Category Archives: Spam

Postmaster Resources

This post is as much to help me remember as it is to help other people.

Below is a list (not comprehensive) of the postmaster resource pages for some of the major email providers.

Microsoft / Outlook https://postmaster.outlook.com
Google https://postmaster.google.com/
Yahoohttps://help.yahoo.com/kb/postmaster
Comcasthttps://postmaster.comcast.net/
AOL https://postmaster.aol.com/

On these sites you can get information about how the provider handles spam, feedback loops, blacklists, whitelists, etc.

Very useful for those managing mailing list servers.




Related posts ...
Here we have an example of a very lazy blog spammer. At least put some
Back in October of 2012 I devised a way of blocking abuse of my mailing
Most ISP's and network providers have specific email addresses that you can report abuse to.
A while ago I added a new anti-spam technique to my mail server setup called

Lazy Blog Spammer

Here we have an example of a very lazy blog spammer.

At least put some effort into it … if you’re going to the effort of spamming blogs, at least fill in the substitution variables.

Sheesh

Related posts ...
This post is as much to help me remember as it is to help other
Back in October of 2012 I devised a way of blocking abuse of my mailing
Most ISP's and network providers have specific email addresses that you can report abuse to.
A while ago I added a new anti-spam technique to my mail server setup called

Mailbait Threats

Back in October of 2012 I devised a way of blocking abuse of my mailing list server by detecting mailbait abusers (mailbait.info offers a ‘service’ to fill your, or someone else, mailbox with unwanted mailing list subscriptions). In June of 2013 I refined the technique.

Basically I detected if someone was visiting the mailing list subscribe page from mailbait.info and sent them to a special page that also annoyed them by popping up hundreds of javascript alerts about not spamming people.

Regardless of the popups, people still try to use mailbait to involuntarily subscribe people to my lists (well, try at least, my lists require a closed loop confirmation system).

Today I received the following threat from a mailbait.info user ..

threat.

I’m inclined to ignore the ‘warning’ … but I find it somewhat satisfying that my approach has annoyed someone sufficiently.

As an added measure, I’ve updated my system security mechanism to block any IP that attempts to use the mailbait service more than once.

Related posts ...
Here we have an example of a very lazy blog spammer. At least put some

Most ISP's and network providers have specific email addresses that you can report abuse to.

A while ago I added a new anti-spam technique to my mail server setup called

Fair warning: This post is pretty darn technical and is of little interest to people

Abuse Addresses

Most ISP’s and network providers have specific email addresses that you can report abuse to.

These addresses can be looked up using a whois tool.

Recently, I’ve noticed a number of those addresses that just don’t work the way they are supposed to.

Continue reading

Related posts ...
This post is as much to help me remember as it is to help other

Here we have an example of a very lazy blog spammer. At least put some

Back in October of 2012 I devised a way of blocking abuse of my mailing

A while ago I added a new anti-spam technique to my mail server setup called

Adding Envelope Sender in sendmail

Fair warning: This post is pretty darn technical and is of little interest to people who don’t muck around with Linux and/or mail servers.

Recently I had a problem with someone on a midrange.com mailing list where they sent obvious spam.

The problem was, they were a subscriber to the list and had posted before … so the normal counter measures for that didn’t work (the first post for all subscribers are held until approved, to prevent people from subscribing, posting spam, and unsubscribing).

The puzzling thing about this was … the ‘from address’ on the message was not in the subscriber list.

Turns out that Mailman will accept message based on the FROM address of the message or the SENDER address (also known as the envelope-from).  The sender addressed is set by the sending mail server and is not normally in the body of the message.

After a bit of digging around, I figured out a way to add this information to the message headers so I can more easily diagnose the problem in the future.

Continue reading

Related posts ...
I put together a new SpamAssassin rule that will help identify spam from spoofed email

Running SpamAssassin after a Fedora Core 6 update results in "Use of uninitialized value in

Recently I noticed that there's a lot of temporary files in the /tmp directory on

A while ago I added a new anti-spam technique to my mail server setup called

Blocking Mailbait

Recently I’ve been getting a lot of mail from the feedback loops I subscribe to indicating that someone has gotten a subscription confirmation message and they considered it spam.

After digging into my logs I noticed a few things …

  • The subscription requests are being initiated from TOR exit nodes.
  • The web requests that initiate the subscription have “mailbait.info” as their referrer.

This ‘mailbait.info’ service is supposed to allow you to fill your mailbox … why anyone would want to do this is beyond me … and it has absolutely ZERO protections against submitting someone else’s email address.  As such, it just ends up generating spam.  And a lot of the twits that are using this ‘service’ are hiding behind TOR nodes, which protects their IP address.

Continue reading

Related posts ...
This post is as much to help me remember as it is to help other

Here we have an example of a very lazy blog spammer. At least put some

Back in October of 2012 I devised a way of blocking abuse of my mailing

Most ISP's and network providers have specific email addresses that you can report abuse to.

DKIM Rule – SpamAssassin

I put together a new SpamAssassin rule that will help identify spam from spoofed email addresses.

Some email providers always sign email with DKIM or DomainKeys … based on this assumption, if you get a message from one of those domains and it isn’t signed, you can assume its more likely to be spam.

This particular rule operates on the assumption that all mail from Yahoo & Gmail will be signed.  It does not, however, raise the score a huge amount … because it’s just more LIKELY to be spam if it’s not signed … it’s not guaranteed to be spam. Some people may use the Yahoo or Gmail account’s in the from address, but not actually send from that service.
Continue reading

Related posts ...
Well, our good friends at Yahoo are at it again. Once again they are deferring

It's nice that many of the major mail providers give you the ability to report

As I mentioned before ... even though I'm participating in Yahoo's Email Complaint Feedback Loop,

While doing a little searching, I found some information on email feedback loops for other

Epsilon

By now everyone’s probably heard about the data breach at Epsilon … which resulted in a lot of major eCommerce vendors customers mailing list getting stolen.

Personally, I’ve gotten notifications from Chase, Walgreen, Tivo, Best Buy, 1-800-Flowers, and a few others … informing me of the breach and assuring me that no critical information was stolen … just my email address.

What do you do now?

Nothing, really.

Continue reading

Related posts ...
Back in October of 2012 I devised a way of blocking abuse of my mailing

Over the holiday weekend, I experienced the ultimate computer security mechanism: "Spontaneous Security" I was

OK, I've had this phone a few weeks ... time for me to list some

What a pain ... Discover card has issued Ginny and I new cards with new

Spam Retaliation

I’ve got a slightly new policy when it comes to spam.

If given the option, I’m going to change my email address in the spammers database to spam@uce.gov.

So the next time the spammer tries to send ME junk, they will be reporting themselves to the Federal Trade Commission.

Yeah, I know, it won’t do a LOT of good … but it makes me laugh.

Related posts ...
Here we have an example of a very lazy blog spammer. At least put some

Back in October of 2012 I devised a way of blocking abuse of my mailing

Most ISP's and network providers have specific email addresses that you can report abuse to.

A while ago I added a new anti-spam technique to my mail server setup called

Spam Observations

I’ve noticed an interesting trend in the comment spam I’ve been getting (luckily few of it gets through).

There seems to be three basic categories …
Continue reading

Related posts ...
This post is as much to help me remember as it is to help other

Here we have an example of a very lazy blog spammer. At least put some

Back in October of 2012 I devised a way of blocking abuse of my mailing

Most ISP's and network providers have specific email addresses that you can report abuse to.