This is the archive site for the pioneering blog CamWorld.com, which is no longer maintained.
Cameron Barrett's personal site can now be found at cameron.barrett.org and his professional site can be found at cameronbarrett.com.

May 19, 2004

Latest Stats on Spam

A few weeks ago a spammer decided to start doing a dictionary attack against my domain name, and neither my SpamAssassin or procmail configurations were set up to handle it. This resulted in my INBOX being flooded with hundreds upon hundreds of identical pieces of spam sent to non-existant usernames @camworld.org. I finally updated my .procmailrc file with the following simple recipe (thanks, Jascha):

:0
* !^To: username@example.com
* !^To: username2@example.com
* !^To: mailing-list-name@example.com
* !^To: mailing-list-name2@example.com
* !^To: FirstName LastName
$HOME/mail/caughtspam

Of course, my list is actually longer than this, but you get the idea. This allows only email that has a match in the To: field to be written to my INBOX folder. Everything else gets sent to a Pine mailbox called 'caughtspam'. Every month or so I download this file, rename it with a datestamp, and then save it. To give you an idea of how much spam I've been getting, here are the statistics for the caughtspam files I have saved (Sep03-Feb04 caughtspam files are on a CD somewhere, I'll dig 'em up):

Date Span Size of File Number of Spam
05/13/03-06/14/03 79,358,680 11,490
06/15/03-07/01/03 52,246,804 6,806
07/02/03-07/28/03 79,159,458 12,400
07/29/03-08/28/03 75,674,141 10,050
02/13/04-04/26/04 160,673,603 30,907
04/26/04-05/18/04 118,367,435 27,667

Posted by Cameron Barrett at May 19, 2004 02:03 PM
Comments

hello:

i just read about your ordeal some years back. the same thing happened to me a month or so ago. everyone is calling me a psychotic who needs help because of this article titled "pulp fiction":
http://www.houtsonpress.com

i would love to talk more to you about this.

sincerely,
will.


Posted by: will at May 21, 2004 08:18 AM

Cam: Thanks for this -- the same thing started happening to me a few weeks ago so I have been diving into the world of procmail. Unfortunately for spam-fighting purposes I gave out different e-mail addresses to every site I've ever registered with (amazon@example.com etc etc) so my exceptions list is going to take a long time to compile. Argh. For now I'm relying heavily on SpamAssassin but it's not good enough.
I'm also on pair - coincidence?
dg


Posted by: David at June 2, 2004 03:47 PM

Do you use sendmail for your MTA on your mail server? This sort of thing is easily remedied by a quick fix to the virtusertable. I'd be glad to show you how.


Posted by: Brian at June 17, 2004 11:49 AM