[H-GEN] Stopping spam

Russell Stuart russell-humbug at stuart.id.au
Wed Mar 30 23:52:45 EST 2005


I got an internal complaint about SPAM, so I did a quick check
of how I was doing.   We received approx 15,000 external emails
this month at the server I was looking at, and about 1/2 were
rejected at SMTP time).  Most of these will be spam.  Some will
be viruses.

Here is why there those 7500 emails were rejected:

  Messages
  Bounced   Reason given to remote server.
  =======   ==================================================
   2440     According to domain.com's SPF records 24.203.35.8 
            is not allowed to send mail on its behalf.

   1897     Emails from Yahoo accounts must be sent by Yahoo's
            servers.

   1623     SMTP protocol violation. [Eg: not waiting for 2xx
            response before sending next request.]

    684     No such user.

    550     Emails without a Message-ID: header are not accepted
            here (cf RFC 2822, section 3.6.4).

    224     You are not me.  [Ie: their HELO said they were me!]

    153     Emails without a Date: header are not accepted here
            (cf RFC 2822, section 3.6).

     60     Unrouteable return address.

     36     Relaying not permitted.

     15     .some-extension files are not accepted here.  Please
            rename and re-send.

A couple of points:

a.  To ensure I don't loose email, all email is either delivered
    to all recipients, or rejected at SMTP time.  The only 
    exception to this is viruses where a virus notification is 
    sent to the recipients, and the original email is filed
    away somewhere safe.  In particular I have found spam filters
    such as spamassassin and virus scanners to be too unreliable,
    too slow and too  buggy to use at SMTP time.  This limits to
    some extent what I can do to filter spam.

b.  A couple of months ago most spam had a hotmail senders address.
    Now yahoo seems to be the favourite.  This change appeared to
    start when hotmail implemented SPF.  

c.  Yahoo doesn't implement SPF.  It was worth my while to put in a
    manual check that emulated SPF for Yahoo.  Between them, SPF
    and this manual check catch over 1/2 the spam.

d.  With the exception of Message-ID, all checks are because the
    sender violated some published standard or policy - be it SPF,
    an RFC, bad MX records, or whatever.

c.  The only check here that causes me grief (as in complaints
    about email not getting through) is insisting on a Message-ID.
    Yes - I know the rule violates the 2822, but it does catch
    a fair number of messages.  qmail and Outlook seem to be the
    principal culprits here.

d.  It appears that about 15% of the message that get through these
    filters are spam.







More information about the General mailing list