(this post is very light on procmail content)
At 01:25 AM 6/12/97 +0300, Antti-Juhani Kaijanaho wrote:
[snip - nospam subdomain for filtering mail]
You and they realize, of course, that that scheme will be doomed.
Many people add a nospam tag to their email addresses; no doubt have many
spammers learned to remove it.
While this is fairly easy to filter out if the spammer is adding addresses
manually, the only cost-effective way for spammers to collect addresses is
to dredge them from usenet posts and mailing lists. On many mailing lists,
you can conceal your address (on the listserv directory), although if the
spammer subscribes, or the list is archived to the web (as procmail is),
your address will be visible for the asking - they just have to spend the
time to get it.
In the short time I've used a specific address for usenet posts, I've found
that a large number of spam sinks on it. I have yet to recieve any spam
directed to the filtered address. I was using
"fusenet(_at_)(_dot_)(_dot_)(_dot_) - remove
leading f in uid for email replies" where "usenet(_at_)(_dot_)(_dot_)(_dot_)"
was the valid
address - this still resulted in mail being directed to my account (a
virtual domain), but at least I was capable of tossing out most of it.
Mail to the fusenet address resulted with a bounce message to the sender
(from a no-reply-accepted bot address) informing them that there are
anti-spam mechanisms in place. Since spam often has bogus return
addresses, McSpammer doesn't even get this reply.
One must come to accept that no solution will net 100% protection as long
as the spammers are willing to invest time to attempt to get around your
filter or address scheme. However, as long as you can identify mail going
to the one account as being spam, or being from questionable sources, you
have that much more at your disposal to use to reduce your spam traffic:
If two spammers mail to your nospam address, and another one has the time
to edit your address to get it into your real mailbox, then you've recieved
only one spam (and even that one might be caught by whatever filtering you
have in place, if any). Without it, you'll get three.
And in my experience, I'm finding a LOT of email directed at addresses
culled from usenet. A few months ago, I made the mistake of posting a
single followup to someone from my (until then) unpublished work email
account. The very next day, I had two UCEs, and in the following week,
several more. I don't think it was coincidence.
IMHO, if they're all that big (1400 users), they
should want a secondary MX machine anyway...
They do have one, but they use it only for backup. IMHO, when an
I checked the DNS, and it appears they have three MX for the primary domain
(there are others listed for various subdomains as well, though those
appear to be offsite servers):
10 mail.iki.fi (aka jatko)
11 mail2.iki.fi (aka alku)
20 mail.clinet.fi
The first two would be candidates for having sendmail configured to do
anti-spam filtering, since they're local (clinet.fi is presumably an
outside site, and acts only as a mail queue for when iki.fi is down). My
original recommendation was to have nospam on a secondary server (alku in
this case), plus the external queue as well. This keeps the filtering load
off of the primary server (jatko).
association offers you a permanent address for which you have to pay
130 marks (some 26 US dollars) once -- no annual fees -- you should be
happy. Take what you are given and perform the mail filtering on the
destination host, if necessary.
Certainly, take what you can get - a PERMANENT email address is a good
thing - *IF* you can keep it from becoming ANOTHER location for receiving
spam. I have no knowledge of iki beyond mention of the mail forwarding
here. However, if they're forwarding UCE originally mailed into their
system, then they're USING BANDWIDTH to send along messages that the users
of the service don't actually want (or at least if they had a filtered
nospam subdomain, those users who elect to use THAT don't want spam), and
which they could conserve or use for other purposes if they spent some CPU
cycles on the server to filter out known trash before forwarding anything.
I'm sure there are people who will disagree, but in my game of life, CPU
cycles (and disk even) are far cheaper than bandwidth.
Offering filtering - or accepting assistance to set it up, would benefit
IKI and its users. Whatever cost of the time to set it up (and probably
more than occasional maintanance) would be offset by the improved use of
bandwith.
Alternatively, one can always volunteer to coadminister the site. As IKI
is an association, it is not exactly a 'they', but a 'we'. What IKI
offers, depends on the volunteers.
The use of 'they' works for 'me' because 'I' am not a member. And 'we'
have our hands full of projects already. :)
I would imagine if they don't already do filtering (esp at a procmail
level), offering assistance with writing and administering a filter would
be a good thing for a concerned user to do -- IF they can get 'we' to
implement it for the users to begin with.
From appearances, they have a WIDE range of IP addresses in their DNS - I
suspect they register iki subdomains for members, and set up MX for those
users (was this mentioned?) - if you spoke nicely with your CURRENT mail
admin (not iki), you could probably get them to add your subdomain in their
W class (sendmail.cw), and route all the mail to it to your mailbox. Then
have iki simply host the DNS record directing the MX to wherever you are
(yes, there's a delay in switching, caused by the way NS information
propagates the net). You'd need to get whatever host you're getting mail
at to make the change (I can't imagine many wanting to do this), but it is
another method -- and is capable of accomplishing the goal of having the
host you're at perform SMTP spam filtering. If you change local providers
at some point, you can request (I assume) that iki.fi change the DNS record
to reflect your new provider, and if your new provider won't virtual host
you, you get it directed back at iki.fi, and forward from there. With the
MX pointing directly to your destination mail provider, the only traffic
hit iki.fi would take is the (cached) DNS lookup - no incoming/outgoing
SMTP traffic.
Yes, it'd be a pain. But as long as you're not changing providers
frequently, it shouldn't be a big problem either.
<I'm rolling in laughter after seeing that some iki.fi systems get services
from -- get this -- sci.fi !>
BTW - if *I* was part of the co-administration 'we', I would recommend
adding the placeholders for "nospam" just so members could use the address
alternate at will, and then later (as time permits), deal with bringing
filtering online (and until then, those who choose to do so are at least
only distributing the address which will have systemwide filtering, rather
than the unfiltered address). That is me though - and I already am aware
I'm a weird one.
---
Sean B. Straw / Professional Software Engineering
Post Box 2395 / San Rafael, CA 94912-2395