About Archive Tags RSS Feed

 

Some domains just don't learn

5 February 2012 21:50

For the past few years the anti-spam system I run has been based on a simplified version of something I previously ran commercially.

Although the code is similar in intent there were both explicit feature removals, and simplifications made.

Last month I re-implimented domain-blacklisting - because a single company keeps ignoring requests to remove me.

So LinkedIn.com if you're reading this:

  • I've never had an account on your servers.
  • I find your junk mail annoying.
  • I suspect I'll join your site/service when hell freezes over.

I've also implemented TLD-blacklisting which has been useful.

TLD-blacklisting in my world is not about blocking mail from foo@bar.ph (whether in the envelope sender, or the from: header), instead it is about matching the reverse DNS of the connecting client.

If I recieve a connection from 1.2.3.4 and the reverse DNS of that IP address matches, say, /\.sa$/i then I default to denying it.

My real list is longer, and handled via files:

steve@steve:~$ ls /srv/_global_/blacklisted/tld/ -C
ar  br  cn  eg  hr  in  kr  lv  mn  np  ph  ro  sg  tg  ua  ve  zw
aw  cc  cy  gm  hu  is  kz  ma  my  nu  pk  rs  sk  th  ug  vn
be  ch  cz  gr  id  it  lk  md  mz  nz  pl  ru  su  tr  uy  ws
bg  cl  ec  hk  il  ke  lt  mk  no  om  pt  sa  sy  tw  uz  za

On average I'm rejecting about 2500 messagse a day at SMTP-time, and 30 messages, or so, hit my SPAM folder after being filtered with CRM114 after being accepted for delivery. (They are largely from @hotmail and @yahoo, along with random compromised machines. The amount of times I see a single mail from a host with RDNS mysql.example.org is staggering.).

(Still looking forward to the development of Haraka, a node.js version of qpsmtpd.)

ObQuote: "Mr. Mystery Guest? Are you still there? " - Die Hard

| 8 comments

 

Comments on this entry

icon Steve Kemp at 22:40 on 5 February 2012
http://steve.org.uk/

I do not, I've not yet done anything other than toy with it.

I suggest you look at the open issue list, and have a play yourself ..

icon Philipp Kern at 22:08 on 5 February 2012
http://debblog.philkern.de

Do you happen to know if there's something crucial still missing from Haraka? Just wondering because it looks pretty interesting to me.

icon Phil at 23:40 on 5 February 2012

Any particular reason why you've chosen to use our country code in your example: foo@bar.ph? (Most would probably go with .org as in the canonical "example.org".)

icon Steve Kemp at 23:41 on 5 February 2012
http://steve.org.uk/

Sadly that was the TLD I most-recently blocked.


icon Anonymous at 18:26 on 6 February 2012

Note that many messages purportedly from LinkedIn in fact represent spam using LinkedIn's name to get people to look at it. I get a pile of such spam myself; I can readily identify it because even though I have a LinkedIn account, most of the spam goes to an email address not associated with that account.

icon Steve Kemp at 19:00 on 6 February 2012
http://steve.org.uk/

Indeed that is true, much like the phishing scams I get relating to facebook, paypal, and similar.

But it has to be said that LinkedIn are just appalling with their own mail - even if we exclude the phishing for which they cannot be blamed.

icon Ernie at 19:53 on 6 February 2012

Well I'm glad that blacklisting whole countries works for you. It just demonstrates that you don't run a real mail server though.

I run a mail server for an ISP, and our customer base includes a significant number of people who speak English with an accent (ballpark is about 40%). I'm sure you could understand from that alone that perhaps rejecting mail from the entirety of oh, China, might make a few people unhappy.

So unless the only reason you're running your own mail server is just to tinker with it for fun, this advice is Not Applicable. Otherwise, you should just move your mail server management to Google and be done with it. Most small-medium sized businesses large enough to have a systems administrator have already done this because managing your own mail server is a royal pain that isn't worth the effort.

icon Steve Kemp at 19:56 on 6 February 2012
http://steve.org.uk/

This is indeed for my own personal mail-server. We could argue about time and cost tradeoffs for a long time - but ultimately each company has to make their own decisions:

  • The admin overhead involved in keeping mail, filtering, and so on working.
  • The potential privacy and availability concerns about having such a crucial resource being out of your direct control.

Ultimately many businesses are local in nature, and on that basis blacklisting foreign countries might possibly result in a loss or two, but will definitely reduce the influx of spam.

People in foreign countries may still email me - but not via their home links. If they have an ISP, or mail provider which doesn't have a country-specific TLD then all will be well.