[H-GEN] Stopping spam
Russell Stuart
russell-humbug at stuart.id.au
Wed Mar 30 23:52:45 EST 2005
I got an internal complaint about SPAM, so I did a quick check
of how I was doing. We received approx 15,000 external emails
this month at the server I was looking at, and about 1/2 were
rejected at SMTP time). Most of these will be spam. Some will
be viruses.
Here is why there those 7500 emails were rejected:
Messages
Bounced Reason given to remote server.
======= ==================================================
2440 According to domain.com's SPF records 24.203.35.8
is not allowed to send mail on its behalf.
1897 Emails from Yahoo accounts must be sent by Yahoo's
servers.
1623 SMTP protocol violation. [Eg: not waiting for 2xx
response before sending next request.]
684 No such user.
550 Emails without a Message-ID: header are not accepted
here (cf RFC 2822, section 3.6.4).
224 You are not me. [Ie: their HELO said they were me!]
153 Emails without a Date: header are not accepted here
(cf RFC 2822, section 3.6).
60 Unrouteable return address.
36 Relaying not permitted.
15 .some-extension files are not accepted here. Please
rename and re-send.
A couple of points:
a. To ensure I don't loose email, all email is either delivered
to all recipients, or rejected at SMTP time. The only
exception to this is viruses where a virus notification is
sent to the recipients, and the original email is filed
away somewhere safe. In particular I have found spam filters
such as spamassassin and virus scanners to be too unreliable,
too slow and too buggy to use at SMTP time. This limits to
some extent what I can do to filter spam.
b. A couple of months ago most spam had a hotmail senders address.
Now yahoo seems to be the favourite. This change appeared to
start when hotmail implemented SPF.
c. Yahoo doesn't implement SPF. It was worth my while to put in a
manual check that emulated SPF for Yahoo. Between them, SPF
and this manual check catch over 1/2 the spam.
d. With the exception of Message-ID, all checks are because the
sender violated some published standard or policy - be it SPF,
an RFC, bad MX records, or whatever.
c. The only check here that causes me grief (as in complaints
about email not getting through) is insisting on a Message-ID.
Yes - I know the rule violates the 2822, but it does catch
a fair number of messages. qmail and Outlook seem to be the
principal culprits here.
d. It appears that about 15% of the message that get through these
filters are spam.
More information about the General
mailing list