« Possession is nine tenths of the claw | Main | Professional optimist »

More frustration in the spam wars

Jeremy is encountering the same problem we did a few weeks ago: someone sent him mail (regarding his new book, which I would probably find really cool if I was using MySQL at that level) and his attempt to reply prompted a “prove you’re not a spammer” challenge from TMDA, a challenge-response system not unlike SpamArrest. The summary is that when you initiate the conversation, you shouldn’t then be sending challenge-response messages when they reply. (Do you ever wonder why people aren’t responding to your email?) I’ll just reiterate that I don’t think this is the way to win the spam battle. The comments to Jeremy’s post are quite interesting, actually, because he has enough readers to have comments on both sides of the issue.

I seem to post about spam a lot, but it has been a significant problem for me in this job. Our poor little gateway mail server gets hammered with spam daily. We reject between 6,000 and 8,000 connections daily based on a few DNS block lists, which means we simply refuse to “talk” to these addresses no matter what they’re sending. There’s only thirty of us in this office, so we’re averaging over two hundred rejections per person, per day. Then SpamAssassin kicks in; I don’t know how many it tags for the whole office, but it’s more than one per hour for me. Then three or four more per day make it down to get filtered by Apple Mail (or many of our Windows users use POPFile.)

That’s got to be more than half our incoming mail. It’s probably past sixty percent, maybe more like seventy. That’s disgusting.

Now we’re hearing more about a variety of spam being classified as “SEO Spam,” or Search Engine Optimization spam. It’s not driven to create a sale right away, like the UCE in your mailbox; rather, it is taking advantage of the community-driven parts of the Web to create more links to a site in hopes of gaming the search engines. It includes comment spam on weblogs, like the stuff that drove me to install MT-Blacklist, and now Wiki Spam. Unlike UCE, which is driven by the idea that if we send email to enough people, eventually we’ll find someone who wants what we’re peddling, SEO spam is driven by the idea that everybody is searching for what we’re selling, and therefore we must put billboards everywhere. Growing up in a state which outlawed billboards in my lifetime for an analogous reason: Eeeyugh.

(Cute new ecto trick below. Not sure if I’ll keep it, particularly since I usually wind up writing across several songs.)
Now playing: Blues For Your Baby from the album Too Close To Heaven • The Unreleased Fisherman’s Blues Sessions by The Waterboys


“We reject between 6,000 and 8,000 connections daily “

If you think that’s bad, my server is blocking 15,000 connections PER DAY - and we only have 5 employees!

the spam thing is getting seriously out of control.

the person moaning about tmda was really just moaning about a misconfigured tmda system.

first, you shouldn’t just use tmda. you should use it with blacklists, spamassassin and a virus scanner (even if you just run linux/unix).

second, tmda should also process the mails you send. it should either tag your from address (so kevin@ie.suberic.net becomes kevin+a.cookie.that.will.expire.in.a.few.days@ie.suberic.net) or whitelist the address(es) in the To and Cc fields.

c/r systems are not new. the login/Password prompts are a c/r system.

Post a comment