Doug's musings
<< Faux jazz 2004 > September Something Soft >>

Boy, does spam bounce ::

It was maybe around a year ago that I began getting an occasional email bounce message, due to a spammer having forged my address as the return. I remember being upset at first but then I got used to it; there weren’t that many bounces, and if spammers have databases of hundreds of millions of email addresses, and don’t want to get their own bounces, then they can use some of those addresses for return addresses.

But about a month ago I began getting a steady stream of these bounced messages. Not just one or dozen; 1000 in a few days. And they were all promoting the same warez sites (hosted in China and Brazil and I could tell you a few more things about them), sent from zombie PCs; no way to track down the sender. Even their domain registrations look forged.

I think at this point a normal human being would have thrown up his hands and changed his email address—my younger brother did, with far less of an inundation of unwanted mail. But, no, I am stubborn! I spent my Sunday evening learning about esoteric details of Exim and procmail, digging into the stuff that makes a friend who runs her own email server feel like she doesn’t want to anymore.

More than once I unwittingly bypassed Spam Assassin, and the rules that send mail addressed to anything outside a handful of names at this domain off to /dev/null. It was as if a main sewer line had burst; a torrent of spam began scrolling by in my logs.

I was becoming intimate with what happens inside a typical mail server—it’s constantly reading and rereading files as it decides whether a message is spam and who to send it on to. It’s running line after line of Perl, an interpreted language. I imagined the racks full of servers like the one that hosts this domain and hundreds of others, all constantly receiving a giant river of email, transforming it into bits on hard disks and heat dissipated from Pentiums in giant air-conditioned data centers. Imagine all that heat!

And there are those who don’t believe in global warming!

My new mail filter reports that in the last half hour, I have received 5 forged bounces, and 4 spams—none of which will appear in my In box.

(23:30) Hah, today the domain registrar pulled the plug on the DNS of the new domain the spammers registered on Friday. All the ones they’ve used over the last few weeks are all inactive too.

(23:38) Spoke too soon, just got the first bounce messages of spams promoting a new domain. Now they’re using a registrar in France. Interesting, the street address changes every time you do a whois!

Mon, 13 Sep 2004, 10:39 PM PDT
<< Faux jazz 2004 > September Something Soft >>