Re: [NTLK] [OT -- for sure] Spam?

From: Morgan Aldridge <morgant_at_makkintosshu.com>
Date: Wed Jul 22 2009 - 07:51:21 EDT

On Tue, Jul 21, 2009 at 9:54 PM, Bob Carls Dudney<kosmicdollop@saber.net> wrote:
>
>>email servers don't drop mail when it hits an unknown mail box [sl. edited]
>
> Good to know. For some reason I had the impression if the address was
> invalid the server rejected it. Perhaps because I get messages
> telling me that when I send to an invalid address.

Most mail servers these days do reject email recipients that don't
exist on their server. Of course, if you have a catch-all address
configured, they'll go there, but it's really not advised due to all
the spam it'll collect.

> But I suppose in terms of internet traffic and the short length of
> vast majority of spam, it wouldn't really save much to block receipt
> if the server is always returning a message to the sender saying
> invalid address. Once all the trouble of connecting servers happens I
> suppose a few K more packets sent along the path isn't significant in
> the big scheme. (Anyway, the header's usually much bigger than the
> spam message (whenever I've looked).)

Yes, it is much easier to do that and while it does use some bandwidth
to try to reject each of those messages, it's better than letting them
go into a black hole, esp. if you have to then waste processing power
running them through spam & virus filters.

> I presume spam's actual cost to the system is kept at a minimum
> because email generally has lowest priority. While spam is a big
> load, giving priority to web pages must greatly diminish its burden.

Unfortunately, spam's cost to the system is quite high. We've recently
upgraded our mail server yet again because while the processors were
keeping up reasonably to the load, the disks were getting entirely
trashed. The new server is actually significantly faster and gets
through the spam _far_ faster.

Most people that run their own mail servers at this point have to run
them on a dedicated server as the spam load is high. And there's a
fair amount of tuning as well to get the amount of spam down to still
unreasonable, but at least manageable, levels.

For every message that comes in I make sure the sending server is not
in an RBL (Real Time Blacklist; I mostly rely on zen.spamhaus.org),
make sure the recipient is valid, make sure it's not a server
masquerading as one of my mail servers, and make sure it isn't
blatantly faking it's own host name or sending address. All that is
before it even hits the spam and virus filters. I quarantine all email
w/viruses, but merely mark messages that are spam and deliver them.

As a Mac OS X-based company, Mail.app does a decent job filtering junk
into the junk folder most of the time and anything I flag as spam goes
directly there. However, we also have nightly spam training scripts
running, so we request that employees redirect some of their spam that
didn't get flagged by the server to a special address so the server
try to learn it.

All in all, it's an intensive process and we probably only strip out
1/3 of the spam upfront, then another 1/3 probably gets flagged as
spam (let's face it, training the mail server is an understandably low
priority for most users), leaving still more that employees have to
deal with. Not only that, but every time spammers learn a new trick or
are trying to feed a ton of bogus spam signatures into your database,
you get a complete barrage of spam that lasts weeks and annoys
everyone.

> It seems if server admins care so little about spam it's not that big an issue.

I think most server admins care so we'll do as much is possible in the
time we have, but it never seems to be enough in the end.

>>overall it means more mail in the Internet
>
> I'm now pleased I've been lazy and have only changed an address once,
> and more because I wanted a different handle. In meantime I
> discovered I can manage spam easily and best by having it all
> delivered to Eudora mailbox requiring just a few steps to delete 'em
> all.

I've switched to Gmail for all my personal mail accounts so that (1) I
don't have to manage yet another mail server (at least, at this time)
and (2) the web interface makes training and deleting spam quick and
easy. It's still an unreasonable load because I too haven't changed my
email address in a long time, but it's doable.

Morgan Aldridge

---
morgant@makkintosshu.com
http://www.makkintosshu.com/
==================================================================== 
The NewtonTalk Mailing List - http://www.newtontalk.net/
The Official Newton FAQ     - http://www.splorp.com/newton/faq/
The Newton Glossary         - http://www.splorp.com/newton/glossary/
WikiWikiNewt                - http://tools.unna.org/wikiwikinewt/
====================================================================
Received on Wed Jul 22 07:51:30 2009

This archive was generated by hypermail 2.1.8 : Wed Jul 22 2009 - 09:30:00 EDT