And so it (spam nuke) begins...

[foodini]

In an attempt to keep the  junk mail at bay, I give a different email address to everyone that I register with.  In other words, when I start getting junk mail to an address, I know who leaked it.

Usually, there is a slow rampup of crap whose tide is stemmed quickly by simply deactivating the address.  There still tends to be network load dedicated to sendmail's rejection of these attempts to deliver to a defunct address.  The sudden blast of email directed at my f13 email address recently forced the temporary disabling of sendmail because there were so many attempts to deliver spam to the f13 nome-de-plumed inbox.  This is not a good thing.

Has anyone had a similar problem recently?  The only place that address existed was in f13s database.  If I ever received email to it and replied, it would have arrived at the other end with no indication of the f13 email address - my personal address would have been substituted.

 

[schild]

Your email address is set so anyone logged in can see it. Which means it can probably be scraped. Which means, and it's likely on nearly every forum, that some smart lurker can see your email address (and most peoples) and just put it on a list.

[Strazos]

Foodini, have you tried clicking the box in your account settings on F13 to hide your email address from the public?

Not sure if it will help.

[Signe]

It wasn't me.  I didn't do it.

[Quinton]

Something I've noticed in recent years is spammers will take the username portion of email addresses and spam them to random domains.   If it doesn't bounce, win!

Bastards.

[MahrinSkel]

This is the biggest reason I gave up on having a vanity domain and just went to GMail.  Maybe 1 spam a month makes it through their filters, and I've only ever had one false positive.

--Dave

[Quinton]

This is the biggest reason I gave up on having a vanity domain and just went to GMail.  Maybe 1 spam a month makes it through their filters, and I've only ever had one false positive.

You can do both if you use the google apps for domains stuff (or whatever we call it these days).  Basically sign up, point your dns at the appropriate stuff as directed, and off you go. 

Of course, I still have my own personal unix box in a colo with homebrew graylisting (which works remarkably well -- I seldom ever get a spam in my inbox) because I'm obstinate and also I have issues with having my employer be my isp/hosting provider.

[rturja]

Something I've noticed in recent years is spammers will take the username portion of email addresses and spam them to random domains.   If it doesn't bounce, win!

Yep, added with the extra fun of spammers gathering first and last names from email addresses they have harvested, joining them at random and trying their luck. If the mail goes through, pure win 
At the moment if you don't have the possibility of running your own email-server, you have to use filter programs at your end, or ISP/mail provider with spam filtering feature. No matter what steps you take in order to protect your address, spammers will get it sooner or later.

I've been running a mail setup for selected bunch of friends and family for some years now with some very simple server side filters, blacklisting and spam recognition software. People still get spam, but 1-2 spam mails in a day is still tolerable - Many of our addresses have been in the internet for quite a some time and the amount of spam before starting filtering was significantly larger. Interestingly, for us the most efficient spam stopper is the basic server filters used when the mail delivery is started, letting in about one third of the mail that was originally sent to our domains. Those remaining two thirds stopped by filters are mostly getting caught by trying to claim the sending server IP, name or the sender originate from our box. No false positives in several years (I monitor the stopped/bounced communications), but spammers are getting more sneaky too.

Been researching and thinking about adding greylisting for some time, but for me it seems very vulnerable once spammers catch on and start resending to the domains that queue first contact. How has it worked for you Quinton, none of that yet?

[Quinton]

Been researching and thinking about adding greylisting for some time, but for me it seems very vulnerable once spammers catch on and start resending to the domains that queue first contact. How has it worked for you Quinton, none of that yet?

Some stuff does get through -- I use spamprobe as a backstop for the stuff that does.  But when I first started greylisting (maybe 2 years ago now), it reduced the amount of spam that made into the system by over 90%.  Greylisting has been in use (by some larger shops too) for over 3 years now and remains pretty effective.  At the end of the day it costs spammers a lot more in resources to actually bother retrying temporary fails than to just fire and forget.  Also I find that the kind of spam that *does* get through is often the kind where they'll actually honor your unsubscribe requests -- usually legit online merchants or the like who decided to sign me up for their mailing list.

I have my scripts setup such that retries in under 5 minutes are ignored and ip/sender/receiver triplets that were not retried are purged after 48 hours.  This seems to work pretty well.  I have had to add some support for services that round robin their outbound smtp (gmail, amazon, etc do this), otherwise messages can be pretty heavily delayed until they happen to retry from an IP they sent from before. 

Looking at the stats, currently I'm dropping about 60% of inbound mail traffic on the floor, and I've not been aware of any situation where people have not been able to get email through to me (usually the first time somebody sends from a new address or server it takes 10 minutes to 5 hours, depending on how aggressive their mta is about retrying -- 10 minutes is the norm).

[gryeyes]

I once created a brand new email address to use solely for my online bank account. Created the account using the fresh email address and within 24hrs i was getting spoof spam mail using the same layout and bank name as the account i created.

[NowhereMan]

I've got a uomail account that now is basically made up and counts for fuck all. I have a gmail account for actual buying stuff things and then a real account I give to real people. I don't get bothered with spam mail much, is that a happy coincidence or do I not sign not for as much porn as some people?