Home |Programming Resources |
The Anti-Spam Home Page

The spam problem is not going away, it's getting worse!
Learn how to stop junk e-mail.

-- P. Lutus -- Message Page --

Tired of wading through all that junk mail? Learn how to stop the spammers -- here are instructions to automatically filter your e-mail, defend your site from exploitation by the spammers, and get involved!

Use these links to choose the section you are interested in:

   General Discussion

Here are the facts:


This is a recipe for exploitation, and you are the target. All an advertiser has to do is obtain your e-mail address – after that, he can spam you again and again.

I recently received two "spam" e-mails. The first offered to put a phone sex telephone number on my site – "Your choice of Straight, Gay, or Fetish lines available" – the second offered to sell me a list of 25 million e-mail addresses. As I read these messages, it struck me that, unless I fought back, I would be daily forced to look into the human sewer that spam e-mail represents, and I would be just one among millions of victims.

To say it in plain English, I am going to fight spam, and I hope you will join me -- let's take the Internet back from the sewer rats.

Definition of Spam

A "spam" e-mail is generally defined as an unsolicited mailing, usually to many people. A message written for, and mailed to, one individual that is known to the sender is not spam, and a reply to an e-mail is not spam, unless the "reply" repeats endlessly.

Spam e-mailers have become a separate part of the Internet, with their own host computers, methods, and politics. Many Internet sites have begun to forbid spamming, for several reasons – one is a sense that it is unethical, another is that, over time, other Internet sites will stop all e-mail from that site and thus prevent legitimate e-mail from getting through. As a result, spammers have begun to set up their own Internet sites -- sites that cater to, or encourage, spamming.

Rules of the Spam game

Your goal as an Internet user is to figure out a way to separate legitimate e-mail from spam. There are several ways to do this. One way, described below, is to set up your mail service so that known spammers are not allowed to deposit mail in your account. This method relies on knowing (1) the return e-mail address of the spammer, or (2) the name of the spammer's host computer.

The spammer's goal is to get around your filtering methods. He can do this by (1) using a different e-mail address for each mailing, or (2) he can forward his e-mail by way of an intermediary, to conceal the actual origin. The second of these methods is often used without the knowledge or permission of the intermediary, and it usually results from an error in configuration – I will show you how to protect your site from this exploitation.

Because it is very easy to simply create a new return address for each of millions of e-mails, filtering by way of return address is only effective when dealing with small-scale, amateur spammers. As a result, many sites simply block all e-mail from a particular spammer-friendly site. What this means is, if you have an account with a site that also welcomes spammers, your e-mail will sometimes not get through. This is why Internet sites are gradually splitting into two classes -- those that welcome spammers and have no normal users, and those that aggressively stop spamming from their sites to protect their legitimate users.

What to do if you are on a site that permits spam

If your e-mail cannot be delivered to a site you write to, it may be that your host site has one or more spammers among its clients. If this happens to you, use this method:


This problem – blocking an entire site – is why legitimate sites will act to stop spamming if you bring it to their attention. It is also why spammers end up on sites that specialize in spamming, sites that will not listen to your complaints. So, before writing to complain, you need to discover which kind of site you are writing to.

How to alert a site that they are hosting a spammer


Be aware that, if the spammer is using forwarding, you may end up writing a complaint to an innocent Internet site that was exploited by the spammer. If this happens, you may want to alert that site that their e-mail server is configured incorrectly and should be reconfigured as shown below.

How to identify a Spammer

You can use my Whois Utility to find the spammer's actual identity. Simply look at the e-mail header, find the source host name (this may take practice because spammers try to hide the actual host name) or address and type it into the "Whois" utility. Or, if you are comfortable using a UNIX shell and have this kind of access, you can issue the Whois command from there.

Do not rely on the e-mail's return address. This is much too easy to fake. The other information in the e-mail header is more useful and more likely to lead to the actual sender.

Spam Do's and Dont's

Never respond to a spam e-mail. For a spammer, one "hit" among thousands of mailings is enough to justify the practice. Instead, if you want a product that is advertised in a spam e-mail, go to a Web site that also carries the product, inquire there, and tell them you do not approve of spam methods and will not patronize a company that uses spammers.

Never respond to the spam e-mail's instructions to reply with the word "remove." This is just a trick to get you to react to the e-mail -- it alerts the sender that a human is at your address, which greatly increases its value. If you reply, your address is placed on more lists and you receive more spam.

Never sign up with sites that promise to remove your name from spam lists. These sites are of two kinds: (1) sincere, and (2) spam address collectors. The first kind of site is ignored (or exploited) by the spammers, the second is owned by them -- in both cases your address is recorded and valued more highly because you have just identified it as read by a human.

Never mail-bomb spam sites or engage in hacking to stop spammers. This only increases the amount of wasted Internet traffic, creates sympathy for spammers, and makes the Internet even less reliable than it already is.

Take meaningful action to stop spammers. Filter their messages or their sites using the methods described below, write their host sites (without revealing your real e-mail address!) and any sites that are used as relays, write your congressional representatives.

   Write your congressional representatives

In the long term, this approach may be the only effective one. Spammers will probably figure out a way around most of the direct, technical methods I describe here, so legislation may be required to stop them.

You may not want to involve government in the Internet, because if one law is passed that regulates an aspect of the Internet, others may follow. I assure you, I understand and sympthize with this position, and there is always a risk in getting government involved in anything. But the spammers are already taking advantage of the methods of government, through lobbying for their own cause, taking advantage of loopholes in existing laws, and relying on governmental inertia and public apathy to help their cause.

By getting involved, we send a signal to government that we won't stand to be abused as we have, and we also send a signal to companies that they will lose public approval if they use spammers to promote their products. Both are powerful reasons to write letters, make phone calls, and send faxes.

If not us, then who, and if not now, when?

  1. Write your congressional representative -- click here.
  2. Write your state's senators -- click here.
  3. Write the Federal Trade Commission, demand action against spammers -- click here.

   How to report fraudulent e-mail

Most spam is simply annoying, but some of it is illegal. One obvious category is an e-mail that asks you to send, say, $5 to several addresses in the letter, and promises big returns if you follow the letter's instructions -- this is called a "pyramid scheme" and it is illegal.

There are many other kinds of illegal e-mail, too many to describe here. If you believe an e-mail is fraudulent, you should report it. Here are some addresses that accept fraud reports:

   E-mail filtering techniques

This technical procedure is (1) for the relatively experienced Internet user, and (2) applies to those servers running the sendmail server program. There are other kinds of servers and programs, but the majority of Internet sites are using some version of sendmail. If you are using a different type of server or software, click here .

If you have not delved into UNIX, configuration files and so forth, you may want to enlist the help of someone with this kind of experience, or ask your Internet service provider for help.

Also, many Internet users do not have control over their site's mail configuration. If you are in this situation, simply make your site administrators aware of your wishes and give them the address of this site.

Here is the basic procedure:

  1. Locate sendmail.cf, the sendmail configuration file.
  2. Copy the original version to a safe location.
  3. Make the changes described below.
  4. Create /etc/spammers.txt, a list of e-mail addresses to be excluded from your server.
  5. Create /etc/spamdomains.txt, a list of host and domain sites to be excluded from your server.
  6. Create /etc/relaydomains.txt, a list of host and domain sites you want to permit relaying through your site (all others will be blocked). This file should be created, even if it has no entries.
  7. Put the new version of sendmail.cf in place.
  8. Test your mail service to be sure that you have not made an error that might disable e-mail on your site.
The configuration file sendmail.cf is usually located in the /etc directory on your server. If your site is a virtual server, be sure to contact your site support service to be sure that you do not edit the system-wide sendmail.cf file, but only your own virtual server's file.

How to edit sendmail.cf

Load sendmail.cf into your favorite text editor. Locate the end of the options section, the point in the file that I have marked with the comment below:

     
(previous file contents) 
#############
#  Options  #
#############

Oa1			# Wait (in minutes) for alias file rebuild
OA/etc/aliases		# location of alias file
OC10			# Checkpoint queue runs every N deliveries
OF0600			# Temporary file mode
Og100			# Default GID
OH/etc/sendmail.hf      # SMTP help file
OI			# Insist that the name server be running
Ok5			# Open connection cache size
Om			# Expand aliases to include sender
On			# Verify RHS in newaliases
OQ/usr/spool/mqueue	# Queue directory
OS/etc/sendmail.st	# Stat file
OT3d			# Queue timeout and warning time
Ou126			# Default UID
Ot			# Use TZ environment variable
# > > > insert the check_mail code block below this comment <<< 

#################################
#  Ruleset 0 - Resolve address  #
#################################
S0

R<@>			$#local$:<>		Null address is local
(following file contents)

Now that you have located the correct insertion point in sendmail.cf, you may choose to insert the first of the sections described below (check_mail). The second section (check_relay) must be placed at the end of the file. After you have made your insertion(s) and saved your changes, you should test sendmail by sending yourself an e-mail. Any syntax or other errors will prevent sendmail from operating correctly. If this test fails, you should replace your edited version of sendmail.cf with the original.

How to filter e-mail addresses and sites

  1. Insert the following section into sendmail.cf at the point specified in How to edit sendmail.cf . This section provides the code for both the address method and the host method described in the next section. 

    #####################################################################
# Ruleset check_mail - Stop Spammers (see http://www.vix.com/spam/) #
#####################################################################

# spam site list files

F{SpamDomains}	/etc/spamdomains.txt
F{Spammers}	/etc/spammers.txt

Scheck_mail
R<$={Spammers}>		$#error $@ 4.7.1 $: "471 We don't accept junk mail"
R$={Spammers}		$#error $@ 4.7.1 $: "471 We don't accept junk mail"
R$*			$: $>3 $1
R$*<@$*$={SpamDomains}.>$*	$#error $@ 4.7.1 $: "471 We don't accept junk mail from your domain"
R$*<@$*$={SpamDomains}>$*	$#error $@ 4.7.1 $: "471 We don't accept junk mail from your domain"
R$*			$@ ok
R$*			$#error $@ 4.1.8 $: "418 can't resolve your name, check your DNS"

    To capture this code, simply drag your mouse across it and place it in your text editor. If you cannot do this, click here.

  2. Create a text file named /etc/spammers.txt (see The spammer master lists for a current list). Put one or more e-mail addresses in the file, each on a separate line.

    Example:

    company1@spamsite.com
    company2@spamsite.com

    This method only filters particular addresses -- a determined spammer will not be stopped by this approach. It is too easy to simply create another e-mail address.

  3. Create a text file named /etc/spamdomains.txt (see The spammer master lists for a current list). Put one or more host and domain names in this file, each on a separate line.

    Example:

    spammer.spamsite1.com
    spamsite2.com

    The first example above stops all e-mail from the host site "spammer.spamsite1.com." The second example stops all e-mail from the entire domain "spamsite2.com." The check_mail code accepts both kind of entries, depending on your wishes -- you may want to stop a particular host, or all e-mail from an entire spammer-friendly domain.

    Stopping all e-mail from a host or domain is more powerful than the e-mail address method -- it eliminates e-mail from an entire site, but at the risk of blocking legitimate e-mail. If you receive a complaint from a legitimate user of that site that they cannot e-mail you, just explain that their site permits spamming and ask them to write their site's administrators to correct the problem at the source.


How to stop e-mail forwarding on your site

This method will prevent an unscrupulous spammer from concealing his true identity by forwarding e-mail through your site. It will also keep you from being misidentified as a spammer.

  1. Insert the following section into sendmail.cf at the end of the file as described in How to edit sendmail.cf . This section provides code to verify that e-mails are either beginning or ending their journey at your site, and blocks all others. 

    ##############################################################
# Ruleset check_rcpt - Shutdown relaying through this server #
##############################################################

# dequoting map - Needed for SPAM hack below
Kdequote dequote

# permitted relay sites file

F{RelayOK} -o /etc/relaydomains.txt

Scheck_rcpt
# anything terminating locally is ok
R<$+ @ $=w >		$@ OK
R<$+ @ $* $={RelayOK} >	$@ OK
# anything originating locally is ok
R$*			$: $(dequote "" $&{client_name} $)
R$=w			$@ OK
R$* $={RelayOK}		$@ OK
R$@			$@ OK
# anything else is bogus
R$*			$#error $: "550 Relaying Denied"

    To capture this code, simply drag your mouse across it and place it in your text editor. If you cannot do this, click here.

    Precautions about blocking forwarding:

    • If you want to permit some sites to forward e-mail by way of your site, you must add their host or domain names to a text file named /etc/relaydomains.txt. Create this file if necessary.
    • This code segment, like the previous one, accepts both host (host.sitename.com) and domain (sitename.com) names.
    • With some e-mail clients, this code segment may prevent you from sending mail to other sites. If it does, use this procedure:
      • If you are accessing your Web server from a separate site, add the host or domain name of that site to /etc/relaydomains.txt and test again.
      • If this test fails, simply remove this code segment from your sendmail.cf file.

  2. Don't forget to create a file named /etc/relaydomains.txt, even if it is empty. Enter the names of any sites you want to permit relaying through your site, as well as any sites you use to access your server.

How to test the changes in sendmail

  1. Send yourself an e-mail. If sendmail is working, you will receive the message.
  2. Edit your e-mail client configuration -- temporarily change your return e-mail address to that of a spammer that appears in your /etc/spammers.txt file (or temporarily enter your own return address in /etc/spammers.txt). Now send yourself another e-mail. This e-mail should be blocked.
  3. Remember to put back your correct return e-mail address.
  4. If your Web server and your internet access service have separate domain names, you must put the domain name of your access service in /etc/relaydomains.txt in order to be able to send e-mail. Be sure to make this entry and test your ability to send e-mail.
  5. There is no easy way to test the /etc/spamdomains.txt file and code. The hard way is to temporarily enter the name of a site you have access to, and e-mail yourself from there. If all is well, this e-mail test will fail. Remember to remove the temporary entry from /etc/spamsites.txt.

The spammer master lists

Here are current copies of the spammer lists from www.arachnoid.com. These are names of sites that have sent one or more unsolicited commercial mailings to www.arachnoid.com or another reputable source for spam site names. You will certainly have to add to these lists as time passes, because well-heeled spammers will simply purchase new domain names to stay ahead of this blocking technique.


Credits

I am indebted to the people at the Sendmail Home Page for their assistance with this code. I would never have gotten it to work correctly without their help (because sendmail uses its own, private language).

   Other anti-spam resources

Here are some other Internet sites that are involved in this issue:

These Pages Created and Maintained using   Arachnophilia.


Main Page