The war on “anti”-spam software
Published: Wednesday 2004-06-23.
Since I last wrote about the problem, it has grown worse. I do not have big problems with spam mail, my filters remove all but a few of those, what I have problems with are bounces to e-mail where the spammers (or viruses) have used my domain as the sender address and sent to non-existing addresses, and so called TMDA software, which requests of me to visit a certain link or send a special code in a response letter to unlock the letter that the program thinks that I sent, but which was sent by a spammer (or a virus).
Normal bounces are relatively simple to remove with procmail, and I do so,
in a furious speed—in ninety minutes I counted 186 deleted bounces,
that is more than one every thirty seconds.
Bounces that do not follow a standard template, and
I’m not in the office<&q>
letters aren’t as easy to filter, but instead often fall through,
taking up place in my inbox, replacing the spam I filtered out.
And then there are the TMDA letters. The authors of the various systems probably have good intentions, the problem is just that they haven’t understood that the victims are those of us whose domains are being forged as the sender addresses by spammers (and viruses). I have put up procmail filters that recognise the signatures of the most common TMDA software, and which forward all those messages to the people that have written them, to make them understand why they are a bad idea. This means that if you are using TMDA software and tries to contact me, you will never receive my reply. But that’s your fault, not mine.
There is a solution to the problem of making innocent third parties the victim of this kind of software, and that is SPF, which I also have mentioned earlier. SPF makes it possible for the receiver to verify that the sender address written in the letter belongs to the person that sent it. SPF does not stop spam, but it makes it impossible to fake the sender address, which then makes it possible to add on a TMDA system. I do publish an SPF record for my domain, which means that everyone who wishes can verify whether a message that seems to be coming from ＠softwolves.pp.se actually does so.
This is what my anti-TMDA filters for procmail look like at this time:
# Cognigenmail :0 * ^From.*firstname.lastname@example.org ! email@example.com # k12.ar.us :0 * ^From.*firstname.lastname@example.org ! email@example.com # Qurb :0 * ^Subject.*\[Qurb #[0-9]+\] * ^Thread-Topic: ! firstname.lastname@example.org,email@example.com # Maverix :0 * ^From.*maverix-sender@.*maverixsystems.com ! firstname.lastname@example.org # Hushmail :0 * ^From.*hushmail\.com * ^Hush-notification: true ! email@example.com,firstname.lastname@example.org # Knowspam :0 * ^Message-Id:.*email@example.com * ^X-Mailer.*knowspam.net ! firstname.lastname@example.org,email@example.com # Mailwiper :0 B * ^For 100% Junk free eMail please visit http://www.mailwiper.com ! firstname.lastname@example.org,email@example.com # digiportal.com :0 HB * ^X-ChoiceMail-Registration-Request: ChoiceMail registration request * ^http://cm.digiportal.com ! firstname.lastname@example.org,email@example.com # safepages.com :0 HB * ^From.*firstname.lastname@example.org * ^Subject: \[server bounce message\] * ^ATTENTION:.*YOUR MESSAGE WAS MARKED AS SPAM ! email@example.com,firstname.lastname@example.org # uol.com.br :0 * ^From:.*AntiSpam UOL * ^X-UOL-Srv: T ! email@example.com,firstname.lastname@example.org # delawarelawyer.com :0 * ^X-Delivery-Agent: TMDA/ * ^Auto-Submitted: auto-replied * ^Subject: Please confirm your message ! email@example.com,firstname.lastname@example.org # -- Friends system -- # on.net :0 * ^Subject: Please reply to confirm: * ^X-Confirm:.*internode.on.net ! email@example.com,firstname.lastname@example.org # siscom.net :0 * ^Subject: Please reply to confirm: * ^X-Confirm:.*siscom.net ! email@example.com,firstname.lastname@example.org # heartoftn.net :0 * ^Subject: Please reply to confirm: * ^X-Confirm:.*heartoftn.net ! email@example.com,firstname.lastname@example.org # rose.net :0 * ^Subject: Please reply to confirm: * ^X-Confirm:.*rose.net ! email@example.com,firstname.lastname@example.org # a4l-mail :0 * ^Subject: Please reply to confirm: * ^X-Confirm:.*a4l-mail ! email@example.com,firstname.lastname@example.org # generisk :0 * ^Subject: Please reply to confirm: * ^X-Confirm: * ^X-Server:.*surgemail ! email@example.com,firstname.lastname@example.org # -- SpamBLK -- :0 * ^X-SendBy: SpamBLK - http://www.spamblk.de * ^Subject: \[SpamBLK\] ! email@example.com,firstname.lastname@example.org # 0spam :0 * ^From: email@example.com * ^X-AntiAbuse: This header was added to track abuse * ^Subject: Verification required ! firstname.lastname@example.org,email@example.com # charter.net :0 HB * ^From:.*charter.net * ^Subject:.*Qurb * ^X-Mailer: Microsoft Outlook Express * ^TO CONFIRM YOUR ADDRESS PLEASE REPLY TO THIS MESSAGE ! firstname.lastname@example.org,email@example.com # Ålcom :0 * ^From:.*nobody@.*alcom.aland.fi * ^Subject: Meddelande blockerat * ^X-Mailer: MIME-tools ! firstname.lastname@example.org,email@example.com # wdsg.com :0 * ^Reply-To:.*firstname.lastname@example.org * ^X-Delivery-Agent: TMDA/ * ^Subject: Please confirm your message ! email@example.com,firstname.lastname@example.org # email-bouncer.com :0 * ^From:.*email@example.com * ^Subject: Please verify your Email address for ! firstname.lastname@example.org,email@example.com # another.com :0 * ^From:.*another.com.*Friends system * ^X-Confirm: ! firstname.lastname@example.org,email@example.com # bolingbroke.com :0 * ^From: Confirmation Requested.*bolingbroke.com * ^Subject: Confirmation required ! firstname.lastname@example.org,email@example.com # email-bouncer.com :0 * ^Subject: .Spam Challenge. Confirm your email.*http://mail.email-bouncer.com * ^Message-Id:.*email-bouncer.com ! firstname.lastname@example.org,email@example.com :0 * ^Subject: .Spam Challenge. Confirm your email.*http: * ^From: Challenge Response ! firstname.lastname@example.org,email@example.com # pacisp.net :0 * ^Subject: .Challenge. Confirm your email by visiting * ^From:.*firstname.lastname@example.org * ^Message-Id:.*pacisp.net ! email@example.com,firstname.lastname@example.org,email@example.com # VisualMail TMDA :0 * ^X-Mailer: Mintersoft VisualOffice, Build 4.02.1003 * ^X-VM-Initiator: * ^X-VM-Bounced: ! firstname.lastname@example.org,email@example.com # oro.net :0 * ^Reply-To.*Automatic Whitelist.*oronet\.com * ^Errors-To.*Automatic Blacklist.*oronet\.com ! firstname.lastname@example.org # cru.fr :0 * ^From:.*cru.fr * ^Subject: confirm * ^Content-Type: multipart/mixed ! email@example.com,firstname.lastname@example.org # Active Spam Killer :0 * ^Subject: Please confirm.*conf# * ^X-AskVersion: * ^X-ASK-Auth: ! email@example.com # --- Generic filter :0 * ^Subject: Please confirm your message /dev/null
The filters are free to use, the more people that start counter-acting these systems, the better.