On 30 May, Professional Software Engineering wrote:
| At 17:39 2004-05-30 -0400, Don Hammond wrote:
| >I did read the post, and the blog. Sorry I didn't acknowledge it.
|
| My cite of it wasn't expecting acknowledgement [...]
I know that. If you were dependent on appreciation commensurate with
contribution, you'd be long gone. ;-) I just wanted you to know I had
seen it.
| Remember, spammers don't scrub bad addresses from their dbs. If you have
| just ONE account which you cycle, and you cycle it once a week, that means
| you have the potential of 52 new addresses for the spammers to harvest each
| year. For one user.
That is something I hadn't considered, thanks. I'd probably do it again
the same way, even considering this significant downside, because right
now the trade off is well worth it. Nothing is getting past the MTA
and I got really tired of chasing my tail with content filters. But I
know I've got some more work to do very shortly.
| >I agree with your points and do like your idea very much. Right now,
| >I host my own mail server but dns is done by my provider.
|
| If it's YOUR domain, and you have a reachable host (fixed IP), that system
| can be the authoritative master for the zone, but needn't be the host which
| is published as an answering nameserver in your domain registration (i.e.
| your host can control the zone contents, but doesn't have to answer queries
| - it merely sends notifies and performs a zone AFXR with the published
| nameservers). Setup for this is pretty trivial. Once set up, there's no
| need to get your hosting service to do anything when you want to make a DNS
| change, unless your IP changes.
Doh! What a great idea. I run private name servers for the lan.
Setting this up would be doable even for me!
| >For what it's worth, which is admittedly not much, this hasn't yet
| >led to a marked increase to those addresses, at least not apparently.
| >Although the overall spam (attempts) are increasing exponentially,
| >the User unknown rejections to these addresses are, so far, minimal.
|
| That will change over time. I'm seeing a *LOT* of hits on things which are
| not even addresses -- the spammers are harvesting messageids because they
| generally appear like addresses: (something)@(host.domain.tld)
I'm not seeing that. What I am seeing is open relays aren't used
anymore. It is almost completely zombied winblows machines on
broadband networks. All different ones. It's amazing. I've had days
where I get a flood of attempts lasting a couple of hours or more. When
it's all over, I will have denied as many as 1500 messages and the
highest number from any single ip will be 2 or 3, with only a handful
of those, and some 1300 or so will be from different hosts. I'm
convinced the spammers not only control all these machines, but they
have such fine grained control they can target specific destination
servers from thousands of these infected hosts at the push of a
button.
| >It didn't used to rely on plussed addresses. I have you to thank for
| >that. ;-) I used to use newly generated aliases. It was a discussion
| >some months ago where I learned that even if deh is undeliverable (it
| >is) I can specify deh+whatever in the virtusertable and it will be
| >deliverable.
|
| Ah, so deh isn't a valid account otherwise. That invalidates my point
| about the ERROR:NOUSER bit above, which was predicated on deh being your
| usual account. Using the ionvalid base account and then plussing on top of
| that means you don't have to maintain a list of the old expired accounts,
| which is good, though you still have to contend with the assault of
| connections to your MX.
Just about right. I have a catchall:
@tradersdata.com error:nouser User unknown
for each of the domains in the virtusertable on the SMART HOST. Nobody
has accounts on that machine, except for me, and that account is deh,
as it is on the other machines. Every valid recipient has an entry in
that virtusertable with a RHS of %1. That's also where the access.db is
maintained. If a message is accepted there, it goes to the internal
MAIL HUB. Anyway, it's mostly semantics, but deh is a valid account,
it's just disabled from the outside which renders it effectively
invalid. What's nice is that it's still valid for local mail, and
there's a lot of that. It would make this a lot less palatable if the
address for local mail was also a moving target.
| >unreachable from the outside. This means I never have to mess with
| >adding/deleting user accounts and only have to modify 1 entry in 1
| >virtusertable (on the SMART HOST) for each change.
|
| This could even be done with a cron invoked script... <g>
It will be as soon as I'm happy with the way everything is working. As
I mentioned, I've been tweaking the procmail recipes that handle all
this and I want them absolutely bulletproof before I turn it loose on
its own. ;-)
| >1. Limits spam. Right now it has eliminated it except from lists.
| >2. Does not transfer the cost to others.
|
| Both good objectives, particularly the second one.
Thank you. I think so too.
|
| >at all. The only place it won't do any good is in an address book.
|
| Heh, and that means your address is reasonably shielded against viruses and
| spyware harvesters.
I mentioned some weaknesses, as yet unexploited. Unfortunately, not all
the morons who manage to get infected are strangers on mail lists. Some
are friends and acquaintances who have "real" addresses. So I'm not
completely insulated, but I think I'm better off than most. That, and
people who insist on exposing recipient lists in To: and/or Cc: headers,
and others who give my address to third parties (like plaxo.com,
cooleremail.net, returnpath.net, didtheyreadit.com, etc.) without asking
me if it's ok, are the weak link in this. I've received viruses, and
been joe-jobbed on viruses from specific emails like this I can
identify. As long as other people are careless, nothing is going to be
bulletproof.
|
| Low-administration avoidance in the here and now, plus connection shedding
| for the long term.
I've got the first part of that and will be working on the second.
I have an ace up my sleeve. I also have tradersdata.net, which is
unused now, so if this ever blows up I'll change everything over.
When I'm ready with something like what you're talking about, I'll
probably start it up with that domain.
Thanks again for the ideas.
Don
--
Email address in From: header is valid * but only for a couple of days *
This is my reluctant response to spammers' unrelenting address harvesting
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail