Fighting Spam and Junkmail
Overview
Quite a few unethical individuals out there think they can get away with
sending unsolicited [commercial] email (UCE) or spamming hundreds of
newsgroups and have the victims pay for it in the process.
The ridiculous part is, that these spammers defend themselves using the
"Free Speech" act. And with a great deal of success at that.
News
Originally, a list of spammer domains
[no longer updated] was published by J.D.Falk. This was used as a
base for my Hall Of Shame (also available in ascii).
A new initiative has taken over: the MAPS (Mail Abuse Prevention
System) with RBL (Realtime Blackhole List).
You can find it at maps.vix.com.
As far as I can see now, this system is only of practical use if you have
a permanent connection. In other cases, you may want to convince your
ISP to take a serious look at MAPS.
Filtering incoming email
Junk email has become such a nuisance that I've been forced to implement
certain filters (using procmail) on my incoming email.
As most spammers use scripts to pull their address databases from UseNet
news-spools, I have also had to forge my sender address in news postings.
This prevents the simpler spam-bots from finding my real email-address.
Unfortunately, it also spoils the fun for the legitimate people trying
to reach me via email, in response to a news posting.
This calls for a workable compromise: deflect a maximum amount of UCE,
while allowing legitimate mail to pass through.
What if you have a direct connection?
The best way to deflect incoming junk email is by refusing
SMTP-connections from known spam-havens. This can require serious
sendmail-hacking ;)
Have a look at sendmail for more information...
What if you are behind a UUCP connection?
If you are behind a UUCP connection like me,
refusing incoming SMTP from spammers is not an option as it occurs
"after-the-fact" (you've already downloaded the junk).
You can however use local filtering to prevent you and your users from
being bothered by junkmail.
In my particular setup, I have implemented a procmail-filter on my
account at the ISP. This filter is a first line of defense against UCE
(as the addresses are often gathered from news-spools).
Any mail that is considered acceptable by the filter, is forwarded to my
'real' address behind the UUCP connection. This scheme gives me an
option of filtering incoming mail before it is sent over the
UUCP connection (and hence, costs me money).
Have a look at this procmail example
for an example setup (similar to the one I am using now).
My "Hall Of Shame" is automatically updated using the
mirror package
and a simple shell script (using sort and uniq)
Need more information?
Check the following newsgroups:
- news.admin.net-abuse.announce
- Information regarding network resource abuse. (Moderated)
- news.admin.net-abuse.bulletins
- Bulletins of action about net abuse. (Moderated)
- news.admin.net-abuse.email
- Discussion of abuse of email systems.
- news.admin.net-abuse.policy
- Discussion of net abuse policy. (Moderated)
- news.admin.net-abuse.usenet
- Discussion of abuse of the Usenet system.
The charters for the above newsgroups are stored at
Tim Skirvin's pages.
| top | $Id: index.m4,v 1.4 1999/04/26 12:23:42 ed Exp $ |
The information on these pages was gathered from various sources, including
The Net Abuse FAQ (by J.D. Falk), © 1996 by Scott Southwick and J.D. Falk
Sending unsolicited (commercial) email
to any address on these pages strictly prohibited!
Caught in a frame? Go to http://www.iaehv.nl/users/evoncken/index.html
Questions? Remarks? Contact Ed Voncken evoncken@iaehv.nl