Odd Comment About Spam

I was very puzzled to see Russell Coker write:

Therefore the only acceptable method of dealing with spam is to reject it at the SMTP protocol level. Currently I am not aware of any software that supports Bayesian filtering while the message is being received so that it can be rejected if it appears to be spam, it would be possible to do this (I could write the code myself if I had enough spare time) but AFAIK no-one has done it.

I’ve been doing exactly this with Postfix, amavisd-new and SpamAssassin for many years now with great success, rejecting spams at the SMTP level via Postfix’s pre-queue content_filter mechanism using SpamAssassins Baysian filtering, anti-spam rules and blacklist support.

Unfortunately because Russell is using Blogger and requiring people to register I can’t leave a comment for him (as I’ve no desire to sign up for an account with them just to leave a comment).

Update: Corrected link to point to the actual post on Russells blog that I’m talking about!

419 Spam Giggle

Had a 419 spam this morning that slipped through the filters (now fed to SpamAssassin) that started with the following – do they know something that I don’t ? 🙂

Dear Fiend,

Sadly it’s probably just an attempt to evade the “Dear Friend” test..

0.8 DEAR_FRIEND BODY: Dear Friend? That’s not very dear!

Anti Virus Company Recommends You Don't Use Windows

It used to be the joke was “Friends don’t let friends do Windows” – well now it’s a case of many a true word spoken in jest.

The UK anti-virus company Sophos is reportedly recommending that you don’t use Windows any more due to its increasing vulnerability to attack.

Security threats to PCs with Microsoft Windows have increased so much that computer users should consider using a Mac, says a leading security firm.

As someone who is constantly having to fight spam because of Windows PC’s that have become infected by viruses, trojans and other malware I second the call – please think twice before buying a Windows PC!

New Blog Anti-Spam Tools

Recently I’ve added a three new tools to my anti-spam arsenal. A few weeks back Rich gave me a heads up that he’d gotten the time to modify the WP 2.0 Akismet plugin to allow you to simply ban spamming IP addresses to your blog based on what Akismet classifies as spam.

Basically you get a top-10 of comments ordered by IP address and URL allowing you to quickly dispatch (and ban in the case of IP addresses) those evil posts. It works rather nicely, I must say.

This evening I’ve just added the Did You Pass Maths plugin from Aussie Steven Herod which is kind of a numeric captcha plugin for comments.

But this won’t stop trackback spam which seems to come in bursts, so I’ve also added the Trackback Validator Plugin from the Computer Security Lab at Rice University which visits the referrers of trackbacks received to ensure that there is really a link to you from that site in that page.

It’s not infallible as spammers can still configure a fake blog with links to your site, but they believe that when that happens it is no longer completely a spam trackback as it does originate from a real posting somewhere – just that you may disagree with the content and agenda behind it.

So, we’ll see what happens!

“HELP STOP CRIME/FRAUD” spam/scam

Well well well, it would appear that Nigeria’s “Economic and Financial Crimes Commission” has decided to email me personally to tell me that I may be the victim of fraud, and should email my “Name, Address, email and telephone number” to their excite.com email address (or should that be the universia.pt one in the headers ?), and forward it to all my friends so they can do the same thing.

Of course it’s not at all suspicious that a Nigerian agency would be sending from a Portuguese IP address that has been blacklisted for repeated 419 scam emails by SpamHaus – oh no!

Anyway, if you want a laugh at the email the 419 scammers are now sending out in their attempts to use the commission that was set up to get them to get you instead, read the whole posting..
Continue reading

Greylisting Looking Good

Woo-hoo, looks like Postgrey does exactly what it says on the tin.

Here’s the graph from this morning after activating it last night (Saturday 24th) at about 11pm; look at the sudden end of spam (grey) and increase in rejected/defered (red) email! Only 2 little blobs of grey after that showing the grand total of 2 spam messages that got through.

Graph of spam, rejected & virus email to csamuel.org 09:00 2005/09/25

CSamuel.org Anti-Spam Greylisting Activated

I’ve now installed and activated Postgrey, a Postfix policy service that implements “greylisting”.

So any email coming into csamuel.org for any email address hosted here will get a “try again later” message, the sending email server should retry it later. Spammers on the other hand usually try once and then move on because they’ve got so much email to send.

If you see any email rejected from csamuel.org, auties.org or donnawilliams.net because of this please email the user Postmaster, who won’t have this test applied

This is a pretty impressive graph from the guy who wrote Postgrey to show what happened when he activated it for him on the Tuesday.

David Schweikert's graph of email after activating Postgrey