The Electric Wand

Thoughts of a technology enthusiast.

Drowning in a deluge of spam

Drowning in a deluge of spam

  • Comments 3
  • Likes

I'm sure everyone knows that email spam is a growing problem and that there's not a great deal we can do to stop it entirely - initiatives like SenderID can help reduce the volume an organisation receives, and by using smart sender and recipient filtering* and connection filtering to drop inbound connections from known spammers or IP addresses that have been dynamically assigned, you can reduce things still further.

* The basic problem here is that by definition, mail arriving from the internet is anonymous. If you've ever looked at an SMTP conversation between two servers, you'll see they're just a bunch of clear-text commands, with the sending server saying "Hello", then "I've got mail from <...>" and "it's going to <...>" and followed by the body of the message. There's nothing to stop anyone sending mail "From:" any address they choose... and anti-spoofing/anti-spam technology has to try to play catch up by filtering out the cases which don't look legitimate, as well as by filtering content which appears dodgy.

At Microsoft, for example, our IT group filters any email which is coming from the outside and claiming to be "From:" any @microsoft.com address. The thinking is, there is no valid case where anything will ever traverse the internet legitimately coming from a Microsoft address, and enter the Microsoft network from outside via SMTP. So - if you're a spammer trying to mail into Microsoft and pretending to be Bill, don't bother. Your email will be "dropped on the floor".

My own problem is that I have a personal email address which has been the same for about 13 years, and I was generally very careful about giving it out (registering on websites etc), but in recent years have relaxed my policy since the junk mail filters in Hotmail/MSN/Windows Live are generally pretty good and I got very little spam.

Now, some *&"%#!^ spammer has started spoofing mail from my address, and as a result I get a vast number of Non-Delivery Reports, Out of Office messages or notifications that my message has been junked since it looks too spammy. We're talking anything up to 1,000 messages a day, which Hotmail manages to categorise as unwanted and sticks in my Junk folder, and maybe 50 or 60 that make it through to the inbox.

I'm sorry if you've ever had spam from my address - believe me, I don't want to sell you Meds, offer you cheap replica watches, or present a solution for lengthening any anatomical components. Really, I'm quite happy working in IT.

I can't think of what to do. I really don't want to close the account since it's a very short & sharp email address, and I use it for lots of legitimate non-work related things. I can't stop someone pretending to be me, so I'm destined to be spending ages cleaning up my mailbox every week until the spammer gets bored and picks on some other address to spoof instead.

Unless anyone else knows different? Let me know if you have any suggestions which might stop the spammer and yet not cripple my own email address...

Comments
  • PingBack from http://kajun36.consulting23.info/2007/11/27/drowning-in-a-deluge-of-spam/

  • Hi,

    I guess best practice is to change your mail address. Or you mail to every postmaster you got NDR´s from (wich might be a lot of work) and tell them how to use SPF.

    Walter Steinsdorfer

    MVP Exchange Server

  • I did some quick looking at one time and could not find a way to identify NDR's.

    Seems like there has to be a way though, I am guessing that Microsoft is blocking the NDR's from coming in and filling up bill's mailbox (lot of spam comes saying it is from him). Wonder if any of them would share how/if they handle NDR's?

    One thing I did learn is you don't want to blacklist the server that sent you the NDR, that is probably a legit server and before long your email will drop to nothing since you blocked all the good servers out there!

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment