• Choose a category
• All
• Classic-Fiction

• Mail with subject “ILOVEYOU” (the iloveyou virus and variants)

• Mail with numeric usernames from aol.com and msn.com

• Mail with usernames beginning with a number from juno.com

All of the header checking rules go under LOCAL_CONFIG and LOCAL_RULESETS statements at the end of the .mc configuration file. With the help of m4’s divert command, sendmail just knows where to put them in the raw config file.

To some degree, any spam abatement that you implement blocks some spammers but raises the bar for the remaining ones. Use the error mailer with a “user unknown” error message instead of the discard mailer, because many spammers clean up their lists. Clean lists are more valuable, so you might get removed from some if you can intercept the spam, filter it, and respond with an error message.

Handling spam

Fighting spam can be a difficult and frustrating job. Past a certain point, it’s also quite futile. Don’t be seduced into chasing down individual spammers, even though lots will get through your anti-spam shields. Time spent analyzing spam headers and fretting about spammers is wasted time. Yes, it’s fighting the good fight, but time spent on these issues will probably not reduce the amount of spam coming into your site.

You can nail stationary spammers pretty quickly by ratting them out to their ISP, but hit-and-run spammers that use an ISP account once and then abandon it are hard to hold accountable. If they advertise a web site, then the web site is responsible; if it’s a telephone number or postal address, it’s harder to identify the perpetrator, but not impossible. Many mobile spammers seem essentially immune from punishment.

The various black hole lists have been somewhat effective at blocking spam and have reduced the number of open relays dramatically. Being blacklisted can seriously impact business, so some ISPs and companies are careful to police their users. Our main recommendation regarding spam is that you use the preventive measures and publicly maintained blacklists that are available.

Advise your users to simply delete the spam they receive. Many spam messages contain instructions on how recipients can be removed from the mailing list. If you follow those instructions, the spammers may remove you from the current list, but they immediately add you to several other lists with the annotation “reaches a real human who reads the message.” Your email address is then worth even more.

If you’d like to take a seat on the spam-fighting bandwagon, some web sites can help. Two awesome sites are maps.vix.com and www.abuse.net. www.spamrecycle.com asks that you email them your spam; they forward it to your state representative, who might choose to do something politically at the state level. This site also has a nice set of guidelines for protecting yourself against spam. The site analyzes the spam and uses it to help improve anti-spam filters. Three other web sites of note are orbs.org, spamcop.net, and cauce.org. orbs.org has the most effective open relay databases. SpamCop has tools that help parse mail headers and determine the real sender. The cauce.org site has good information on spam laws.

Spam examples

Though we don’t recommend analyzing spam as a matter of course, it is sometimes useful to know how to do it. For example, you may be called upon to explain why the CEO of your company received a solicitation for pornography (and to verify that it did not come from a company employee!).

In the next few pages we analyze the headers from some recent spam. These examples illustrate how hard it is to determine the actual sender and how easy it is to fake mail headers. First, some key points:

• Received headers should chain together from the top of a message to the bottom of the message.

• Any Received headers below the Date header are fake.

• Take note of any Received headers in which the two hostnames don’t match. The mail is probably being relayed through the first host (the parenthesized host is the real origin).

• A Received header with an old date is probably forged.