I installed a challenge-response layer of spam filtering, a rather simple tool, actually, that has greatly reduced the amount of spam I'm receiving.
Active Spam Killer is a deceptively simple concept: people who want to send you mail must confirm that they're trying to send you mail. Considering that 97% of my spam is from forged and/or automated accounts, this means that very few things get through. In fact, in the three weeks since I installed this, I have had three bogus messages.
The first email was one of the penis enlargement scams, but forged so it appeared to be from a domain that I typically trust. I remedied this by putting the word "penis" back into the forbidden word filter. (This means that if you send me mail with the word "penis" in the body, it will silently be deleted before it gets to A.S.K product.) I had taken it out to see how well this would actually filter. I would love to know why the penis enlargement mail is so popular -- clearly someone is making money off it.
The second mail was a spammer who immediately responded from his hotmail account to "opt in." This is easy enough to catch since Spamweasel will tag it, and then I can scan my auto-updated whitelist for new and weird entries
The third was evil -- an extremely well-forged email appearing to be from paypal suggesting that there was some security verification involved. This will fool a lot of people. The two clues that it was a scam: the origination IP address was from an attbi.com account and the link involved use of a redirection engine on paypal.com. The destination? 202.44.12.83, also known as asianet.co.th (thailand).
My web host provider was pretty cool about letting me install python and this filtering. Configuration of the program took about a day to get right, only because I have a really weird, self-inflicted setup.
There are several problems with my use of A.S.K.
Here's a sample of half a day's worth of blocked spams (and these were the ones that didn't immediately generate a bounce message).
The first email was one of the penis enlargement scams, but forged so it appeared to be from a domain that I typically trust. I remedied this by putting the word "penis" back into the forbidden word filter. (This means that if you send me mail with the word "penis" in the body, it will silently be deleted before it gets to A.S.K product.) I had taken it out to see how well this would actually filter. I would love to know why the penis enlargement mail is so popular -- clearly someone is making money off it.
The second mail was a spammer who immediately responded from his hotmail account to "opt in." This is easy enough to catch since Spamweasel will tag it, and then I can scan my auto-updated whitelist for new and weird entries
The third was evil -- an extremely well-forged email appearing to be from paypal suggesting that there was some security verification involved. This will fool a lot of people. The two clues that it was a scam: the origination IP address was from an attbi.com account and the link involved use of a redirection engine on paypal.com. The destination? 202.44.12.83, also known as asianet.co.th (thailand).
My web host provider was pretty cool about letting me install python and this filtering. Configuration of the program took about a day to get right, only because I have a really weird, self-inflicted setup.
There are several problems with my use of A.S.K.
- False-positives. I initially created a whitelist file of everyone I sent my change of address email to, and I've been combing the logs for additional false-positives.
- Dueling auto-responders. If I subscribe to a new service, I'll get a confirmation email to verify I'm a human being. Unless I think about it ahead of time, this triggers an auto response. At some point, someone has to acknowledge the other, lest they both stop talking to each other.
- SpamWeasel still tuned up for aggressive filtering. So when an legitimate email does come through, SpamWeasel will often toss it into the junk bin. It'll take a while to back that off a bit.
After I'm comfortable with this, I'm going to set up server-side blocking of a lot of commonly-spamming countries (mostly Asian, and Brazil).
Here's a sample of half a day's worth of blocked spams (and these were the ones that didn't immediately generate a bounce message).
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | 31 |
.