On Wed, 3 Sep 2003, John Kozubik wrote:
I must reiterate that, given the relentless efficiency of spam-spiders, merely publishing a shadow email address on all web documents that your real email address reside on, and deleting all email sent to both accounts is my current favorite anti-spam mechanism. Simple to DIY, and requires no centralization.
There is a high potential to falsely block innocent addresses. The most common reason these days will be a worm activity. To quote from spamNEWS 09/02/03: ooooo SOBIG.F OBESERVATION - Lockergnome 8/31/2003 http://click.wh5.com/redirect.php?c=17825&u=46r9niwjatrv4g6m I observed back on Tuesday that my Symantec SMTP gateway was stopping SoBig.F subject lines coming from spammers (i.e., blocked via DNSBL) at over 3 times the rate that I was seeing them from Joe user types. Further, I noticed that they were sending even more SoBig.F emails than they were spam. So, why would spammers who make their living be generating emails allow their servers to be compromised? They didn't. They are doing this on purpose and I have a theory for this. I call it my echo theory. Say that, as a spammer, you know one or more of the addresses in your database is to a spam trap - but you don't know which one. You generate LOTS of SoBig.F emails on purpose, using your database for the forged-from addresses. Now, JoeUser has his server or client antivirus filter setup to send a reply when it encounters a virus (which is a very BAD thing, after Klez taught us about the virtues of forged addresses). Dutifully, JoeUser's email server or client automatically sends a helpful note off to "SpamTrap," informing them that they are infected. Often these replies even extol how much smarter they are than "SpamTrap" because they caught it, but "SpamTrap" did not. Heck, let's even send an email to the postmaster at SpamBait's ISP, telling him / her how much better the BrandX filter is that JoeUser is using... but I digress. The email server at SpamBait's ISP sees an email to SpamTrap and says "Ah hah, JoeUser's ISP must obviously be a spammer, so load his IP address into our DNSBL servers." JoeUser now sends a legitimate email to me SmartUser at IuseDNSBL.com and it, of course, bounces. JoeUser now calls me and asks why he was blacklisted. After some diligent effort on my part, I find that DNSBL.SpamBait.com is saying half of my customers and suppliers are spammers. I have a business to run, so I turn off DNSBL on my gateway and - lo and behold - all of the spammers emails that were being blocked due to DNSBL are no allowed to come though. That is my echo theory. That is why spammers are using half their bandwidth to send SoBig.F. [Thanks to reader Stephen Whitis for the tip - ed.]