Where Has All My Spam Gone? 597
An anonymous reader writes "I have my own domain, which has its own email server, where I receive all my personal email. I've been getting about 800 emails a day, of which perhaps 20 are real. Suddenly, Sunday or Monday evening, the spam pretty much stopped. My volume of mail has plummeted to less than 100 a day, and as far as I can tell, I'm not missing any real mail — I'm still getting the email list subscriptions I'm expecting, and every time I ask someone to send me a test message, it gets through. My domain host insists that it doesn't do any spam filtering before mail gets to my inbox, and that they've changed nothing about their configuration. I run SpamAssassin on my server to mark, but not delete, spam, and download the whole mess to my home client, and I'm still seeing the occasional message tagged by SpamAssassin. But it's virtually all gone. And I haven't changed anything about my own mail configuration, or the harvestability of my site (my personal email has been harvestable for almost a decade). So what's going on? I can't believe that several major botnets would have vanished overnight. Any ideas?"
Hmm (Score:5, Informative)
*Checks mail logs*
Yeh, you need to ask the ISP again. No sign of slowing here.
Re:Hmm (Score:5, Informative)
Re:Hmm (Score:5, Informative)
Re:Hmm (Score:5, Funny)
Yup, and here; still getting 250 a day+ or so.
Maybe they finally clicked that you've already got a huge penis and legendary bedroom performance?
Re:Hmm (Score:5, Funny)
Re:Hmm (Score:5, Funny)
Ok, Agent Mulder, settle down.
seriously bit more information ? (Score:4, Insightful)
well the first thing that scully would ask is ?
where is the scientific evidence....
so the serious question its nice that your spam level dropped but where/ip was it all coming from in the first place ?
regards
John Jones
http://www.johnjones.me.uk [johnjones.me.uk]
Re:Hmm (Score:4, Informative)
Unfair moderation much? I hope you get metamodded back into positive, because that post is definitely not a troll. :(
Re:Hmm (Score:5, Funny)
Re:Hmm (Score:5, Interesting)
There's something to that, even if the original poster's claim of not having spam anymore is local to him through unknown upstream changes.
Its long been suspected that the Russian government and Russian organized crime have cooperative links, if not outright overlapping "membership" (Putin is FSA/KGB, and its well known that ex-KGB members have been deeply involved in the Russian Mafia).
With this in mind, its not hard to speculate that if botnets controlled by Russian organized crime were put use against pro-Georgian assets, the ensuing defenses, publicity and exposure at the political/military level could possible cause these botnets to be far more vulnerable than they otherwise would be in the course of normal criminal activity.
This higher level exposure might lead to weakening them and reduce their effectiveness at normal tasks like spam.
Its also possible they may also be overutilized and prioritized for cyberwarfare and not for spam.
Re:Hmm (Score:5, Informative)
Re:Hmm (Score:5, Insightful)
Its long been suspected that the Russian government and Russian organized crime have cooperative links, if not outright overlapping "membership"
What is a government anyway but the most successful group of thugs imaginable?
Re:Hmm (Score:5, Interesting)
After I read this article [slate.com] yesterday (single page [slate.com]), that's what I thought: given all the spammers that are Russian, there's a chance there might be a slowdown in spam as patriotic Russians "pitch in" by helping DDOS Georgian resources.
It's pretty amazing if you read that article how easy it was for just an average person to find out how to "volunteer" for the Russian army: independent helpers have made it so you can find out which Georgian sites you should ping in order to maximize your effectiveness, and have programs that you can download that do most of the work with minimal hassle.
However:
a) According to most posters, spam hasn't actually abated.
b) Spammers wouldn't do something as selfless as pitching in for their country.
Re:Hmm (Score:5, Interesting)
Re:Hmm (Score:5, Funny)
Re:Hmm (Score:4, Insightful)
Actually, I just checked one of my e-mail addresses that has historically gotten about a hundred a day, and the Spam bucket only has 26 for yesterday and similar numbers for the last couple of days.
I read recently about some big spam king (czar, whatever) that got arrested. I wonder if taking him out of the equation actually had an effect on the world.
Re:Hmm (Score:5, Interesting)
then he proceeded to escape, kill his wife & baby daughter (a teenager escaped) and then himself.
pretty crazy, no?: http://www.dailycamera.com/news/2008/jul/26/spam-king-murder-suicide-surviving-daughter-in/ [dailycamera.com]
Re:Hmm (Score:5, Funny)
Oh ... so you're address is bill@billrocks.org? Interesting ...
Re:Hmm (Score:5, Funny)
Not sure if we've exchanged comments before, but I have some genuine replica watches of the finest quality.
Re:Hmm (Score:5, Funny)
Also, visit my Canadian Pharmacy online drugstore to choose from a great selection of products of high quality produced according to the strict pharmaceutical standards.
Re:Hmm (Score:5, Funny)
Thank you for your time.
Re:Hmm (Score:5, Funny)
is also getting far less spam now for a couple weeks
I think that's about to change.
Re:Hmm (Score:5, Informative)
Agreed. No changes in spam over here, my domain is still receiving the daily average of about 100 per day.
You should REALLY consider trying postgrey.
http://postgrey.schweikert.ch/ [schweikert.ch]
Postgrey on non whitelisted servers rejects the first mail attempt with a fail. The sending email server will retry X times, but the 2nd time it accepts it and adds the server to the whitelist.
Postgrey will add a 5 minute lag to an email that's sending server has never sent an email to you. It's worth it to screw the spammers zombies over IMHO.
Also, I would check your postfix/whatever you are using for a mail servers policy. I get 0 spam emails now and my address is posted all over the web.
I do have spamassassin running as well with sieve filtering to put what is marked as spam in a junk folder but the junk folder is empty, every now and then I'll see something -- but very rarely. Like once every 2 months.
Here's my spam prevention system :-)
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
check_policy_service inet:127.0.0.1:60000
Re:Hmm (Score:5, Informative)
Re:Hmm (Score:4, Informative)
I use greylisting, it reduced spam to almost zero for a while but then it gradually climbed back to previous levels and more.
Re: (Score:3, Interesting)
I wanted to use greylisting here but the idea was shot down, as some people actually expect people to be nearly instantaneous and if it's not, they moan and groan.
Doesn't matter how many times I try to explain that isn't how e-mail is supposed to work, that it's unreliable, etc, they still expect to hit send, then tell someone to check their mail 30 seconds later and it's there waiting.
Spam seems to be fairly steady here, perhaps up a tad. Here's the Monthly graph from our main filter [the-ori.org] (not from that domain,
Re:Hmm (Score:4, Insightful)
Unfortunately we live in an age where some sort of accountability is necessary before I'll accept your email. A dynamic IP address means no accountability, and it means your email doesn't get through.
As far as I can tell, the only people still self-delivering email from dynamic IP addresses are hobbyists who collect knives and home-school their kids, and whom neither I nor any of my clients have ever wanted to correspond with. I have never once received a report of email delivery problems that traced back to dynamic-IP blacklisting.
Don't get me wrong - when I first got DSL in 1999 I was thrilled about running my own mail server in the hall closet and did so for years. But times changed and I changed with them.
Re:Hmm (Score:5, Funny)
Re:Hmm (Score:5, Funny)
Re:Hmm (Score:4, Funny)
Re: (Score:3, Insightful)
Sure... and when a big mafioso is killed, it's the small shop owners that are the suspects. Riiiiight. Find out who's running the botnet now, and you got your prime suspect.
Already going on. (Score:4, Informative)
Seriously though ... if spammers started turning up dead where would the police even begin their investigation? There's only a pool of what, half a billion suspects?
Spammers and virus writers employed by spammers to create their zombie pools have been turning up dead [google.com] for almost two years now.
Re:Hmm (Score:4, Funny)
Something did change... (Score:5, Interesting)
I've just checked my work's logs (an ISP). The number of hits in the spam taggers fell from 12/sec to 3/sec earlier this week.
So either we're identifying less spam, or there is in fact less of it.
Re: (Score:3, Funny)
Every single day I get 4 or 5 copies of the "Paypal Dispute Transaction" shit.
Re: (Score:3, Funny)
I'm getting it (Score:5, Funny)
Re:I'm getting it (Score:5, Interesting)
Sneaky
Re:I'm getting it (Score:5, Interesting)
We've been getting a lot of "reverse spam"...The organizational emails are necessarily public, so some enterprising Russian has harvested the entire set and is using them as "REPLY-TO" addresses, so we get all the bounce messages from their damn spamming.
It's all the fun of having an exploited mail server without actually having an exploited mail server. The mail doesn't actually come from us so we're not having any blacklist problems, but the floods of bounce messages zip right through the spam filters and piss off the users.
Re:I'm getting it (Score:5, Insightful)
Don't you hate it that you have to deal with this sort of thing because some other mail server isn't configured correctly?
If all mail servers instituted the policy of "reject...don't accept then bounce", then there wouldn't be any blowback spam. Unfortunately, there is some MTA software that can't do the right thing without non-standard add-ons (qmail, I'm looking at you).
Re:I'm getting it (Score:4, Informative)
Re:I'm getting it (Score:5, Informative)
and you will block quite a few legit bounces too for two reasons
1: 12 hours is nowhere near long enough
2: the message may be routed through multiple servers before finally getting bounced.
Re: (Score:3, Informative)
Re:I'm getting it (Score:5, Insightful)
It's an arms race. They come out with a new message that tricks the filters into thinking it's real. The filters update and adapt. They rethink things and come out with a new junk message which sometimes succeeds, sometimes doesn't. When they find one that works, I start getting spam again until the filters adapt. Ad nauseum.
I've got my SpamAssassin filters set to update on a daily cron job, and it's always the same... Every week or two, I get a handful of spam messages getting past the filters. They're all basically the same. And it lasts for about a day before I stop getting spam again. So it comes in bursts for me, every time the spammers rethink the message they send out.
I've had my domain, and the same e-mail address for half a decade. My IP address did recently change when I moved into a new colo, but all of the DNS has updated already, so the spammers still know who I am. It's annoying. But it is manageable.
Okay (Score:4, Funny)
And you're complaining because .... ?
Exactly. (Score:3, Funny)
And you're complaining because .... ?
No kidding. I work as a sysadmin, and as far as I'm concerned, a spam-free day is an occasion to praise my patron demon and bring Him an offering of hookers and blow, not an excuse for an "Ask Slashdot" posting.
Re:Exactly. (Score:5, Insightful)
Assuming a third party isn't dropping your email... if they are then that's almost as bad the spam deluge - I'd rather be the one to decide what is spam than a third party who may or may not have a clue.
Re:Exactly. (Score:5, Insightful)
I, on the other hand, consider sudden, dramatic, and completely unexplained changes to the operation of systems under my control to be a reason to worry.
I'm just funny that way.
Re:Exactly. (Score:5, Insightful)
Amen.
It's like we speak the same language.
Change is good. Unexpected change is very, very bad.
Re:Exactly. (Score:4, Insightful)
Re:Okay (Score:5, Insightful)
Re:Okay (Score:5, Insightful)
Re:Okay (Score:4, Funny)
I carry mace with me to mark, but not stop, my raper, and I'm still seeing the occasional rapper tagged by mace. But they're virtually all gone.
I see what you did there! Subtle insight of your views concerning the Hip Hop "artist"?
Re:Okay (Score:5, Funny)
Mace? Screw maze.
Flurescent green spray paint [choiceful.com] is much better. Not only will you keep your assailant off of you, but you will also make it REALLY easy to pick him out of a line-up later.
Police: "Can you identify the guy who jumped you?"
Victim: "He's the green faced guy, crying on the corner about being blind."
Re:Okay (Score:5, Funny)
Without having the spam to process, the server doesn't run as hot as it's "supposed to". This causes a power imbalance, sending more current to the other servers and tripping breakers. Also, because of the lack of that heat, the server room is too cold. The UPS batteries are not storing enough of a charge as they are less efficient when they're cold. If a power sag, brownout, or blackout happens during one of these spam free moments, well, the results could be catastrophic.
Did you install Skynet 1.0? (Score:5, Funny)
Did you install Skynet 1.0?
Hey, what's that siren going off for....
Re: (Score:3, Funny)
I can forward you some of mine if that helps... (Score:3, Interesting)
Re:I can forward you some of mine if that helps... (Score:5, Interesting)
That might actually be a not bad idea. Sending him something that can be confirmed as having been sent, and as being spammy.
Because... (Score:5, Funny)
When spammers took over your box, they didn't want to flood it with their own mail.
One down (Score:5, Informative)
Re: (Score:3, Informative)
Did you read that article?
"Shadow appears to have been mostly confined to the Netherlands, as the messages and phishing hooks were all sent in Dutch, but had apparently infected some US systems as well, as the FBI is credited for assisting on the case."
Re: (Score:3, Insightful)
Re:One down (Score:4, Interesting)
Did you read the article? "...as the messages and phishing hooks were all sent in Dutch,..."
Since the original poster didn't mention what portion of his spam was arriving written in DUTCH, we can't say for sure, but it appears, as the article says (up near the top too!), this botnet, while large, was almost completely confined to the Netherlands.
I'll save you the reply too, should you go back and read the article, the rest of the sentence I quoted above says "...but had apparently infected some US systems as well, as the FBI is credited for assisting on the case." However it does say that ALL the messages were sent in Dutch.
Probably not our boy's spam.
Oops... (Score:5, Funny)
Sorry, we've been down for maintenance and it's taking a lot longer than we originally planned. You can expect normal service to resume by next monday.
Shadow botnet was killed recently (Score:4, Informative)
http://arstechnica.com/news.ars/post/20080814-police-nab-shadow-creators-force-botnet-to-commit-suicide.html [arstechnica.com]
That may account for some of it.
So it's become real... (Score:5, Funny)
Spam Assassin is actually assassinating spam.
On another note, has anyone heard from cousin who is a Nigerian prince? He hasn't called in days and we're beginning to get worried.....
those chinese spam factories are shut down ... (Score:5, Funny)
The Russians are busy in Georgia... (Score:5, Funny)
We Can Test (Score:5, Funny)
We're happy to help you solve this mystery.
What is your email address?
We got bored of the joke (Score:5, Funny)
Okay, here's the thing: nobody but you ever got spam. We all just thought it would be funny to fool you into thinking there was some kind of worldwide scamming epidemic. You don't seriously think people would be stupid enough to buy pills off strangers who email them out of the blue, do you? I thought we'd gone a bit too far and stretched the limits of credibility when we came up with the idea for the Nigerian scams, but I was wrong, you even fell for that! Nobody is stupid enough to send all their money to a "Nigerian prince".
Anyway, enough's enough. The joke's stale now, so we decided to stop sending it all to you.
Spam has relatively few sources (Score:5, Funny)
A large chunk of spam comes from a very small group of spammers. It may just be that you are only targeted by one of them, and he took a break recently.
Hang in there... he'll come back from vacation soon, and you'll be able to mortgage your penis to Nigeria again.
I Stole It (Score:3, Funny)
I'm holding it for ransom. You can have it back for $1,000,000.
A "Shadow" of their former selves? (Score:4, Informative)
Were the missing spam-mails mostly in Dutch?
http://arstechnica.com/news.ars/post/20080814-police-nab-shadow-creators-force-botnet-to-commit-suicide.html
"Shadow appears to have been mostly confined to the Netherlands, as the messages and phishing hooks were all sent in Dutch, but had apparently infected some US systems as well, as the FBI is credited for assisting on the case."
...
"Once Shadow was secured, the police contacted Kaspersky Labs about providing a means to neutralize the malware."
I can kinda confirm this. (Score:5, Interesting)
I run a web hosting company and over the past couple weeks I've had a few customers report that the amount of spam has dropped. Of course, they thought that this was something wrong, but I couldn't find any evidence of increased failures, it was just that there was slightly less mail coming in.
What's your email address? (Score:3, Funny)
I'll forward you some of my spam. Wouldn't want you to feel lonely.
Check (Score:3, Funny)
I'm not sure what's causing your lack of spam. What's your email address?
Re:Check (Score:5, Funny)
I find your lack of spam disturbing ...
Still the same old same old (Score:3, Insightful)
We provide a spam filtering service, and our volume hasn't really changed much in the past week or two so perhaps whichever botnet was sending you all the trash went offline or just... stopped sending to you.
Botnets current tasked to higher priority jobs (Score:5, Interesting)
http://it.slashdot.org/article.pl?sid=08/08/12/191255&from=rss [slashdot.org]
http://bits.blogs.nytimes.com/2008/08/11/georgia-takes-a-beating-in-the-cyberwar-with-russia/ [nytimes.com]
When the crisis abates, I expect the botnets will be returned to their regularly scheduled duties. Quite a versatile tool those botnets -- pimping V!agr4, collapsing government sites, enhancing the male doodad, distributing pr0n, bullying your neighbors (http://news.bbc.co.uk/2/hi/europe/6665145.stm [bbc.co.uk]). For the cost of one M1A1 tank tread, Putin bought himself a whole lot of firepower.
Advantage: Putin.
Re: (Score:3, Interesting)
For the cost of one M1A1 tank tread, Putin bought himself a whole lot of firepower.
This is so obviously the answer that the parent needs to get to +5 Insightful as soon as possible and that can be the end of the story.
I can confirm this (Score:3, Insightful)
This happened to me too about a week ago, and I was as surprised as you. I am from Italy, and I got about 200 mails a day, about 5 of them not spam. Now I get about 80/day. They are not vanished, but the volume of Spam mails dropped significantly the last week or so.
Reality... (Score:4, Informative)
Without seeing your logs, most folks would be guessing. They symptoms you provide are not enough to make an educated guess. I would say to bump up the verbosity of your email server, SpamAssassin, and the system itself and then go from there.
Fake News Alerts (Score:3, Informative)
Oingo Boingo! (Score:4, Funny)
When Slashdot has a real slow news day
Tell me where my spam's gone
When Nigeria no longer needs me
Tell me where my spam's gone
When trojan horse avoid my inbox
Tell me where my spam's gone
When penis pumps cease their pumping
Tell me where my spam's gone
When free porn streaming doesn't bug me
Tell me where my spam's gone
When people install virus checkers
Tell me where my spam's gone
headless botnets (Score:5, Interesting)
We've been seeing botnets changing desktop background to an image alerting people that they are infected with a virus. Obviously a real spam botnet operator would not alert people like that.
My theory is that some grayhat wrested control of a major botnet, and is shutting it down from the source (and alerting the victims in the process).
Re: (Score:3, Informative)
lemme guess, most common infection name is Antivirus XP 2008?
I've started having those pop up left and right, and you are correct, once you think you have the virus gone, you think you're clean. EEEEEEE wrong. There's actually a botnet hiding behind that virus load, and if you don't pull it off, it does it's own direct port 25 push. I've three computers in my near vicinity that all have that loaded on their systems, and at first I was ready to wipe the frigging machine.
Don't forget to clear system restor
We Apologize (Score:5, Funny)
We humbly apologize for the interruption in service. Please reply with your email address and our technical staff will get back to you.
not on this end (Score:3, Informative)
our spam seems to be climbing.
# of spams / date (m/d)
16,037 8/15
17,385 8/14
17,287 8/13
16,352 8/12
15,171 8/11
16,505 8/10
14,344 8/9
12,157 8/8
12,465 8/7
11,942 8/6
12,265 8/5
10,124 8/4
11,437 8/3
13,417 8/2
12,858 8/1
Try forwarding spam through ISP (Score:5, Interesting)
I just checked one of our Ironport Servers (Score:3, Informative)
In a 24 hour period we've gone from a peak of about 75,000 messages at 9pm CST last night to a low of 40,000 messages incoming today, 97.3% of which are spam. Total for the last 24 hours on that single Ironport (we have 4 in production and one in the lab) is 1.4 Million attempted messages, of which 36.1 thousand were clean.
So all things taken into consideration, consider yourself fortunate. We're still seeing a trend that indicates that over 97% of all incoming mail is garbage.
-Phil
Here's a thought... (Score:4, Interesting)
It's not too-well publicized, but the Russian Business Network (AKA spammer filth) have been using (renting?) a large chunk of their botnet space to attack Georgia. Here's a bit of detail. [blogspot.com]
Maybe they just didn't have enough bandwidth to spam the planet AND take down Georgia's systems through a DOS.
Black Hat (Score:5, Funny)
They all just got back from Black Hat / Defcon, and they're still hung over.
A communications disruption... (Score:3, Funny)
Infected PC are offline during summer ^_^ (Score:5, Informative)
Obligatory (Score:3, Funny)
Here's where your spam went (Score:4, Informative)
1. If you've made no configuration changes or patches in the past week, that pretty much lets out program error.
2. If your ISP is saying they don't do spam filtering, then that pretty much lets that out too, unless your ISP is given to lying to you.
3. Others point to the cyber war between Georga and Russia. I'd think that those folks would have their own bots not associated with spamming, but I can't prove that.
4. It surpasses hope that all the sudden people cleaned up their pwon3d systems.
5. My spam levels have not dropped appreciably, and I not only have my own domain, but allocations as well.
6. I have noticed at times in the past that my spam levels do drop by 60, 70, even 80%. They always pick back up before too long. Enjoy a breif respite.
Re:we are all doooomed (Score:5, Insightful)
Re:the russian business network is busy (Score:4, Insightful)
they need the botnet resources for ddosing georgia
The sad thing is, you might be right...
Re: (Score:3, Funny)
No, no, no...
Im in ur mailserverz, eating ur spam!