Spam is occupying more than its customary share of my attention in recent weeks. I’ve long had a morbid fascination with sleazy human communication (hence Purportal.com). That makes the always-relentless stream of spam, though not exactly welcome, at least interesting.
Spam volume also seems to have increased during this period. The number of spam attempts my mail server rejects per day had been steady at around 3,000 for months. Now it’s back up around 5,000 or 6,000.
Among the many anti-spam measures on my mail server – which help me reject 5000 spam attempts per day – is SPF. SPF allows domain name owners to specify which mail servers are allowed to send its mail. That makes it an excellent way to detect address forgeries, a favorite spammer tool.
One of the early questions raised about SPF was: won’t spammers just buy their own domains and set up their own SPF records that say it’s all OK?
I run my own mail server. I don’t consider myself an especially skilled administrator, so I shouldn’t point fingers. However, in recent weeks I’ve had the following experience more than once.
A delivery-failure message arrives from an unfamiliar host. The (quoted) orginal message is nothing I ever sent. The recipient is unfamiliar to me. The “sender” of the original message is an email address I control, but not one I ever send mail with.
Since January 12th:
Valid comments accepted by Akismet: 36 Spam comments accepted by Akismet: 17 Spam comments rejected by Akismet: 814 I don’t have a number for false positives, but given that I’ve received zero email complaints I’ll assume the number is low if not zero. This gives Akismet about a 98% success rate on catching spam, which is pretty good. It makes my life better. Having more spam comments than real comments get through the gates can be really depressing for a blog owner.
Damned spammers. Looks like a big batch of drug-spam just went out with my personal email forged as the sender. The number of backscatter messages I’ve gotten today exceeds the number of spams that usually make it through to me in a week. Why? Because my anti-spam measures are mostly about blocking messages from “bad” mail servers, and backscatter comes from “good” mail servers.
I’m laying a lot of ironic emphasis on those quotes around “good” because I shouldn’t be getting those backscatter messages at all.
Other than using Akismet, the anti-comment-spam measures I have in place here are pretty primitive. I block some common patterns and blacklist some IPs. (I don’t have plans to make it any more sophisticated since I’ve told myself any new blog engineering effort needs to go to the new Django-based version, not the old PHP5 one.)
I was looking at server logs this week and noticed an unusual number of POST requests, then realized that they were foiled comment-spam attempts.
One of my neglected side projects, purportal.com, features a “Scammy spam library” where I share the text of scam emails I’ve been collecting. Today it reached the 1000-specimen milestone, so I wrote a little script to count word frequencies. The raw list reads like some of the less coherent messages itself:
account email our please ebay me paypal information bank any address through contact security am money funds us million…