Duster,

On your site I saw that you block spam. What are you using to do this and where can I get it?

------------------
Mike Astin
WebAuthorities
http://www.webauthorities.com
http://www.resellerinfo.com - A free reseller information site (coming soon!)

There are several steps in blocking spam from arriving at your server or passing through. An important step is to make sure relaying is closed. Otherwise, it leaves your server open to relay rape. There are steps along with that, like POP authentication before SMTP. With sendmail 8.9.3, closed relays finally became the default. Now, if all those servers in China, Japan and Korea would close their relays (along with any others anywhere), spammers would have to come out into the open.

With sendmail, entering domains, or individual addresses to be blocked, in the access file (and generating the access.db file) can block them also. That same file can allow IP addresses to relay, reject spam, or give them a 550 message, and you can specify the message (like "we do not accept spam here").

There are other tips, like not accepting any address @yourdomain. Some spammers make up addresses and sent to a list of domains (like "buyer@yourdomain.com")

There are two MAPS services most hosts should find helpful in blocking spam. RSS (Relay Spam Stopper) blocks spam from the open relays in the MAPS list. DUL blocks spam from dial up accounts. Neither of these is likely to block legitimate e-mail.

Their one controversial service is RBL, and enough has been said on that here already.

There are also tips that can prevent one's address from being harvested from web sites. As with many things, prevention is best. I'll e-mail you with one tip. I know spammers have tried harvesting addresses from my diving site from some of the spam I got in my drop box. I added another twist that really messes them up. Heh heh heh

Oh, and there's the "poison" script. When they scan your server, it generates a huge amount of false e-mail addresses and can confound their spambots. Hehe heheh heheh

Squashing slugs can be fun and revenge is a dish best served cold. hee hee hee hee


[This message has been edited by Duster (edited 08-04-2000).]

MikeA,

It looks like you are with Alabanza correct? If so then a way to prevent spam, yet still give your users the choice on what they want to receive and what they do not is to provide sample procmail entries to block mail based upon subject, from, to, ect. Procmail is very powerful and in my opinion, would be a lot better then you or someone else deciding what email your users can receive.

Scott

Mike,

There is another measure that can be taken. Remember that with spam, as with many things, an ounce of prevention is worth a pound of cure.

You can deny access to your site by any spam site, or spam friendly site, listed on the MAPS RBL, by using the mod_access_rbl module as a superset replacement for mod_access That can help prevent spammers from harvesting addresses from your site (or server) by denying them access altogether.
http://www.blars.org/mod_access_rbl.html

I respect the right of anyone not to use tools such as the MAPS RBL. MAPS does warn of the consequences. It also works with nominees to the RBL to get them to make changes. Even big outfits like AOL, which itself blocks a lot of spam, have been in the RBL a couple of times. Essentially, all it takes to be removed from the RBL is to respect the rights of others as indicated by compliance with procedures that reflect it.

However, you have some companies, like Yesmail and Harris Interactive, who spam and do not wish to stop, who look at the RBL as interfering with their trade. MAPS believes that any transmission of e-mail should be mutually consentual. Spammers do not, they wish to impose themselves on others, overriding their rights.

What I don't respect are those who feel that because they may want to receive e-mail from spammers, that no one else has the right to block spam. They argue about the right to choose, yet would deny that right to others, including the 40% of ISPs that use RBL.

Those people are part of the spam problem. They are spam sympathizers, despite any protestations to the contrary. In psychology, in abuse situations, the term used is enablers. These people are spam enablers.

I know you read the section of my site that mentions it, so you know there are simple ways for them to receive their spam that do not interfere with the rights of those who do not wish to receive it. However, for them to say that we should all have to put up with spam because it may be inconvenient for them not being able to receive spam is downright selfish. It becomes hypocritical when they talk about the right to choose.

A big part of what makes RBL (and there are others like ORBS' own list) work is peer pressure. The more ISPs and other servers that use RBL, the greater the pressure on companies like Yesmail and Harris to stop spamming, to use only the confirmed opt in list, and to be ethical.

Aside from the fact that the Harris suit seems to be more about competition with a marketing firm AOL owns, if a higher percentage of ISPs used RBL (MAPS, ORBS, and others), say 80 or 90%, we might not see any suits at all. Semi-legitimate companies like Yesmail and Harris would stop spamming period. They would use the confirmed opt in method or be inaccessible to all but 10 or 20% of servers.

When it comes to ISPs and spam, you're either part of the problem or part of the solution. There is no middle ground. If you have an open relay, you are accomodating spammers. If you are making excuses for spammers and would deny the rights of those who wish to receive only mutually consentual mail, you are a big part of the problem.

Used appropriately, peer pressure can work wonders.

Incidentally, before I moved to my own server, I found my IP address was in the RBL, not specifically, but as part of a block of addresses at media3.net (my last host). Apparently, another domain they host had spammed, Media 3 took no actions to prevent it again, and their block of addresses were RBLd. It was a simple and fast thing for my IP address to get off the list.

So, I say all the above with a bit more practical experience than most here. I didn't whine and complain (as I've seen some in nanae do), I took action. MAPS handled it rather expediently and I have no complaints, even though I was one of those corollary victims they refer to.


[This message has been edited by Duster (edited 08-05-2000).]

I feel compelled to share my exhultation. Tomorrow will be a week since I enabled MAPS features to block spam. Since then, I have gotten zero spam, not a single piece. You probably can't imagine how delighted I am. It feels GREAT!

I know from experience that the bulk of the spam I would receive was sent through open relays (relay rape), so the MAPS RSS and DUL are blocking all of it, which accounts for most of the spam I used to get.

A very few spammers spam from their own servers, and their entries in my access.db (in sendmail) ensure their messages about porn sites, spamware and similar messages don't even make it to deaf ears (or blind eyes), much less fall on them. The MAPS RBL performs the same function for all the other spam havens I am unaware of.

Sunday night was a time I could always count on getting spam before, but this past Sunday was uneventful and I look forward to many more days just like it.

It feels so GREAT to be spam free!

Anyone with their own server could achieve similar reductions, even without the use of any RBL. Just the use of RSS and DUL will block almost all spam with nary a fear that legitimate e-mail will be impaired in any way. For those out in the open, direct spammers, adding them to access.db (or the equivalent for other mail transport programs) can give you your own personalized RBL type list.

You can can that spam!

[This message has been edited by Duster (edited 08-08-2000).]

Sure you're not a salesman under that scuba gear? :)

------------------
Annette
Hosting Matters, Inc.
http://www.hostmatters.com

Nope, just sharing information and experiences, helping others stamp out the sourge of the Internet. Besides, it is hard to sell a free service. Not impossible, just hard.

A good salesman can sell a refrigerator to Eskimos. A great salesman will also sell them an ice maker!

Besides, the only bubbles I blow are in the water (including in the bathtub if I've had too many beans). :-D

Among divers, blowing bubbles (in a certain context, like topside) is a term analogous to blowing smoke (or spreading manure). But of course, you know that. ;-)

[This message has been edited by Duster (edited 08-08-2000).]