[MLB-WIRELESS] Email address format of online mail archives

Craig Sanders cas at taz.net.au
Wed Oct 17 15:42:47 EST 2007 

On Wed, Oct 17, 2007 at 01:24:23PM +1000, Rowan 2008 wrote:
> 
> On Wed, 17 Oct 2007, Craig Sanders wrote:
> 
> > hiding your address doesn't work.  good spam-filtering can work.
> 
> I'm working in the opposite direction to you, I think that prevention is 
> better than cure. 

i agree with that.

i don't agree that hiding your address is ANY form of prevention, let alone
*effective* prevention.

and to me, blocking spam *IS* prevention. pressing the delete key is
mere cure.

but the best prevention would be a Dead-or-if-you-really-must-then-Alive
bounty on spammers, globally.  i wish.


> Rather than try to block spam (and probably a handful of false        

if you don't want spam, you have no choice but to try to block it.

fortunately, good spam filters can be very effective.

> positives) I decided to avoid getting myself "indexed" in the first   
> place.                                                                

can't be done.

if you have an email address, it WILL get on spam lists, and you WILL get
spammed.

even if you never use it. even if it's not in anyone's address book or
on any web page or anywhere else.

and the closer the localpart of your address is to a real name or an
existing localpart in the spammers lists, the sooner it will get spammed
(spammers make up bogus addresses by the millions by combining known
localparts with domain names).

check your mail logs, you'll see thousands of rejected spams for
addresses that have never existed on your server, but which seem
"reasonable" as usernames.  and thousands more which look like
Message-IDs, too.


> I retired my 10 year old address in 2006 (which is still littered     
> all over the web), and since then I've actually had some success      
> with the (unfiltered) username+currentyear format that I'm using to   
> write this msg - I receive roughly 30-40 spams per day to my 2006 and 
> 2007 variations (which include a bunch of admin addresses on various  
> domains), so it was                                                   

i've been using the same address for over a decade and can't remember
the last time i got a spam in my inbox folder. months ago, at least.
the occasional spam gets through my filters into a mailing list folder.
99+% of all spam gets blocked by postfix, amavisd, and spamassassin.

btw, you obviously still need to keep the 2006 and 2007 versions (and
presumably earlier variations) - so you're still getting spam for
them...so what actual benefit do you get from changing your address?


my work email address, however, where i have no control over the spam
filtering (aside from client-side filtering in thunderbird) gets several
dozen spams per day, and started getting them the same week the account
was created - and it never existed before i started work there in feb
this year.


> disappointing to see the 2008 variation receiving spam so soon after I 
> started using it.

inevitable. dont waste your time caring about it. instead, spend your
time doing something that can and will make a difference - beefing up
your spam filters.

of course, it's your system and your mailbox, so what you do with it is
your choice. i'm just pointing out that there are better and far more
effective things to do than to worry about your address being (in clear
or with varying degrees of munging) on web archives or not.




> I've also set up a simple script that blocks IPs that attempt to deliver 
> to unknown email addresses for 24 hours - most of them have words such as 
> dialup, pool, adsl etc in their hostnames so it's likely they're botnet 
> zombies. 

yep, i've done stuff like that. using a few good RBLs and especially
DULs works better. postfix's tarpitting (deliberate and increasing
delays in the SMTP session after multiple rejects) also helps.



> Sounds a bit like closing the gate after the horse has bolted, 
> but it's more like closing the gate after the first horse of 10 has made 
> it out. :) As a bonus it fairly quickly blocks a dictionary attack. The 
> block list usually floats around 1500-2000 IPs.

no, it's actually a reasonably effective technique. the "price" is a
small risk of self-inflicting a denial-of-service on your own machine
due to spoofed IP addresses....and you end up with enormous firewall
rulesets.

> If I can figure out how, my next step will be to generate a unique
> email address for each outbound message, with a whitelist for certain
> domains such as wireless.org.au which will only accept a static
> address.

there's existing software around to do that (for *nix, at least). can't
remember any program names at the moment, but i know of people who use
that kind of software and think it's good.

personally, i think it's too much hassle and more likely to cause
problems for legitimate mail than spam-filtering because it confuses
non-geeks. plus, i think it's giving in to spammers - this is MY email
address and i'll use it, i WON'T be forced to abandon it by spamming
scumbags.



craig

-- 
craig sanders <cas at taz.net.au>

America ... just a nation of two hundred million used car salesman
with all the money we need to buy guns and no qualms about killing
anybody else in the world who tries to make us uncomfortable.
		-- Hunter S. Thompson, "Fear and Loathing on the Campaign Trail"

More information about the Melbwireless mailing list