Protected By Wpoison

Why and how I defend myself against spam


“To be, or not to be, that is the question.” — W.Shakespeare

In case you hadn't noticed I am virulently anti-spam; for example, the only reason that I didn't beat the living shit out of a self-confessed spammer (it was boasting at a lunch break about how much money it was making) was because the instructor running the Senior First Aid course at the time was the girlfriend of a mate of mine, and I didn't want to cause “An Incident”™; I waited until the course was over, but by then it had scuttled off to wherever cockroaches go whenever the light is shone upon them. I'll get you next time, sunshine…

In the meantime, I have never disguised my email address when sending messages, and I never will, for that is the coward's way out; spammers are the same as cockroaches, and should be treated as such.

As a result I have been the victim of many a spam run over the years, and during that time I have refined my defences; what follows here is a brief overview of them, and what to do should I accidentally nail you.


“Amongst our weaponry are such diverse elements as…” — Monty Python

I employ many defences; they include DNSBLs, DNS checks, RFC compliancy checks, certain header checks, and outright blocks if you've annoyed me sufficiently enough.

For obvious reasons I will not go into these defences in public, but feel free to contact me for advice (details below); please note that I am a happy FreeBSD/Sendmail user, and as a result I cannot provide detailed advice for other systems.

What to do if you have been blocked

“When in danger or in doubt, run in circles, scream and shout.” — Unknown

First, if you have annoyed me in the past, then apart from a suitably grovelling apology — preferably somewhere where I will see it, such as in a public forum — then I'm afraid that there is very little that you can do about it; nothing personal, of course…

On the other hand, if you don't believe that you have annoyed me recently then the blame lies fairly and squarely with your ISP, who could be running defective email software, or were incompetent enough to end up on one or more of the many advisory lists that I use and are too incompetent and/or stupid to get off them, despite my rejection message clearly pointing out the list in question.

Gmail, Hotmail, Yahoo, etc, are particularly egregious in this respect, as these freemail providers simply Do Not Care™ and are free for a reason; I'm afraid that customer service isn't one of them. Remember: you are not their customer, but their product, and your personal data is valuable to them, as are your eyeballs.

Also, posting from a “.biz” address will not exactly get my attention either, and I'd like to thank the spammers who use it; what stupid marketoid (but I repeat myself) though that that would be a good idea? It was actually the first domain that I blocked outright…

There is also the fact that some ISPs refuse Spamcop reports; such sites include “” and “” (what is it with German ISPs, anyway?). Don't feel bad about receiving one of my pointed retorts (I'm getting very good at colloquial German), but find another ISP instead i.e. one that actually cares about its reputation instead of merely washing its lists.

Even more odious are those ISPs with no abuse reporting addresses at all, such as Gmail. They think that they are too big to block, and can therefore shit all over the Internet (AOL thought that, too); they are in for a surprise (and now AOL is — or was — clean).

Another possibility, sadly enough, is that you are to blame, by being silly enough to run a fundamentally insecure computer (such as Microsoft Windows) that you now no longer own; instead, it's owned by criminals who will send vast quantities of dubious (if not outright illegal) material via your computer, leaving you to carry the responsibility for it.

Or perhaps you succumbed to your baser instincts and visited an, ahem, “adult” site, or received an offer of cheap drugs or software, or you really believed that some shyster in Nigeria wanted to give you a squillion dollars in exchange for your banking details, or some tosser in Zimbabwe is dying and needs you to give her wads of cash etc; you get the picture…

Finally, if you really need to contact me and you don't want to get my attention with an off-topic post on the mailing list where you saw me, then you might try my surname at spamcop punctuation net (I'm not disguising it — in fact, I give it to suppliers whom I don't trust — so consider it as a simple IQ test); their filters aren't as ferocious as mine.

That said, I do monitor my email logs with scripts of my own devising (available upon request; SH/AWK/Perl required), and if I notice something rejected that could be legitimate then I may make an exception for that user (and it better not be a VERP address), so please be patient in that case.

What I am doing about the spam problem

“Whatcha gonna do about it, whatcha gonna do?” — 10cc, "Rubber Bullets"

I'm working on a little project which I call the Global Spam Map (GSM for short; yes, I have a warped sense of humour); it purports to identify the sources of spam from all over the world simply by observing their delivery techniques and correlating them, with a view to classifying the spamware used. For obvious reasons I won't go into details here, but I may drop some tantalising hints from time to time.

For example, since the start of October 2014 I've identified at least fourteen twenty shitloads of spamware packages and counting (including variations) and I wasn't even trying hard; I have yet to drill down to the botnet level.

The idea is that eventually I want to be able to say (after running a simple SQL/LDAP query against a back-end) something like “And over here, at these IP addresses, we have what I call the Knock-3-Times spam source, so named because its modus operandi is to try the same group of three addresses from rotating IPs, reporting back to the mother-ship after each failed run.”

But why do they spam?

“What is truth?” — Johnny Cash

I have a few thoughts here; corrections are welcome. Basically it seems to boil down to that they spam for much the same reason that dogs lick their own balls i.e. because they can.

Conclusions or whatever

“It is the evening of the day…” — M.Jagger (sung by M.Faithfull), "As Tears Go By"

Spam is a real problem; if it were not for those gallant souls who risk personal liability and injury (or worse) by running various advisory lists then e-mail would simply not be possible, so until the last cockroach has been stamped out then we will simply have to defend ourselves against them as best we can.

Have a spam-free day! They happen all the time for me now; see my spam graph. The pink line — way down in the noise — is received spam, whilst the red line near the centre are my rejections; the green line represents my “legitimate” email (I'm on lots of mailing lists). Please note the mixed scales; it was the only way to make 'em all fit…

Click here if you're feeling lucky; click here if you are a filthy spammer and wish to be added to my oubliette.

Additions to this screed, especially from the SDLU folks, are welcome.

Wander back here for my home page.

Dave Horsfall DTM (VK2KFU)
Powered by FreeBSD Powered by Apache Powered by VI Made with a Mac
Spam Harvester Protection Network
provided by Unspam