Spam, spam, lovely spam.

Written by vidarlo on 20080929 in english and rants and security with 2 comments.

I don’t know what struck me, but around noon today spam literaly poured in. I’ve set kmail to check my mail every 10 minutes, which usually means there’s quite a few, but not extreme amounts of spam. However, around noon today, there was ten times(!) as many e-mails waiting for me as normal. Over 2000 of ’em. All of it spam.

Currently I’m hovering at 5.8 spam emails per second, which makes over 500,000 spam emails per day. Quite a number. Most of it is bounces, so it’s pretty trivial to remove with procmail. I’ve added the following to ~/.procmailrc:

LOGFILE=${HOME}/.procmail.log
:0
* ^[Ss]ubject: *[Rr]eturned [Mmail]
/dev/null
:0
* ^[Ss]ubject: *[Dd]elivery
/dev/null
:0
* ^[Ss]ubject: *[Mm]ail [Dd]elivery
/dev/null
:0
* ^[Ss]ubject: *[Uu]ndelivered [Mm]ail
/dev/null

This removes 95% of the messages, back down to the cozy old level of one spam email every third second. But this ain’t a answer as to why this occurs to me. I’m wondering why I see a sudden, extreme influx in spam bounces today.

One possibility that struck me is someone with Outlook, on Windows, who got a virus sending out large amounts of spam to adresses. The fact that a lot of the bounces is from clearly legitimate adresses, including norwegian firms, with out-of-office replies, blocked by <insert vendor here> spam filterâ„¢, Mailbox is full-warnings and such, makes me believe this is a probably source.

I can’t quite understand why a lot of configurations keep sending bounces, especially not spam filtering software. If you suspect something is spam, why reply to it? Why tie up resources? The problem with bounces is that they adhere to the standard, so greylisting is ineffective against them.

So please world, stop using bounces, especially if it’s to acknowledge that a message is blocked by a spam filter. I run spamassasin myself, and has never had a problem with false positives, so I can’t  see why it makes sense to inform the sender of this, since the vast amount of the spam caught will be real spam, and not false positives.

However, a strange thing occured: at 00:00 the spam level dropped. Instantly. To about 0.3 per second, which is quite less resource incentive than 5.8 per second. I have no explanation…

2 Responses to “Spam, spam, lovely spam.

  1. If you have anything whatsoever to do with Telenor’s smtp/pop servers that might be the problem. They admitted serious downtime a while ago due to spam -related issues. – Or the Telenor madness could have driven you by severely, even if you don’t personally use their mail-services.

  2. If you have anything whatsoever to do with Telenor’s smtp/pop servers that might be the problem.

    I doubt it. I think it’s simply the same spam source that hit both of us.