Harmful spammers

jefu jefu@cs20.eou.edu
Wed, 10 Oct 2001 15:20:06 -0700


There are a couple things to do that can at least cut down on spam.

1) Make sure that your mail gateway, or (in this case) the mailing 
   list host is not an open relay site.  Check 

   http://www.mail-abuse.net/

   and especially 

   http://www.mail-abuse.net/rss/

   for more information.


2) Every time you get spam, locate all the hosts it came through
   in the header.  Check both hostnames and ip addresses as one 
   of the common spammer techniques is to give a different hostname
   than the ip address maps to.  These are in the "Recieved-by:"
   headers.  Then send mail to everyone reasonable at the site you
   get.   If there are any mail addresses in the body of the
   message, add them too - similarly with web addresses. 

   Given a site name of "foo.bar.com", my usual list of
   addresses is :
       root@foo.bar.com
       administrator@foo.bar.com
       postmaster@foo.bar.com
       webmaster@foo.bar.com
       abuse@foo.bar.com
       mail-abuse@foo.bar.com

   I have a program to generate this list, as often I send mail 
   to several sites at a time.  

   In that mail, complain about the spam and include the entire
   mail message that you got (including the headers).    (If I
   get really bugged - for example by getting the same spam over
   and over again, I'll often include a huge image file that
   contains the text "SPAM IS BAD" just for amusement.  This
   technique is for experienced drivers on closed courses only.
   Don't try this at home.) 

   If your MUA supports changing your "Reply-To:" and "From:" 
   headers, change them to something nonsensical.  
   Ignore mail bounces. 

   Often the sysadmins will do their best to fix the problem,
   however, many recent spams have originated in China and
   they don't seem to be doing much to change that. 
   
jefu     
-- 
jeff putnam -- jefu@eou.edu -- http://cs.eou.edu/~jefu