunately,
 language dislikes him intensely.' --- Russ Allbery
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug