Let's talk about SPAM

[Hxxx]

With all the due respect.

I wish I could understand how is possible that so many Indian bots or human spam the domains with fake domain registration and or web design and shit seo offers. Shit I even had received real mail with fake notices and offers. I wish one could nuke all these requests. Well is true I could move each to junk or if they arrive with spam word in the subject I could just filter.

Does this spam work with human beings I mean? What is your technique to prevent this? What spam rules or service? I do use spam experts (still) ...

What if this is a business and you don't want to use the privacy feature?. I mean there are a few folks here that criticize businesses using the privacy info in the domain. Considering all the hassle of the spam I guess I understand if a business decide to go with private whois details.

Whats your take, how do you solve this?

 

[MannDude]

Well, spam does work or spammers wouldn't do it. Web hosting providers, some people who even post here, wouldn't specifically cater and allow spammers on their networks either if it didn't pay.

With that said, I think they're a nuisance and the scum of the earth. I just ignore any spam email I get and move it to the spam folder. If it's rampant I may get more vigilant, look at headers, file abuse reports or have fun in return but normally I just move to spam folder and/or report it.

 

[Mid]

One small technique:  you need to use more than 1 email address (say 3), other addresses can be forwards to the main address. One for friends, one for work, and mainly one for the rest/spam. You use the 3rd one (i.e the spam address) where ever its of less importance (ie. if there is some problem and you won't get email from them, still it doesn't affect you much). For e.g, my address with vpsB is not my main email. But I would use my other address with my hosting provider (from which I can't afford to lose mails)

You can also use timely spam addresses/forwards; for e.g, I suffix a yearly number to the address ([email protected]) and use it with newsletter subs and like that. If its not needed anymore, you just delete the mailbox/forwarder and that's it; this way you can even get away from arrogant spammers who won't stop the mailings even after you unsubscribed (many times!). I am still receiving mail from old dish TV provider which I cancelled years before.

You could use a separate email for the domain whois without going for private registration. You are going to check its mail only when the domain is due renewal/transfer (once in a year or more).

Of course, after this, moving the spams we get to the SPAM folder works and it reduces the subsequent frequency. You have to have a mail provider who uses the spam training logic of course.

Is it like most spams are from India? I think Europe(Sweden?) is famous for hosting illegal/torrent servers. (correct me if wrong)

One small technique:  you need to use more than 1 email address (say 3), other addresses can be forwards to the main address. One for friends, one for work, and mainly one for the rest/spam. You use the 3rd one (i.e the spam address) where ever its of less importance (ie. if there is some problem and you won't get email from them, still it doesn't affect you much). For e.g, my address with vpsB is not my main email. But I would use my other address with my hosting provider (from which I can't afford to lose mails)

You can also use timely spam addresses/forwards; for e.g, I suffix a yearly number to the address ([email protected]) and use it with newsletter subs and like that. If its not needed anymore, you just delete the mailbox/forwarder and that's it; this way you can even get away from arrogant spammers who won't stop the mailings even after you unsubscribed (many times!). I am still receiving mail from old dish TV provider which I cancelled years before.

You could use a separate email for the domain whois without going for private registration. You are going to check its mail only when the domain is due renewal/transfer (once in a year or more).

Of course, after this, moving the spams we get to the SPAM folder works and it reduces the subsequent frequency. You have to have a mail provider who uses the spam training logic of course.

Is it like most spams are from India? I think Europe(Sweden?) is famous for hosting illegal/torrent servers. (correct me if wrong)

 

[DomainBop]

Is it like most spams are from India?

No.

from SenderBase:

Past Day:
Country     Last Day Spam Volume  Volume Change
United States    8.9    9.9%↑
Brazil    8.3    -11%↓
Germany    7.9    -10%↓
France    7.8    -25%↓
China    7.8    -4.7%↓
Viet Nam    7.7    -12%↓
Netherlands    7.7    -1.0%↓
South Africa    7.7    3.9%↑
Russian Federation    7.7    -16%↓
Canada    7.7    66%↑
Japan    7.6    -5.8%↓
United Kingdom    7.6    -11%↓
India    7.5    -18%↓

Past Month:
United States    8.9
Brazil    8.4
France    8.0
Germany    7.9
Viet Nam    7.8
China    7.8
Russian Federation    7.8
Netherlands    7.7
South Africa    7.7
United Kingdom    7.7
India    7.6

What spam rules or service? I do use spam experts (still) ...

own mail server for company email: Postfix, Amavis, Postgrey, SpamAssassin, Dovecot, Razor, Pyzor, a few other pieces, incoming mail checked against Spamhaus/  Spamcop/ Barracuda blacklists, plus a few other rules...very little SPAM gets through (the amount of SPAM I receive now is significantly lower then when I used Google Apps).

Setting up a mail service that will effectively block SPAM isn't a one-click operation so it's not a solution for everyone.  The setup I have is also resource intensive (mainly RAM, see below) and runs on a dedicated server:

free -m
total used free shared buffers cached
Mem: 7700 7455 244 0 279 3621
-/+ buffers/cache: 3554 4145
Swap: 8491 3 8488

Web hosting providers, some people who even post here, wouldn't specifically cater and allow spammers on their networks either if it didn't pay.

Ecommerce.com /IXWebHosting is at the top of my shit list this month (and their 39 SBL's put them near the top 10 in Spamhaus too http://www.spamhaus.org/sbl/listings/ecommerce.com  ) for knowingly allowing scammers/spammers to operate and refusing to take action despite Spamhaus SBL's, dozens of Spamcop complaints, complaints through other channels.  Hosting scam outsourcing spammers (http://www.spamhaus.org/sbl/query/SBL259653) must pay well...

Does this spam work with human beings I mean?

Yes, with more people than you might think. It's a multibillion dollar industry.

What if this is a business and you don't want to use the privacy feature?. I mean there are a few folks here that criticize businesses using the privacy info in the domain. Considering all the hassle of the spam I guess I understand if a business decide to go with private whois details.

WHOIS privacy only masks one email address.  Most businesses have more than one email address so private WHOIS isn't really going to help the average business reduce the amount of SPAM received .

 

[Mid]

I didn't double post; its the new IPB4's magic

 

[AuroraZero]

I usually have mine with lettuce, tomato, and mayonnaise on white bread. Sometimes I can even talk the wife into toasting the bread, or the whole thing. What a great day I have then!!!!!

On a more serious note though I have a gmail I use for personal things only. I do not get much spam there as I do not use it sign up for anything but forums and such. My site emails I run a server for and ban most sbls from it. I hardly ever see any spam in them anymore and list expands and collapses by itself. Took me a long time to get the script right and no it is not for sale or for free. Not right now anyways maybe at some point.

The rule of thumb I follow is being proactive. You have to fight back and not just let them walk all over you. Stand up and do something about it. Think outside the box and come up with a way to make them stop it and leave you alone. They will not do it unless you make them do it.

 

[Mid]

The PROBLEM lies with age old email/dns design. It was designed way back and the current gen definitely needs a new system that specifically addresses the spam issue. 

Probably a constraint that you shouldn't be able to send mail to oneself just by having his/her email address; you would require some 'send access code' which is valid for some months. The recipient should be able to replace the access code with the sender easily (just by hitting a reply with new code in some form; like mailing list unsubs). Another way, its with money. Yes, make them payable with every email sent (like its done now for SMS).

 

[TurnkeyInternet]

We aren't far off (or already there?) where spam will make cell phones / texting useless just like email has.  How often do you email something important only to have to follow up with a phone call to make sure they got it (spam filters too aggressive issue) or email them saying "please email back to confirm you got this due to email spam filters".

Spam has made email all but useless as a 'best hope / best effort' means to communicate.

No joke a dozen or more known spammers (as in fraud records, spam haus, etc) sign up daily asking for large amounts of ips.  either directly or through straw buyers every day here - spam pays, and spammers 'pay good money to providers to get usable ips' (we dont sell to them and vette orders closely, but inevitably a straw buyer sneaks through clever enough not to do something obvious to catch them and lay dormant months before starting their spam payloads).   Until the money source is tracked and taken, spammers will keep continuing.

 

[trueman1]

spam do work and that's the problem,

spammer can't use hosting providers that ignore spam because all there email will mark has spam. 

Nodewatch is a great free software that protect you against that  http://vpsantiabuse.com/

also you can limit the maximum smtp connection per ip like that:

iptables -A FORWARD -o eth0 -p tcp -s  x.x.x.x/network --dport 25 -m limit --limit 20/min -m state --state NEW -j ACCEPT

iptables -A FORWARD -o eth0 -p tcp -s  x.x.x.x/network --dport 25 -m state --state NEW -j DROP

* x.x.x.x - your network ip (like 192.168.0.0), network- it's network subset mask (like /26)

 

[Mid]

also you can limit the maximum smtp connection per ip like that:

iptables -A FORWARD -o eth0 -p tcp -s  x.x.x.x/network --dport 25 -m limit --limit 20/min -m state --state NEW -j ACCEPT

iptables -A FORWARD -o eth0 -p tcp -s  x.x.x.x/network --dport 25 -m state --state NEW -j DROP

* x.x.x.x - your network ip (like 192.168.0.0), network- it's network subset mask (like /26)

I think @Hxxx wasn't asking about "spams sent from his/her server" (even cPanel has the feature to limit the mails sent) and I assume any genuine provider would do that. The actual problem is spammer(or anybody) is able to send many mails per minute with the current(actually very old) email standard.

The request was about avoiding/limiting the spams received.