Spam is occupying more than its customary share of my attention in recent weeks. I’ve long had a morbid fascination with sleazy human communication (hence Purportal.com). That makes the always-relentless stream of spam, though not exactly welcome, at least interesting.
Spam volume also seems to have increased during this period. The number of spam attempts my mail server rejects per day had been steady at around 3,000 for months. Now it’s back up around 5,000 or 6,000.
Among the many anti-spam measures on my mail server – which help me reject 5000 spam attempts per day – is SPF. SPF allows domain name owners to specify which mail servers are allowed to send its mail. That makes it an excellent way to detect address forgeries, a favorite spammer tool.
One of the early questions raised about SPF was: won’t spammers just buy their own domains and set up their own SPF records that say it’s all OK? You can read the answer in the SPF FAQ, but the short version is: Yes, they will, but it won’t give them a free pass.
I run my own mail server. I don’t consider myself an especially skilled administrator, so I shouldn’t point fingers. However, in recent weeks I’ve had the following experience more than once.
Argh! Nothing spoils the catharsis of a good complaint like a bounce.
Since January 12th:
I don’t have a number for false positives, but given that I’ve received zero email complaints I’ll assume the number is low if not zero. This gives Akismet about a 98% success rate on catching spam, which is pretty good. It makes my life better. Having more spam comments than real comments get through the gates can be really depressing for a blog owner.
Damned spammers. Looks like a big batch of drug-spam just went out with my personal email forged as the sender. The number of backscatter messages I’ve gotten today exceeds the number of spams that usually make it through to me in a week. Why? Because my anti-spam measures are mostly about blocking messages from “bad” mail servers, and backscatter comes from “good” mail servers.
I’m laying a lot of ironic emphasis on those quotes around “good” because I shouldn’t be getting those backscatter messages at all. They piss me off – at the spammers, of course, but also at the people who run the mail servers which are helpfully “returning” mail to me that I did not send. In a more idealistic time I might have suggested that they could have avoided this by using SPF (which is true), but this is an even more basic competence issue. To quote from the above linked page:
Other than using Akismet, the anti-comment-spam measures I have in place here are pretty primitive. I block some common patterns and blacklist some IPs. (I don’t have plans to make it any more sophisticated since I’ve told myself any new blog engineering effort needs to go to the new Django-based version, not the old PHP5 one.)
I was looking at server logs this week and noticed an unusual number of POST requests, then realized that they were foiled comment-spam attempts. I counted them up:
One of my neglected side projects, purportal.com, features a “Scammy spam library” where I share the text of scam emails I’ve been collecting. Today it reached the 1000-specimen milestone, so I wrote a little script to count word frequencies. The raw list reads like some of the less coherent messages itself:
account email our please ebay me paypal information bank any address through contact security am money funds us million…
I posted a bit more on the purportal.com news page.