Yesterday, I hit my limit. I’d finally had just way way way too too too much much much spam.
A few months ago, I started using PopFile to filter my mail, as sorting through my inbox had become way too cumbersome. (I must have a high tolerance for spam to begin with, for at that point I was probably getting about 150 spams per day.)
But as of yesterday, spam accounted for about 75% of my messages — around 400 per day. As a result, even a super-quick scan of the “from” and “subject” fields in PopFile (in increments of 100 messages per page) in order to catch the inevitable occasional error was becoming way too cumbersome. Downloading mail while travelling via dialup took forever. It was time to do something server-side. Since I run my own mail and web server, I had options… and much work to do.
So yesterday, I spent hours trying to get a few of the friendlier DNS-based blockers to work with sendmail, based upon recommendations from sysadmins on Politech. (Politech is an excellent list on the intersection of politics, culture, and technology run by Declan McCullagh.) As it turned out, the setup was fine; the recommended test was what was broken.
Unfortunately, that solution didn’t seem to block all that much spam. More drastic and time-consuming measures were needed. So today, instead of working on philosophy (like I was supposed to), I implemented some further anti-spam measures.
One fairly easy change to make was to the e-mail address listed in my internic registrations. The old address ([email protected]) attracted a fair amount of spam. So I created a new alias for those registrations, changed my account information with my registrar, and eliminated the old alias. I expect that I’ll have to change that address periodically.
A more cumbersome change was eliminating my auxiliary [email protected] e-mail addresses in favor of just my dianahsieh.com address. Basically, one common problem is that I often get multiple copies of the same spam within a short time period, one to [email protected], another to [email protected], another to [email protected], and so on. So I changed all of my web sites to list only my dianahsieh.com address (in a de-spamified format, of course)… and then set up my virtual user table to reject all the other addresses as “user unknown.” (I did e-mail the dozen or so people still using my brickell.net address.)
Basically, that’s about as much as I can reasonably do at the moment. There’s one more spam-attracting address I might want to change. And I should google for other suggestions from sysadmins. But I want to see how effective these changes are… and for that I need a few days to track the effect. But sadly, I don’t expect to be able to cut my spam down to less than 100 messages per day — at least not while still letting all my real mail through.
In closing, I should mention that after grappling with spam in my own small way on my own small server, I see now what a massive problem it is for real sysadmins. Before, I knew that the problem was big, but I thought the anti-spam tools were more effective and reliable than they are. Now I know better. Spam is a huge drain upon computing and human resources — one that requires a technical rather than legal solution. But I don’t see one forthcoming any time soon.
