[click banner for mousetrap cars, parts, and information]


Online Coloring Books
spam wars
Contact me
Ph.D.
PGP
Press Room
Resume
Vitae
I recommend
motd
Home
About mouse

Team Mousetrap runs Debian Linux boxen. Power to the people.

If your legitimate mail was rejected by my servers, let me apologize in advance. It's a relatively rare occurrence. You will be able to contact me by sending mail to spamless at mousetrap dot net.

spam blocking

mousetrap.net uses these techniques to block spam:

  1. DNSBLs (DNS-based Blacklists, sometimes called RBLs or ORBS generically) help reject mail from IPs verified to generate or relay spam.
  2. blocking SMTP from dialup/DSL lines, as these are often unsecure and used directly or indirectly by spammers. If you are legitimately running email from your dialup/cable/dsl, please consider using your ISP's SMTP server to handle your outgoing mail.
  3. blocking all mail from .cn, .kr, .tw, .sg, etc. No one here on mousetrap.net does business with those areas and HUGE amounts of spam is generated from Asia and the Pacific rim. Blocking the .cn domain may be the single most effective and simplest method for reducing spam.
  4. blocking known spammers, spam havens, etc. The detailed list is here.

Report of recently rejected mail connections.

Why mousetrap.net blocks spammers

  1. because I have to pay for bandwidth by the GB out of my own pocket. This means I am paying to have spam delivered to me.
  2. because spam sucks.
  3. because spam uses my system resources (CPU, disc, etc).
  4. because spam sucks.
  5. because I don't want porn spam in my daughter's mailbox.
  6. because spam sucks.

How spamming works

Spammers work in several ways:
  1. from a spam-friendly ISP. This is good for spamblockers because it is easy to block their entire IP range. :-)
  2. by hijacking open relays. Open relays are mail servers that are unsecured and allow anyone to ram mail through them. The .kr (Korea) and .cn (China) domains are infamous for open relays, although it's not clear why this is so.
  3. by hijacking cgi form parsers and other mail-generating tools. Matt's FormMail is probably the most abused parser. Hijacking a parser is relatively inefficient for the spammer, as it takes much longer and has lower throughput.
  4. from a disposable dial-up account. The spammer uses custom spamming software to directly deliver spam from their throwaway account. When the ISP cuts them off they get another account and do it again.

How an RBL/DNSBL works

DNSBLs keep track of IPs that generate spam and keep them in a database. When a DNSBL-allied mailserver receives an incoming mail connection, it checks with the DNSBL to see if the IP is a known spamming IP. If so, the connection is rejected with a lovenote directing the sender to the DNSBL site for IP-specific reasoning for the rejection, and help for the admin to tighten up his security.

The admin can fix his server, and submit his info to the DNSRBL. The server will be re-tested and dropped from the blacklist if the server stops relaying spam.

How an RBL/DNSBL fails

If an ISP has an open relay and gets listed, the legitimate users of that mail server (if any) find their email is collateral damage. This is unpleasant in the short run (because their mail bounces) but good in the long run as the legit users put pressure on their ISP to tighten security on the mailserver.

More info

Many admins love DNSRBLs, crediting them for a massive decrease in spam on their servers. Others see blacklist maintainers as lynch mobs, vigilantes, etc. I suggest you do your own reading/thinking before rolling out an RBL on your own server. Here are some links:

spamassassin

All mousetrap.net mail that makes it past the RBL will be scored by spamassassin. Mail that appears to be spam (ie, spam score of 5.0 or above) will be tagged "SPAM" in the subject line. It is up to the user to filter in their mail client, or using procmail or other method.


jason carr -
© 1994-2005 jason carr.
distributed under the terms of the GNU Free Documentation License.