Archive for the 'anti-spam tips' Category

Aggressive AT&T spam filters… especially SBCglobal.net

Thursday, February 12th, 2009

There seems to be a common theme from people who’ve requested a Spider key (4,000 in 36 hours!) but not received one (mainly sbcglobal.net email accounts). (update, add shaw.ca to the list)

So I did a bit of digging, and it seems that SBCglobal.net is owned by AT&T, and AT&T made news headlines such as “Enraged AT&T spam filter eats legitimate mail” less than a year ago.

The problem with aggressive spam filters that the ISP controls is that the end user is almost always unaware that their email was blocked at the ISP level.

The email never gets to the end user, or their personal spam filters, so saying to “check your spam filters for the email from my server” doesn’t help, because the ISP rejected it at their level… just bounced it, or ate it.

My advice, if you use AT&T or any other company who are over-aggressive in their filtering, and you think you may be missing legitimate email, is to use GMAIL from Google. They are great at detecting spam, but leaving legitimate email alone.

Really Mad At The SORBS Real-Time Blacklist (RBL)

Wednesday, January 28th, 2009

What a wonderful system the guys at SORBS (”Fighting spam by finding and listing Exploitable Servers”) are running.

Seriously.

They have my server (where I host the scamfreezone.com domain) on their email blacklist (also known as a realtime blacklist or rbl).

Why?

Because it’s in an IP-range that they received spam from.


Record Created: Sun Nov 5 23:52:32 2006 GMT
Record Updated: Mon Jan 26 12:56:10 2009 GMT
Additional Information: Received: from 65.182.186.215 (EHLO mailserver.wfhsecrets.com) (65.182.186.215) by server with SMTP; Sun, 05 Nov 2006 xx:xx:xx -0800

(note, the IP address listed as the spam source is NOT my server!)

My IP address is a dedicated IP address, unique to my server. It’s not my IP address that the spam came from, but one similar to it. SORBS have blocked a whole range of IP’s including the one they claim the spam came from.

That’s just terrific. It’s like saying, “because the guy in the house next to you sent out hate mail, you are guilty too”.

What rubbish.

My server is on NO OTHER realtime blacklists that I’ve checked… and I’ve checked over a hundred using this Multi DNS blacklist (DNSBL), Real-time Blackhole List (RBL) lookup and got the results… “Very Good: found in 1 RBL/DNSBL”.

Guess who that one is… SORBS.

It just gets better… the spam that SORBS has me on their list because of… was sent in November 2006!

You would think being on their blacklist probably isn’t important, right? Wrong. Some mail systems check the SORBS database. See…


A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:


SMTP error from remote mail server after RCPT TO:
:
host grey-area.mailhostingserver.com [209.62.85.74]:
554 5.7.1 Service unavailable; Client host [65.182.186.230] blocked using dnsbl.sorbs.net; Spam Received Recently See:
http://www.sorbs.net/lookup.shtml?65.182.186.230

So how do you get OFF their RBL?

You’d think it was easy, right? Considering you didn’t actually send the spam you’re blacklisted for. You’d be wrong. It isn’t easy to get off the blacklist.

SORBS told me…

You are an innocent party that has been included in a escalated listing because your provider is happy to host spammer(s) that have spammed a SORBS spamtrap or admin.

You are not required to make a donation for delisting as the entry was not generated because of your actions, however the listing will not be removed until your service provider terminates the spammers or makes the required donation.

Please take this issue up with your service provider and have them contact us directly, there is nothing you can do yourself to have this listing changed or removed.”

So I got my webhost to contact SORBS, and SORBS replied…

“We’ve explained what it takes to them. If they don’t like it, it’s up to them.”

You’ll notice SORBS mentions a “required donation”. Hmmm. Checking on that, you find that SORBS says, “The ‘fine’ was created to stop spammers from quickly removing themselves from the database. It also has the side effect of reminding people the hard way that they are responsible for their own actions.”

Interesting how they say, “responsible for their own actions”, but acknowledge that I’m an “innocent party”. What a wonderful system, eh?

The fine is $50 per spam received, and they say the “the easiest way” to pay it is to send the “donation” to “The Joey McNicol Legal Defense Fund”. What the heck is that? Some legal defense fund for an Australian? Coincidentally, SORBS seems to have an Australian connection in their domain name (au.sorbs.net). If you do send your donation there, SORBS says, “Payment here is usually immediate, and delisting usually takes place within 24 hours.” How handy is that?

Alternatively SORBS will, “accept nominations for good causes and charities to act as recipients instead” as long as that “good cause” is happy to send a receipt to SORBS (good luck with that!).

My final comment is to quote SORBS again…

“The one place the ‘fine’ will never go is to a SORBS admin or project. Comments have been made that SORBS should setup a trust and periodically donate the ‘fines’ to the nominated charities. This is currently not an option, pending legal advice, as it is likely this would cross the legal boundary of extortion or blackmail“.

(update: As I understand it, Joseph John McNicol complained about a company (The Which Company, trading as T3 Direct, a direct marketing company) spamming him, and the company took him to court in Australia claiming $40,000 in damages because the complaint resulted in them landing on the SPEWS blacklist. SORBS seems to be supporting the defense of Joseph John McNicol. Although why they’re still soliciting donations when Joseph John McNicol won the case in 2002, I don’t know. Perhaps they should state more explicitly that Joseph John McNicol won and that “Any unused amounts in this fund will be made available to defend other actions brought by spammers against people who fight spam”? (source)

(update 2: just found this link which calls SORBS “a fake blacklist”. Very interesting background on SORBS. The good news is that, “Only a few dozen sites have been found to use SORBS. They don’t use SORBS long.” Good. They also say, “If you are a SORBS Victim
Do not bother contacting SORBS. Contact the blacklist user by some other means, and ask them not to use SORBS”. Makes sense to me.)

How I Dealt With 42,365 Spam Emails Per Day!

Thursday, July 24th, 2008

Here’s the YouTube movie of my new solution for dealing with 42,365 spam emails per day…

For a larger version of the movie, please click here

Until a few days ago, I forwarded all my @scamfreezone.com email to my Gmail account and downloaded the filtered emails.

Unfortunately, Gmail got swamped. I had 1.27 MILLION emails in the spam folder. That’s an average of 42,365 hitting the account every day! The spams were taking up 5.7 GB of webspace.

But the real problem was that spams were slipping through the Gmail filters, and I was having to download them and delete them. I use Windows Mail on my desktop, and found its anti-spam “rules” to be clunky and difficult to use.

So I set up a new system, which I’m very happy with.

I created a Spam Arrest account and let it check the Gmail account. Spam Arrest checks incoming email against my whitelist of senders. Any sender who isn’t on my list gets sent a “challenge” email asking them to verify that they’re human.

I now download my emails from the Spam Arrest account, and I only get emails from people on my whitelist or people who’ve verified themselves.

For the next few days, I’m checking the Spam Arrest account via a web-browser, just to make sure it’s getting things right. So far it is… the stats are 190 emails processed, of which 115 were spam and 75 were good emails. So that’s already saved me from downloading and filtering the 115 from the 75. :)

(you may be thinking why didn’t I just miss out the Gmail account and set up Spam Arrest to get emails from the scamfreezone server. The answer is that I don’t think Spam Arrest would be happy sending out 42,365 challenge emails each day just for me! I also think Gmail’s spam filters are quite good, so it seems best to leave that working and have Spam Arrest work on the Gmail-filtered emails)

What do you think? Have you got a great anti-spam system? Could you improve on mine? Leave a comment below…

Hundreds of Megs of Spam

Thursday, January 24th, 2008

If you register domains and slap up websites with a quick sales letter, freebie giveaway or a bunch of articles for adsense… you’ll want to keep reading…

Go to your server admin area (usually Cpanel) and click on “List Accounts“, then look at the table containing all your domain names and find the column “Disk Used“.

If you’re like me, you’ll be in for a nasty surprise. Some of my websites which just had a few webpages were using up hundreds of megabytes of disk space.

How can that be?

It’s simple. All the pesky spam arriving at the email box was just sitting on the server, using up disk space.

Right now I’m deleting almost 60,000 spams… from just one account. They’re taking up almost 200Mb of space!

I cleaned two accounts yesterday, and have more to do. I guess I’ll free up over a gigabyte of space by doing this spring clean.

The next step is to enable SpamAssassin for each account (it’s under Mail Manager), set the score to a nice low number (I’m using 2 instead of the default 5) and click the link that says “To simply have the server DELETE and NOT deliver emails that are tagged as spam by SpamAssassin, click here now.

Boom. Bye, bye spammers. Hello tons of extra server space. :-)

Dealing With Wordpress Blog Comment Spam

Tuesday, August 7th, 2007

I found this nifty plugin which allows me to check the blog comments for spams that managed to get past my filters.

It’s called Paged Comment Plugin.

It allows me to see *all* the comments at the blog, not just the last 20 (which is the Wordpress default).

With the amount of spam comments this blog gets (most of which are caught and not displayed), the last 20 comments page fills up really quickly. Now, thanks to this plugin, I can go back through previous pages of comments.

I’ve checked the last 300 comments. If anyone spots any spams elsewhere, please let me know. :-)

Nonsense Spam makes sense to spammers?

Wednesday, July 25th, 2007

Is anyone else getting hundreds of pieces of totally nonsensical spam?

An example would be, “amethystine deluxe, dividend bethesda astrology, butyrate approbation“.

There’s no link to click on… nothing’s being sold, so what’s the point of “Nonsense Spam”? Why would someone send junk email like that?

Well, if nothing’s being sold, there must be a value in actually sending the emails. Presumably, some mega-computer is analyzing the bounce messages from their mailout… the spammers can then work out which “Nonsense spam” emails were delivered and sell the email addresses.

It’s actually quite clever because it also hurts the Bayesian spam filters. If users label these “Nonsense spam” emails as junk to a third party such as Cloudmark, the filter will consider the words and context of the email when building its algorithm. So if actual users feed the filter random junk, the algorithm will, presumably, become less effective.

So the spammers get a list of deliverable email addresses as well as hurting the spam filters. :-(

Google Email Dance…

Friday, April 27th, 2007

When something goes wrong with my regular email account (which does happen once in a while… especially when I’ve had my online business for a decade), I switch to my Gmail account. (Here’s where to sign up for an account)

Sometimes, it’s not even that something goes wrong with my email account, it may be that an email from my server doesn’t get through to the customer for whatever reason (over-zealous spam filters, spam blacklists). With a Gmail account, I can log in and try to get an email through to the customer a second way… and potentially get to the customer before they get concerned that I’ve “taken their money but not sent the product”.

I used my Gmail quite extensively after my server died. :-) As soon as I got the domain up and running again I just forwarded all email going to “anything @ scamfreezone.com” to my Gmail account.

But, Gmail isn’t as good at filtering out spam as the Cloudmark Desktop plugin I had running in Outlook.

Hmmm, what to do?

Well, fortunately, Gmail allows you to access your email via POP (meaning you don’t have to actually log in to your Gmail account via your web-browser, you can login and manage your email from your desktop application such as Outlook or Outlook express).

So, I’ve just set my Gmail account to allow POP access, entered the details into Outlook and am now happily checking my email via my desktop. :-)

And the best bit? Gmail filters the incoming email for spam, then lets me download it… at which point Cloudmark filters the incoming email. Bingo. Double spam filtration… and a lot less work for me clicking the delete button. ;-)

My anti-spam Cloudmark statistics

Monday, July 24th, 2006

I just thought I’d update you on my Cloudmark anti-spam statistics…

Time saved to date (hrs)         22
Money saved to date           $440
Emails processed to date  15,215
Spam caught to date          8,091
Spam I’ve blocked to date      290

So I’ve “helped” the Cloudmark system by notifying it of 290 spams. On the other hand, it’s blocked 8,091 spams saving me 22 hours of time since May 10th… the last 10 weeks. Not bad! As for saving $440, well, it should be more like $11,000 if you ask me. At $40/year or $4/month, I think this is a phenomenal purchase. :-)  

If you want to try it, click this link to get your free 15-day trial download. If it works for you, please use this referral code… eaa76 … when you purchase and I’ll get a free month. Thanks. 

BTW, That means I’m getting about 200 emails per day, of which about 105 are spam. I’m guessing about 90% of the rest are automated sale receipts, support ticket notices, affiliate commission notices, mail delivery notices, vacation notices and non-spam promotions from marketers… so I get about 10 genuine personal emails per day… roughly. :-)

Mental note: Decrease incoming email volume for an easier life. ;-)