Do spammers find pleasure in destroying fun stuff?
Recently, while reading through the log file of the mail relay used by tempalias, I noticed a disturbing trend: Apparently, SPAM was being sent through tempalias.
I've seen various behaviours. One was to strangely create an alias per second to the same target and then delivering email there.
While I completely fail to understand this scheme, the other one was even more disturbing: Bots were registering {max-usage: 1, days: null} aliases and then sending one mail to them - probably to get around RBL checks they'd hit when sending SPAM directly.
Aside of the fact that I do not want to be helping spammers, this also posed a technical issue: node.js head which I was running back when I developed the service tended to leak memory at times forcing me to restart the service here and then.
Now the additional huge load created by the bots forced me to do that way more often than I wanted to. Of course, the old code didn't run on current node any more.
Hence I had to take tempalias down for maintenance.
A quick look at my commits on GitHub will show you what I have done:
- the tempalias SMTP daemon now does RBL checks and immediately disconnects if the connected host is listed.
- the tempalias HTTP daemon also does RBL checks on alias creation, but it doesn't check the various DUL lists as the most likely alias creators are most certainly listed in a DUL
- Per IP, aliases can only be generated every 30 seconds.
This should be some help. In addition, right now, the mail relay is configured to skip sender-checks and sa-exim scans (Spam Assassin on SMTP time as to reject spam before even accepting it into the system) for hosts where relaying is allowed. I intend to change that so that sa-exim and sender verify is done regardless if the connecting host is the tempalias proxy.
Looking at the mail log, I've seen the spam count drop to near-zero, so I'm happy, but I know that this is just a temporary victory. Spammers will find ways around the current protection and I'll have to think of something else (I do have some options, but I don't want to pre-announce them here for obvious reasons).
On a more happy note: During maintenance I also fixed a few issues with the Bookmarklet which should now do a better job at not coloring all text fields green eventually and at using the target site's jQuery if available.
June 28th, 2010 - 22:05
Das Dumme an so Geschichten ist leider, dass man die Verursacher meist nicht erwischt und somit nichts gegen sie veranlassen kann.
Ich bin aber zuversichtlich, dass du einen Schutz gegen solche Attacken findest.
June 29th, 2010 - 16:10
As people have debated the definition of “social software”, the only one I’ve liked has been “Social software is stuff that gets spammed”.
You’ve built a great service. Spammers are the tragedy of the commons personified. I’m sorry you have to deal with them, but please do keep kicking their asses.
June 29th, 2010 - 16:17
The problem isn’t as much stopping them as it is trying to stop them in a way that doesn’t destroy the unique “selling” point of tempalias which is its simplicity.
I don’t want you to have to solve a captcha.
I don’t want you to have to confirm each alias generation by clicking a link in an email
I certainly don’t want you to have to create an account.
So this is where the real difficulty lies. Now with the RBL checks, using tempalias to send your spam just lost its appeal as now there’s no advantage in using tempalias over delivering the message directly. I hope this helps at keeping the spam amount lower.
Also I’ve reconfigured the smarthost: Up until now it trusted all hosts it was configured to relay mail for. Now it doesn’t in tempaliases case. This means that it now does sender verification, PTR lookups and sa-exim to run spam assassin at connection time. This should further reduce the incentive.
Actually, while it certainly is a frustrating problem to have, it’s also an interesting one, so I’m half-happy to have to solve this.
July 21st, 2010 - 18:59
Same reason took down the Trashmail.Net and made them decide to take off the free service. I hate sapm!