RE: Dealing with spam

atkins@rock.enet.dec.com
Wed, 23 Apr 97 12:00:46 EDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John D. Verne: "Re: Dealing with spam"
Previous message: Pamela Greene: "Re: Outdated FAQs"

Pablo Sanchez <pablo@sgi.com> writes:

> I maintain the Sybase (an RDBMS) FAQ in comp.databases.sybase. Due to
> my frequent exposure out on the net, my personal (pablo@sgi.com)
> account gets bombarded with spam. I've taken to creating a separate
> user on my machine (news_reader) for reading and posting the FAQ,
> however I still have the Reply-To set to "pablo@sgi.com"

> The "news_reader" user has a vacation() message setup to bounce back
> any spam to it.

> What do other people do?

> ps: I also filter all mail to "pablo@sgi.com"... only "known" people
> are allowed to mail me -- thx to sortmail()

I use several different addresses, but they're all forwarded to my 'real'
personal address - that way I only have to spam-proof one address.

steve@blighty.com runs through a procmail filter. This has a list of known
bad domains - any mail from these domains is discarded or bounced to an
appropriate address on a per-domain level[*].

Then regexp matching on the headers silently discards some more varieties of
spam (very specific checks, eg for [Cc]yber.[Pp]romotions).

Then a quick and dirty whois hack checks the nameserver for the domain.
Anything related to cyberpromo.com or a couple of other major spamsites.
Any matches are silently discarded or bounced to an appropriate address.
The result is cached in a whitelist or blacklist to cut down whois
resource usage.

At this point, very little spam is remaining. I check headers for a few
phrases (multiple dollar signs etc.) and bounce these back to sender
along with an explanation.

Anything that's left I actually get to read. I've checked the logs and
don't believe I've bounced or discarded anything I shouldn't have.

All this rubbish took a couple of hours to setup, and has saved me that
in wasted time and raised blood pressure. It all runs on my server, so
I don't have to download any junkmail to my home machine.

[*] agis.net are a prime example. Most of the major spam sites use
agis.net as their backbone connection. agis.net are happy with this.
agis.net get a lot of copies of spam from a lot of people.

Resources:
http://www.citi.umich.edu/u/rees/shame/
http://www.mcs.net/~jcr/junkemail.html
http://com.primenet.com/spamking/
http://199.237.156.124/~nathan/visit.cgi/html.JunkMail

Cheers,
Steve

Next message: John D. Verne: "Re: Dealing with spam"
Previous message: Pamela Greene: "Re: Outdated FAQs"