Email Spam Problem

Forum Moderators: open

Message Too Old, No Replies

Email Spam Problem

I get about 100 e mails a day addressed to Bill@somedomain.com

Bumpy

11:50 am on Sep 13, 2004 (gmt 0)

I have absolutely no idea who or what he is or why the e mails that I get are addresses to him, I have tried to filter the address through both Eudora Pro and Spaminex and all of it's many variations and nothing works. I'm getting about 100 e mails a day addressed To : Bill@somedomain.com . How do I stop them without it costing me more money for more filters? Please help, he's driving me crazy.

[edited by: volatilegx at 12:08 pm (utc) on Sep. 13, 2004]
[edit reason] examplified email address [/edit]

volatilegx

12:20 pm on Sep 13, 2004 (gmt 0)

You know, there is a server-side scripting language called "procmail" that is perfect to handle a problem like this.

I wouldn't attempt it unless you're very comfortable working with server-side scripting, but it is a very efficient way of dealing with spam.

Procmail filters all incoming mail before it reaches your mailbox. You can use regular expressions to catch incoming spam and delete it before it ever gets to your box. Here's a sample procmail recipe that would delete all mail addressed to "Bill@somedomain.com":

[pre]
:0
*!^To:.*(Bill@somedomain\.com)
*!^Cc:.*(Bill@somedomain\.com)
*!^Bcc:.*(Bill@somedomain\.com)
{
  :0
  /dev/null
}
[/pre]

Procmail is a fairly complex scripting language which allows you to send autoresponses, automatically forward mail, delete spam, etc. However, for all its flexibility, it is pretty knowledge-intensive to set up.

As usual, Google provides a good list of procmail references: [google.com...]

encyclo

12:24 pm on Sep 13, 2004 (gmt 0)

Are you using a catch-all email address on your domain? If so, you should disable it and just activate the addresses and forwarders you need, letting everything else bounce.

Catch-alls are more trouble than they're worth - it's just asking to be bombarded with a "dictionary attack"-type spam run.

Leosghost

12:45 pm on Sep 13, 2004 (gmt 0)

I'd actually be tempted to "blackhole" the requests for unspecified recipients rather than to "bounce" them ..
A bounce is saying there is something there ..which can tempt spammers to look up your whois and then they target you more precisely ..A "blackhole" gives these usually autogenerated mails the impression that there is no domain to spam and so your server is no longer of interest to them ...and so stops them trying to spam your "admin contact mail address" ..

encyclo

1:16 pm on Sep 13, 2004 (gmt 0)

A bounce is better than a blackhole for genuine users attempting to contact someone at your organization, and spammers never put a genuine reply address, so they wouldn't get the bounce anyway.

So, if there are several people with email accounts on a domain, I use a bounce, but if the domain is web only with no email addresses, I either wipe the MX reconds completely so no email goes through at all, or I blackhole everything.

py9jmas

1:26 pm on Sep 13, 2004 (gmt 0)

The spammers know the domain exists - it is listed in the DNS. They know you have mail exchanges set up - MX records in the DNS. By not sending bounces to non-existant uses, people will expect you to have received emails you haven't due to typos in the mail address.
Also by rejecting the email based on the RCPT TO address (bouncing it as non-existant), you save bandwidth since the email body is not sent to your mail server.

Leosghost

1:31 pm on Sep 13, 2004 (gmt 0)

I know what I meant ..but py9jamas and encyclo said it better ...think I'll go back to my loft conversion ;)