Tag Archives: spam

Pi-Hole

In honor of Pi Day, I built and deployed a Pi-Hole server.

Pi Hole is software that acts as a caching DNS server and ad-blocker, by black-holing known advertising sources at the DNS layer.

You can obtain Pi Hole at https://pi-hole.net/

As the name suggests, it is optimized to run on a Raspberry Pi. I’m running it on a Pi B that was otherwise unoccupied.

It’s been running for a couple of days now, and tells me that it is stopping around 25% of traffic. And because it stops the traffic before the browser even connects to the server, that means that it is making my network faster as a result.

It took me very little time to get running, following the instructions on the website. Indeed, the longest part of the entire process was the initial Raspberry Pi operating system installation. The actual Pi Hole installation took maybe 10 minutes.

So far there has been no negative impact that I’ve noticed – no false positives, no pages I couldn’t get to that I wanted.

Recommended. Give it a try if you have a Raspberry Pi that has been sitting around since Christmas and you’re not sure what to do with it.

Preying on the innocent

In the day of elaborately designed phishing messages that genuinely appear to be from my bank, it’s almost refreshing to see spam like the following, which is so naive it’s almost endearing:

DEAR : WEBMAIL USER .

YOU ARE RECEIVING THIS EMAIL BECAUSE WE ARE ABOUT TO CARRYOUT SOME MAINTANANCE ON ALL OUR EMAIL CLIENTS ACCOUNT BECAUSE WE HAVE DETECTED SOME TROJAN VIRUSES WHICH IS ABOUT TO SPREAD AND ATTACK ALL OUR EMAIL USERS MAILBOX.
SO AS FOR YOUR ACCOUNT TO REMAIN SAFE, YOU ARE REQUIRED EMAIL US YOUR USERNAME AND PASSWORD TO THIS EMAIL ADDRESS : jenni2nicess@yahoo.com . FOR US TO PROTECT YOUR ACCOUNT FROM BEEN CLOSED AND YOUR MESSAGES IN YOUR MAILBOX WILL STILL BE INTACT .
UPON RECEIPT OF THIS NOTIFICATION , YOU ARE TO RESPOND WITH YOUR USERNAME AND PASSWORD WITHIN THE NEXT 48HRS .

MERRY XMAS IN ADVANCE TO ALL OUR EMAIL CLIENTS .

What’s distressing about it, though, is that there are people out there who are actually stupid (or trusting) enough that they will send their username and password to jenni2nicess.

No Spam

Yesterday I switched email for my primary domain over to GMail. I have a dozen email addresses and a few distribution lists, and I moved about a half million email messages over to my GMail folders.

It’s probably too early to sing its praises, since it’s only been 12 hours, but …

This morning, it was eerily quiet in my inbox. No strident calls to buy a genuine fake Roles, or increase the size and strength of various body parts. No encouragement to get my website to the top of the search results, or make a million dollars by helping out a long-lost relative in Uzbekistan.

It was rather like walking down the main street in a big city, but not being jostled by grubby passers-by, and not hearing the sound of cars, gunshots, hawkers, screaming children, barking dogs, or howling sirens, but being able to hear the polite, soft-spoken conversation of the well-dressed gentleman walking beside you.

I looked over in the Spam folder, and all the noise was there, where it should be, but as far as I could tell, none of the polite conversation had made it over there by mistake.

I think I’m going to like it here.

Gmail for RCBowen.com

I just flipped the switch, and pointed the MX records for RCBowen.com at GMail. I’ve been running my own mail server for about 15 years now, and this is the first time I’ve trusted anybody else to handle @rcbowen.com email. We’ll see how it goes. I sincerely hope that the outcome is less spam.

By far the most painful part of the process was migrating a half-million email messages from my IMAP server over to Google, and trying to get all the same folders and filtering rules set up. But, in the process, I deleted probably another quarter of a million email messages. Ye gods I have a lot of email.

And, yet, after all that, I’m only using 5% of my capacity on GMail.

Spam Bait

Fitz notes that his email address appears 960 places on the web. I’m at 2630. This is one of the reasons that I’ll very soon (hopefully tomorrow) switch my primary domain over to the Google for Domains service (or whatever they’re calling it now), so that I can get out of the spam fighting business. I’ve spent an inordinate amount of time over the last 12 years or so trying to figure out how to get less spam to hit my inbox, and I’m all done. Google’s got folks who do that full time, and, while I can’t figure out why they would provide this to me for free, I’m perfectly willing to let them.

Greylisting – the results


And, here’s the results. You can, I’m sure, immediately pick out the point where I turned on the greylisting service. It’s not a complete solution – I still get some spam – but you can see from the graph that I’m getting around 1/3 as much inbound mail as I was getting before.

It’s even more pronounced if you look at the month view

Notice that it affects the sent, as well as received, because so much of my outbound email was reject and bounce messages.

Greylisting

For quite some time, I’ve wanted to implement greylisting on my mail servers. But, to be honest, every time I looked at the greylisting howtos, they just made me feel stupid. Rather than telling me what to do to implement greylisting, they’d discuss the benefits of greylisting, and link to three other tutorials that did much the same thing. Some of them would partially describe an implementation, and leave the actual details to you, or perhaps reference a Perl script that may or may not be included in your particular MTA, and here’s a partial copy of it which may or may not work.

So, every time I tried to implement it, I ended up giving up in disgust.

I’ve just discovered Greyfix, which is a greylisting policy daemon that gets enabled by adding a line to main.cf, and one to master.cf. It took me 5 minutes to download, compile, and enable, and I have received TWO pieces of spam since I enabled it, while still receiving all of my regular email that I expected to receive. It is, by far, the most effective spam prevention measure I have ever implemented, bar none.

The basic premise of greylisting is that when someone sends you email, rather than accepting it, you say “why don’t you try that again a little later, ok?” If it’s a spammer, they’re trying to deliver millions of messages a minute, and the don’t have time to come back and try later. If it’s legitimate email, it gets put in the queue, and redelivered later. So it’s delayed a little, no big deal. If it’s someone that sends you a lot of email, then once they’ve successfully delivered something, they get put on the approved list, and don’t have to wait the next time. The consequence is that almost all spam gets dropped as undeliverable, and everything that came from an actual mail server gets delivered.

A very simple concept, and it’s always frustrated me that it was so difficult to actually implement. Turns out I was just looking at the wrong implementation.

RBLs

This morning I discovered that most of the email that I’ve been sending from the conference has been /dev/null-ed because I’m coming from t-mobile, which is apparently blacklisted. Great.

Blacklisting

For years, I’ve been opposed to email black lists. I think that they unfairly penalize folks who happen to be on the same ISP as soulless spammers. However, this morning, I finally broke down and put blacklist restrictions on my mail servers.

Today I have received perhaps a dozen spam messages, as compared to the 500-600 on a normal day, while at the same time still receiving the normal volume of valid email.

So, I guess consider me a reluctant convert to DNS BLs.

Pornography in spam

Over the last few months, I have increasingly received pornographic images in spam. Various attempts at spam filtering have failed, and now I’m getting several dozen every day. The email in question is usually advertising genital enhancement concoctions, although occasionally it’s for either pornography sites or dating sites. Once or twice it is for prostitutes. Yes, I’m receiving email for prostitute services.

It has reached the point where I simply cannot check my email if my daughter is around.

I imagine that my various attempts to express how angry spammers make me have all fallen rather short. I spend hundreds of hours a year combating their efforts. Large businesses spend billions of dollars a year combating their efforts, and appear to consider it a legitimate business expense.

Additionally, I spend several minutes every day deleting spam comments from my various websites.

It stands to reason that there are people out there who purchase the advertised products, buy the advertised stocks, or buy memberships on the advertised websites. It strikes me as exceedingly unlikely that there are a sufficient number of idiots in the world to support the huge bulk of businesses that employ this marketing strategy, but I guess there must be, or they wouldn’t keep doing it.

When an activity that is clearly, at least to me, criminal, consumes hours of my time, every week, I’m forced to wonder where “online” law enforcement is spending their time. Then, I read the news, and am reminded that we’re spending trillions of dollars helping the music industry make more money.

I honestly can’t figure out why we’d be willing to devote the force of online law enforcement to tracking down who is downloading a particular music file, and yet are incapable of locating, and incarcerating, the scum who are costing EVERY SINGLE BUSINESS IN THE WORLD a significant part of their IT budget. Surely that’s a large enough lobbying group? Why do we just put up with this as though it is an ordinary part of the cost of doing business?