Tags:


Blocking spam
July 31, 2009 12:07 AM   Subscribe

New technique to block spam in the server -
posted by vvurdsmyth (51 comments total) 2 users marked this as a favorite

 
IP addresses, he notes, are easy to fake. So, if spammers got wind of how SNARE works, they might, for example, use a fake IP address close to the recipient's.

I like how they say if.
posted by The Devil Tesla at 12:10 AM on July 31, 2009 [6 favorites]


Sounds like a recipe for me getting every single one of my mails from here in China to family back home, clients round the world or whoever binned with extreme prejudice.
posted by Abiezer at 12:13 AM on July 31, 2009 [3 favorites]


I like the part after the hyphen. Don't leave us hanging -
posted by item at 12:28 AM on July 31, 2009


New way to close barn doors found
Horses remain missing
posted by dhartung at 12:30 AM on July 31, 2009 [10 favorites]


The title of this post reads like a spam subject line.
posted by benzenedream at 12:33 AM on July 31, 2009 [6 favorites]


last christmas my family ignored me, and my friends were all busy, at least I had my spam, some days all I have is my spam, some days
posted by mattoxic at 12:41 AM on July 31, 2009 [1 favorite]


I like the part after the hyphen. Don't leave us hanging -

Maybe it was filtered.
posted by Blazecock Pileon at 12:41 AM on July 31, 2009


SNARE!
posted by Pronoiac at 12:42 AM on July 31, 2009 [1 favorite]


The end result was a system capable of detecting spam 70 percent of the time, with a 0.3 percent false positive rate. Feamster says that's comparable to existing spam filters but notes that when used in tandem with existing systems, the process should be far more efficient.

That's pretty terrible. But this could be used to pick out emails for further analysis. As Abiezer mentions, this system might work X% of spam, but it would have a vastly disproportionate effect on some users. Over all, it's one new tool in the shed, I guess, but a particularly weak one.
posted by delmoi at 1:13 AM on July 31, 2009


Your post advocates a

(x) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work...

posted by weston at 1:14 AM on July 31, 2009 [14 favorites]


A 0.3% false positive rate seems pretty high. Especially so if you're using this to reduce load on the server such that positives get bit bucketed without hitting a spam filter.
posted by Mitheral at 1:15 AM on July 31, 2009


without hitting a spam filterfolder.
posted by Mitheral at 1:17 AM on July 31, 2009


0.3% false positive? What's the percentage of? If it's all mails it isn't that good. Take 1000 emails, then if 90% are spam 10% are real, and 0.3% of 1000 is 3, so you lose 3% of your good emails. Or is it 0.3% of the 100 not the 1000? It's not that clear to me.
posted by edd at 2:26 AM on July 31, 2009


Your idea will not work. Here is why it won't work...

I have been using greylisting on my mail server, and it has cut the amount of spam I receive by a few orders of magnitude. There is a trickle of spam emails (a few a day, rather than the hundred or so in the past). Greylisting keeps track of known sender/server tuples and requires the senders of email matching previously unseen tuples to resend after a period of time, which legitimate SMTP hosts can do but spam botnets have a problem with.

Greylisting doesn't eliminate spam, but it comes pretty close, which I'd say counts as working in my book.
posted by acb at 3:10 AM on July 31, 2009


Please, MIT Technology Review, tell us more about these "fake IP addresses" from which TCP connections can be made.
posted by finite at 3:26 AM on July 31, 2009 [7 favorites]


For example, their research revealed that ham tends to come from computers that have a lot of channels, or ports, open for communication.

Also, I wonder what other channels, or ports, a dedicated mailserver is expected to have open. Are we posting in a troll thread?
posted by finite at 3:33 AM on July 31, 2009


This is yet another form of 'enumerating badness', which never works for very long to shut out bad guys. Rather, you have to enumerate goodness.

One approach that works essentially perfectly is running your own domain, which isn't very expensive anymore, maybe $25/year with hosting. You issue unique email addresses in your domain per sender, so that email addresses identify them, not you. The domain identifies you. If you issue obvious addresses, like 'bigonlinecompany@yourdomain.com', also include a unique numeric ID per each address, so that if someone figures out 'amazon-586838@yourdomain.com', that won't automatically give them 'barnesandnoble-uek68y@yourdomain.com'.

You whitelist your issued email addresses on your mail host -- any good mailhost will allow unlimited aliases, since they take so few resources to handle. And you create a second, junk account in the domain, and you alias the 'catchall', everything you haven't specifically whitelisted, to go to that account.

This takes awhile to set up, and it means you have to take about two extra minutes to 'issue' a new email address to new companies or people you're dealing with. But, because you have the catchall, you can just give them an email address without setting it up first, and then fix it at your leisure. You just have to maybe fish their first email out of your junk pile. In exchange for two minutes of work, once ever per new correspondent, you will have zero spam.

Well, not _quite_ zero. Some companies will sell your address. But, with this system, you now know exactly who did it, so you can terminate your business with the spam supporters, and you can just de-whitelist that account to stop all further spam. So the amount of damage any one company can do to you is fairly limited. When you have just a single address, one bad guy can pollute the whole thing -- but when they're the only ones with a specific address, that's all they can wreck, and you can just circular-file it. I stopped dealing with Vonage and Greatflowers because of this system, for instance.... but despite their slimy business practices, my mailbox has returned to its pristine state.

You'll have to go into your junk account once in awhile, because it will accumulate spam. Spammers will hit your domain with random addresses, and that will all end in the junk folder. But you want the catchall for two reasons: 1) your mailserver doesn't send a REJECT with an address that doesn't exist, so bad guys can't fish for accurate email addresses, and 2) that lets you issue an email instantly, without preparation, and then go check your junk bin to make sure they didn't mail you anything before you whitelisted them.

The downside to the catchall is that your junk bin will get pretty big, and you'll have to pop into it once a month and delete it all.

If you also use greylisting, you can cut down the volume of crap in your crap mail account by an order of magnitude. Greylisting alone does work pretty well, but some spammers are smart enough to get past that. Whitelisted, per-sender email addresses with built-in PINs are a very tough nut to crack.

Lemme tell ya, if you haven't had a completely spam-free mailbox, it is just freaking delightful. Everything that shows up is something you want. It's a bigger deal than it sounds. You don't have new useless crap every five minutes demanding your attention -- rather, you only get the little beep when something is actually worth paying attention to.
posted by Malor at 3:42 AM on July 31, 2009 [3 favorites]


This would be interesting, except for the "new technique" part because these aren't really new techniques, and the "block spam" part because it won't actually block spam. But I will grant that it is "in the server".
posted by Bokononist at 3:47 AM on July 31, 2009 [3 favorites]


Oh, and note: if you need a general contact address, you can still have that -- just route that to a separate account, and have your mail client make a different sound for mail to that address. Or run a second mail client for that specific account. But that will almost certainly not be spam-free. Any email address that's published will probably be spammed. Publishing via image, rather than via text, will cut that down a lot. And greylisting is REALLY useful for that scenario.
posted by Malor at 3:50 AM on July 31, 2009


Until I read this article I had no idea that the opposite of "spam" (unwanted email) was "ham" (wanted email). But I haven't updated my vocabulary completely. It's still difficult for me to say "yippee! My inbox is stuffed with ham!"
posted by twoleftfeet at 3:58 AM on July 31, 2009 [2 favorites]


One approach that works essentially perfectly is running your own domain, which isn't very expensive anymore, maybe $25/year with hosting. You issue unique email addresses in your domain per sender, so that email addresses identify them, not you. The domain identifies you.

I did that for a while. Then some spammer started using my domain as one of their fake addresses, so I would get thousands of bounce messages from random addresses. I could have setup individual aliases like you suggested, but I had already given custom addresses out and hadn't tracked them. I would imagine SPF would help a lot now, but I have no idea how widely that's been implemented though.

Anyway, gmails' spam filters seem to work really well.

The thing about spam is that it always finds new nooks and crannies to crawl into our lives and make us miserable. Like fucking referrer spam where spam bots download web pages with fake referrers so that people running webservers check out the pages thinking the link back to them. When the Iranian Elections were a hot topic on twitter, spammers posted messages and tagged 'em with #iranelection. Blog comment sections need all kinds of goofy mechanisms.

But designers are at least aware of the problems now, I doubt we'll ever see anything as problematic as the original Email spec.
posted by delmoi at 4:03 AM on July 31, 2009


I don't think this will work for long, surely the spammers will just examine their software, and adapt their botnets accordingly.

I have various academic email accounts that have been around for several years and publicly posted online, yet I get very little spam. I think the main reasons is these universities have competent system admins that use content filters conservatively while using DNS blacklists aggressively.

I feel my major difficulties come from unsorted & undesired "legitimate" emails. Yes, I can manually make folders & such, but spam filters are meant to save time. Why not use the same technology to categorize mail automatically? A side goal being that companies who send legitimate but undesirable messages will find their messages, while not tagged as spam, are deposited into mailboxes that users rarely read.
posted by jeffburdges at 4:07 AM on July 31, 2009 [1 favorite]


Malor, the per-company address with a catch-all@yourdomain method is far from bullet-proof. I don't know what you mean by "if you need a general contact address". When you send mail, you have to send it from somewhere if you want people* to be able to reply. That somewhere is your "default" email address. It is the one that your friends (who would never sell you out to a spammer) will see, and reply to, and include in their massive not-BCC'd missives/chain-letters/etc. Unfortunately, your friends' computers are far less trustworthy than your friends are, and your friends' friends' computers are even less so. So, eventually, your default address will get harvested by robots and that is the address that spam will get sent to.

I've helped a number of people setup their own domain with a catch-all. Despite being careful to always give companies unique addresses, they all still get spam sent to the one address that goes in the from field on every mail they send.

* Furthermore, to avoid giving the companies that you correspond with your default address, you must be careful not to reply to them from it. In most mail clients, sending from a a different address requires editing your account settings, and that is far more hassle than most people are willing to go through on a regular basis. And all of this really is for naught, because unless you're in the habit of doing business with shady companies, none of those custom addresses you use will ever get spam anyway.
posted by finite at 4:18 AM on July 31, 2009 [1 favorite]


Finite beat me to it (been doing that catch-all thing since 2000 - It is nice to figure out who is selling your email though, when one of those companyname@domain shows up.)
posted by dabitch at 5:55 AM on July 31, 2009 [1 favorite]


I did that for a while. Then some spammer started using my domain as one of their fake addresses, so I would get thousands of bounce messages from random addresses. I could have setup individual aliases like you suggested, but I had already given custom addresses out and hadn't tracked them. I would imagine SPF would help a lot now, but I have no idea how widely that's been implemented though.

Actually, I had that exact same thing happen. I've been joe-jobbed several times now, and I used to just receive the catchall, sans whitelist. That was very painful. Going to the whitelist fixed that completely. Note that if you save your email, you can likely write a shell script to extract addresses to create a whitelist if you didn't start with one. If you don't save it, well, you're kind of hosed. :-)

I've also done SPF, and I haven't been joe-jobbed since. I don't think very many people implement it on the receiving side, though, so I'm not sure how much that's helped. The whitelist is enough to prevent the backscatter into the main account, which is the important bit.

So, eventually, your default address will get harvested by robots and that is the address that spam will get sent to.

Well, I haven't had that happen, but it's no big deal, because you can make that anything you want. Make it unique, not the same as the actual underlying account name. Don't give it out, and then just change it if it gets spammed. If you think your friends have inherited that address into their address books, add an explicit reject, so they get an error message instead of silence. That's probably harder to do with a typical cheapy webhost, though -- most of them offer aliases, but I'm not sure how many have a reject list.

If you need to reply as a particular address, many clients handle it fine. It's easy in Thunderbird -- Tools, Account Settings, Manage Identities button (lower right corner), type the address and your "real name" in. If someone sends you a mail at that address, and you hit Reply, it's automatically set as the From. But it has to be in the Identities area at the time you hit the button. If you add it after hitting reply, it won't take for that specific email, at least in Thunderbird. You have to reply again, and copy/paste.

Yeah, it's more hassle, but typically you won't need to reply as an address all that often, and you'll usually know ahead of time if you do. I have a total of 15 "from" addresses, and that's after about two and a half years of whitelisting. Only two or three of them were annoying, where I had to actually send mail more than once because I didn't know the From field needed to match.

Basically, it's a one-time investment per address to pretty much totally shut down spam. It may not be worth the extra effort for many. It depends on the total number of new addresses you need each week, versus how much spam you get, and how annoyed you are by spam. Myself, I find it liberating. When I first started seriously fighting back on spam, I was getting hundreds a day. I get essentially none now.

And all of this really is for naught, because unless you're in the habit of doing business with shady companies, none of those custom addresses you use will ever get spam anyway.

Well, Vonage and Greatflowers both appear to have sold their mailing lists. It can be hard to tell if a company is shady ahead of time. And it only takes one, because once a spammer has your address, eventually, they all will.
posted by Malor at 6:12 AM on July 31, 2009


> One approach that works essentially perfectly is...

How much of my time does this consume per month when compared to using run-of-the-mill filters (SpamAssassin with a default configuration plus OS X Mail's filtering) and zorching the couple messages a day that get through? I'm only seeing about 1-2% of the 200-400 spams I receive per day without having to create a new email account every time I want to leave an address on somebody else's website.

I don't care how clean my inbox is; good enough is not the same as perfectly spam-free. I only care about minimizing the aggregate time I have to spend in dealing with spam, in total, whether preventive or reactive.
posted by ardgedee at 6:39 AM on July 31, 2009


"I don't care how clean my inbox is; good enough is not the same as perfectly spam-free. I only care about minimizing the aggregate time I have to spend in dealing with spam, in total, whether preventive or reactive."

That's because you're a rational human being. The executives who make demands of their company's email administrators may not be. I know this because I've been personally subjected to the whims of That CEO, and That CEO doesn't really give a crap how much sysadmin time is burned to make his inbox feel homey. He's nuts and apparently like many executives is enthralled by demanding things with hidden costs.

Despite being rather cost-ineffective, there were weeks where I put in hours of hand-tuning filters, picking through mailboxes for whitelist purposes, and SA greylist tuning. I didn't mind the work, because I'm an antispam zealot, but even I can't argue that trying to go from "good enough" to "freakishly spotless" on our spam corpus was anything but a boondoggle.
posted by majick at 7:02 AM on July 31, 2009 [1 favorite]


Well, it's a big upfront investment, typically hours at the very least, possibly days, depending on how thoroughly you've thought things out, and how long it takes to retrain yourself.

For the first few weeks, log in and scan your crap account regularly. You can pretty much stop doing this after a month or so.

From there, total maintenance is: when giving out email addresses, go to your provider and whitelist them. For me, that means logging into my mail server and adding a line to my aliases, which is extremely fast, because I'm highly practiced -- typically under a minute, start to finish, and that includes deciding what email address I'll use. If you're on a webhost, that will probably mean using whatever interface they have, and I have no idea how efficient it will be.

If you'll need to send mail AS that address (uncommon), you'll need to modify your mail client to do that. Takes me about another minute, on Thunderbird.

Once a month or so, log into your crap account and clean it out. (control-A delete will usually work very well here.)

And that's pretty much it. Ongoing maintenance is a one time investment of about five minutes per person or company you exchange email with, done at the time you set up the account (ie, typically at your convenience.) If you're adding twenty contacts a week, it's probably an hour. (well, probably less, because you'll get real good if you're doing it twenty times a week.) So just do the math -- five minutes per account, once ever, versus X seconds per spam, ongoing.

My own maintenance burden is probably about ten minutes a month. I don't add that many contacts, typically no more than 1 or 2 a week. I spend easily ten times longer filling out the forms for websites or whatever than I do creating the email address, and the time to create the address is included in setup time, so it's really not intrusive at all. I've already budgeted 'as long as it takes' to get the account going, so an extra thirty seconds to a minute has almost no impact. With people, I just tell them an address verbally, and then go whitelist it later on, checking my junk inbox to see if they've written anything before I got to it. I do need to remember to do this; if I forget, that's bad. But I can do it at my convenience.

Your workflow may vary.

I'm an antispam zealot, but even I can't argue that trying to go from "good enough" to "freakishly spotless" on our spam corpus was anything but a boondoggle.

Yeah, anytime you're in the 'enumerating badness' mindset, perfection is a foolish goal. And whitelisting contacts for a whole company, particularly when companies are dealing with so so so many new contacts every day, just isn't feasible. Plus, you have training, and while I'm sure the MeFi audience would be fine with it, most companies I've worked for would have been..... er, rather less than successful with a whitelisting program.

But for home users? It can be astonishingly effective, assuming you're not crazily adding new contacts every day.
posted by Malor at 7:14 AM on July 31, 2009


...or you could just route your email through Gmail, which takes five minutes to set up and stops >99% of spam. And I know this because my rusty@kuro5hin.org address, which has been live since 1999 (and unfiltered attracts pretty much all spam ever), runs through there. I get maybe 4 emails a day that I don't necessarily want, and most of them are from companies I've bought something from in the past, so it's hard to blame Google.

As several people said above, there is definitely a point of diminishing returns in the Spam Wars.
posted by rusty at 7:16 AM on July 31, 2009


Gmail's spam filter is good enough that for most Gmail users, most of the time, spam is simply no longer an issue.

I have stopped worrying about publishing my own address (flabdablet@gmail.com, for what it's worth) in public places, because having Gmail filter out 500 spams per day is really no worse for me than having it filter out 30. I process well under 1% of my incoming spam by hand, and in the four years I've had my Gmail account I've had to dig through the spam folder for false positives only eight times.

For end users, there's simply no point doing anything complicated. Just set them up with Gmail accounts. Seriously.
posted by flabdablet at 7:20 AM on July 31, 2009 [2 favorites]


Your ideas on fighting spam intrigue me and I wish to subscribe to your newsletter.
posted by bjrn at 7:26 AM on July 31, 2009 [1 favorite]


I'll second (fourth?) the use of Gmail's spam filter - if you have a good email client with decent spam filtering (basically anything but outlook) you get sort of a double filter.

Set up your gmail account, forward your address to it, connect with IMAP, set up your local spam/junk folder to map to gmail's spam folder. That way when your local email client flags something that gmail missed, it gets moved into gmail's spam folder - which in turn helps gmail to identify more spam.
posted by device55 at 7:44 AM on July 31, 2009


Mmmmm .... ham, yum.
posted by Bovine Love at 7:47 AM on July 31, 2009


Well, yeah, but that also means your mail is on Google. I'm pretty uncomfortable with the idea of giving the same company both my email and my browser search history, not to mention the other various forms of cloud data they offer. I'm happier keeping things as compartmentalized as possible.
posted by Malor at 7:57 AM on July 31, 2009


> That CEO doesn't really give a crap how much sysadmin time is burned to make his inbox feel homey.

IT staff administering the mailservers for an office are a different matter. The hours a week you spend tweaking filters are less than the aggregated minutes per week of hundreds or thousands of users dismissing junkmail, and far cheaper than the consequences of one or two lusers clicking on the wrong, malware laden message. I'm sympathetic to the misery inherent to your job, though.
posted by ardgedee at 8:00 AM on July 31, 2009


But designers are at least aware of the problems now, I doubt we'll ever see anything as problematic as the original Email spec.
You'd think this, but I'm continually dismayed by how many bright-new-technologies are punted out there with little disregard for spam.

When SixApart dreamt up Trackback, there was no consideration of spam issues, and lo, everyone's trackbacks filled with spam referrers. When Twitter added "trending topics", it wasn't hard to guess what would happen next, and, yep, spambots with hashtags. Facebook added internal email -- should have been an absolute gift in terms of only-real-messages, but then they allowed people to send spam to their groups.

There's something funny about the spam problem, and I think it ties in to our psychological difficulties grasping the size of the internet audience when we're evolved to work with groups of about 150 people tops. (I mean, how many posters here could stammer out more than a few words if they were actually speaking to a physical audience the size of the one reading this thread?).

So firstly people vastly underestimate it -- that's why the "your spam solution sucks" email is so funny -- and secondly they simply can't comprehend how many people are out there waiting to break into their new shiny to try and sell shit, so they don't act protectively.
posted by fightorflight at 8:15 AM on July 31, 2009


This is a great idea, I'm going to email the article to 40,000 of my closest friends!
posted by blue_beetle at 8:32 AM on July 31, 2009 [1 favorite]


Malor: You could set up your client to use POP and delete mail off gmail when you fetch it. Which is no guarantee they won't keep a copy, I suppose. But, meh.
posted by rusty at 8:48 AM on July 31, 2009


This should probably be an AskMe, but Malor's setup is a lot like what I wound up having to do, because no mail hosts allow me to do what I really want to do, which is to just have a regex that matches legitimate email, ie. /^foobar-(.*)@domain.com/, where /1 identifies the party I'm giving the email to. My current host runs cpanel, which allows me to add these one-by-one to a forwarding list, but after 20 or 30 it's not really a scaleable solution. Back when I signed up with this hosting company they let me modify my .forward file and roll my own filter, but they later turned that off.

So, long story short, anyone have a recommendation for a hosting company that would allow this?
posted by bjrubble at 9:08 AM on July 31, 2009


If you need to reply as a particular address, many clients handle it fine. It's easy in Thunderbird -- Tools, Account Settings, Manage Identities button (lower right corner), type the address and your "real name" in. If someone sends you a mail at that address, and you hit Reply, it's automatically set as the From. But it has to be in the Identities area at the time you hit the button. If you add it after hitting reply, it won't take for that specific email, at least in Thunderbird. You have to reply again, and copy/paste.

Holy crap. Malor, you just saved me like an hour or more per month. Awesome. Why did I never notice that?

[used to going into my domain, setting up the fake address account, replying to the message, forwarding the fake address, deleting the fake address].

X the GMail thing. I appreciate GMail's spam tech is more robust (I wonder how many false positives they get, though? I get valid, 1 or 2 line ham with links in it sometimes..), but I am wary of adding yet another dataset to Google's delicate loving grasp on me.
posted by cavalier at 9:21 AM on July 31, 2009


I think SNARE is what it is, just another tool that could be used in combination with other spam-fighting ones. I like the use of AS numbers and physical distance from the receiving mailserver, among other heuristics, for reputation scoring.

(As a comparison, DNS-based blockists are simpler -- an IP address matches one on a list, or it doesn't.)

SpamAssassin comprises several plugins that are essentially different techniques for scoring the spamminess of a given message. I could see a SNARE plugin added to SpamAssassin if it's opensourced. I really don't think the technology behind SNARE is anything special, but I do see it being hard for spammers to circumvent the underlying assumptions behind it. For example, it's difficult nowadays to spoof IP addresses in email envelope headers.

SNARE and SpamAssassin are great second-line defenses. I'd still lean on straight-up DNS-based blocklists on the frontline. The false-positive rate is miniscule and messages are typically rejected, not discarded, so "real" mail doesn't just disappear in the ether -- the sender has the opportunity to try elsewhere.

Regarding greylisting:

If you run your own mail server, greylisting rocks, as acb notes. I use it, but only in combination with hand-maintained whitelists, blacklists and custom local-parts (the text before the @). The upkeep does take some brainpower, but it's a once- or twice-a-week thing. The upshot is I get about one spam a month, usually from Nigerian 419 scammers. (Not exactly sure why those make it through. Perhaps they manually send mail through legit servers?) At any rate, greylisting doesn't seem to scale well past literally a handful of users as a first-line defense, but it's pretty good in other roles.
posted by Jubal Kessler at 9:22 AM on July 31, 2009


SpamAssassin comprises several plugins that are essentially different techniques for scoring the spamminess of a given message.

Yeah, but SA is very inefficient, which is why it's not used much by ISPs anymore. I use it, but I'm planning on migrating to something else eventually. spamd is better, but it's mostly useful for deferral like greylisting. Using both can be effective, but it's a lot to keep up with if you're just a home user.
posted by krinklyfig at 10:46 AM on July 31, 2009


"The hours a week you spend tweaking filters are less than the aggregated minutes per week of hundreds or thousands of users dismissing junkmail,"

I appreciate your sympathy, but I'd like to clarify a little. At the time I was mail system administrator for a company of about 100 people. 95 of those people received no spam at all as a result of the existing measures. 5 of those people, all high visibility executives with low technical knowledge, had managed to get themselves a few more spam messages than they wanted -- I'd guess about 15 spams per day per person. Adding client side filtering brought this down to maybe 3-5 spam messages per day/person in that population.

As an antispam zealot, I can't say I was particularly fond of that much spam slipping through the defenses -- a mixed combination of some DNSBLs, blacklisting entire networks known to have no business reason to contact us, SpamAssassin and content analysis, an elaborate Exim ruleset that was fairly good at sniffing out and snubbing connections from zombies, and SA-greylist -- and I welcomed the chance to improve them, but I can't honestly say that dealing with 20 false negatives out of an email stream of about 5,000 messages per day was really worth spending a chunk of 150 to 200 sysadmin hours tuning from a cost effectiveness standpoint. I liked the work, though. Blocking spam is fun.
posted by majick at 12:18 PM on July 31, 2009


twoleftfeet:"It's still difficult for me to say "yippee! My inbox is stuffed with ham!""

Then lets rename it bacon. As in "Yay bacon!"
posted by pwnguin at 12:24 PM on July 31, 2009


you now know exactly who did it, so you can terminate your business with the spam supporters

But what if that supporter is Borders Books? I signed up for their coupons and now I get a bit of spam at borders@mydomain.mytld. There's no way Borders is going to believe they sold my address. I suspect they were hacked or an employee made some money on the side, not that this was an official action.

It's also possible that it's a coincidence. I also get spam to move3shaw.virtuousb@mydomain, so I suppose rather than simply borders or something like bordersstores, bordersbooks, or borderskillslocallbooksellers I should use a hash with a dash of salt. I sometimes have to speak these addresses, though and kwijibo48{ is a mouthful at the checkout counter.
posted by morganw at 12:45 PM on July 31, 2009


flabdablet: "For end users, there's simply no point doing anything complicated. Just set them up with Gmail accounts. Seriously."

I used to think this. Then I had a financial planner / insurance salesman come to me with problems. His computer was repeatedly sending the same email over and over again, not spam in the normal sense, just a message he intended to send once that was delivered to recipients multiple times.

I figured there was some network hiccups between his Outlook and his ISP, had him reboot his computer and that seemed to stop it. He later mentioned an increase in spam rates and asked what I did about spam and I mentioned Gmail. A few weeks later he comes to me completely baffled how to use the thing. "Well how do I forward mail to people?" he asks.

"You click forward, start typing their name in, and it comes up with a list to select from. Or I guess you could set up a group."

It turns out once you select compose new email, you're constricted to a typing based UI. This guy had a company laptop in the 1980's and still can't touch type. Every input box is a barrier to his use; I am aware of the irony of type-phobia and the demand for email, he is not. Neither I nor Gmail can to change this, and while I could go about setting up Gmail and outlook, tech support isn't my hobby.

Gmail is appealing to a certain group of people. We want a lot of information, a large email archive and generally don't want to forward mail to a billion people, or want mail from people who forward mail to a billion people. We can type, and argue about whether to top post or bottom post. We keep a small list of contacts, and use mailserves when a broader audience is appropriate.

There's a class of user who doesn't really understand POP3 versus IMAP, let alone the difference between IMAP and what Gmail's IMAP looks like. In no circumstance will you be able to "just set them up with gmail accounts".
posted by pwnguin at 12:50 PM on July 31, 2009


Uh... in most circumstances you can, because Gmail allows your account to be used via any mail client that supports POP3 (or preferably IMAP) and SMTP with SSL, and as far as I know that's all of them. In most cases, setting up a mail client to use Gmail is the same as setting it up to use an ISP-provided mail account, plus checking a couple of SSL boxes. Google's web interface is good enough for most people, but you're in no way stuck with it.

I've only ever been unable to do this in one circumstance: the upstream network administrators at the school where I work are loath to make any changes in the configuration of the firewall between the schools-community VPN and the wider Internet, and this firewall currently blocks outgoing connection attempts on ports 993 (IMAP-SSL) and 465 (SMTP-SSL). It doesn't block any ports above 1024, so there are assorted easy proxy-based workarounds available, but I haven't yet found a proxy I'd trust that doesn't cost money.
posted by flabdablet at 7:16 PM on July 31, 2009


One approach that works essentially perfectly is running your own domain, which isn't very expensive anymore, maybe $25/year with hosting. You issue unique email addresses in your domain per sender, so that email addresses identify them, not you. The domain identifies you. If you issue obvious addresses... (etc., etc., etc., etc.)

There are several flaws with this approach—it requires constant maintenance of your whitelist, for example—but the biggest one is also the one you'd least expect. I maintain a few e-mail accounts on the same domain: one is a completely personal address for friends and family only (username is seven letters long); one is a public address I use as a contact on my websites (eight letters long); one is effectively a catchall address I only use when signing up for forums, social networks, online stores, etc. (nine letters long). Of the three addresses, you'd expect the website account to be compromised by spam first, followed closely by the signup account, and finally the personal account.

My personal and website accounts were breached years ago, but the catchall account remained pristine for an impossibly long time. I only started getting spam to the address I hand out to online stores and random forums a few MONTHS ago. Malor's approach will fail because spammers don't appear to bother trying to convince websites to sell their subscriber lists. They just use crawler bots or Outlook viruses or some other less reputable method.
posted by chrominance at 8:30 PM on July 31, 2009


"argue about whether to top post or bottom post."

There is no argument here, top posting is an abhorrent evil infested upon upon us by an evil empire.
posted by Mitheral at 12:56 PM on August 1, 2009


What's wrong with top-posting?

There is no argument here, top posting is an abhorrent evil infested upon upon us by an evil empire.
posted by finite at 2:40 PM on August 1, 2009 [1 favorite]


The whole problem can be solved by using reply trees instead of linear threads, the kind favored by very large and very blue websites.
posted by pwnguin at 2:57 PM on August 1, 2009


« Older If you were a child of the '90's, then Regulate by...  |  Fox have offocially announced ... Newer »


This thread has been archived and is closed to new comments