Re: Spam loads (was Re: How to post to linux.debian.user)
On Wed, 03 Dec 2003 14:20:18 +0100, "Karsten M. Self"
>on Tue, Dec 02, 2003 at 10:02:20PM -0600, Scott C. Linnenbringer
>> On Tue, Dec 02, 2003, at 17:53 -0700, Dr. MacQuigg wrote:
>> > P.S. The requirement to use a real email address in this public
>> > mailing list is a big problem.
>Not strictly required, but encouraged.
>> I, myself, use virus filters for procmail which work excellently. :)
>For those of us dealing with Swen to the tune of 300-600 MiB daily of
>mail over dialup, the situation's rather less friendly. I've got very
>effective filters. And there are now some specialized tools for dealing
>with Swen. However, these will be of limited use the _next_ time a
>mass-mailing, heavy-payload worm propogates. Particularly if it uses a
>wider range of subject/from headers, and/or has differently-sized
>payloads. Swen was pretty easy to spot at 144 KiB + a fixed set of
>addresses and subject tokens.
>While more ISPs are offering mail filtering, most have pretty broken
>tools. SMTP-time rejection + teergrubing is highly preferred.
>Newcomers to the 'Net have some very serious issues to deal with.
Both of my ISPs are filtering Swen ( at my request, since other users were
not has heavily affected ). My spam load has been about 20 per day,
including 2 or 3 Swen that manage to get past the filters. I can delete
these in a few minutes, so I haven't felt the need yet to research spam
In the last two days, my load has increased to about 100 per day, mostly
Swen, all using the email address which I posted to this group, which has
gotten only a few Swen in the past. The interesting thing about the new
load is that instead of just the message text and a note that the
attachment was deleted, these are arriving with the payload intact, which
triggers my Norton AV and causes an annoying interruption. They come in
batches, so I have to spend a couple of minutes dealing with repeated
alarms from Norton. I can't just ignore these, or my email program stalls.
From now on, I will be much more careful in newsgroups, and use only a