unsolicited emails -- what to do?

[Albert Lunde]

>> <fingers-crossed> I haven't had this problem, yet, and hopefully won't on
>> our library web site.  If it does happen to me, I'll just nuke the
>> messages, but if a large number come from one address, I'd take the time
>> to contact the postmaster at the offender's ISP.

I make a point about complaining about every spam I receive, but it looks
to me like the bulk of unsolicited mass mailings comes from at least
semi-commercial operators who are sophisticated in evading complaints. The
return address is often invalid, and they are either using temporary
accounts in a hit-and-run manner or have the support of one of the minority
of ISPs/domains who seem to harbor spammers (i.e. agis.net or cyberpromo).

In these cases complaining to the actual or apparent source system does no
good.

I usually do a traceroute on the IP address that sent the message to our
SMTP server and complain with a form letter to "postmaste" or "abuse" at
the next one or two domains named on the traceroute. This may help trace
the hit and run spams, I doubt it helps with the more established sources
of junk mail.

I'm lucky that the two web servers I manage are not major mail hubs: I'm
running sendmail under inetd+tcp_wrappers, which lets me refuse connections
from selected domains (not very efficent but easier for me to deal with
than some other approaches).

A next line of defense is mail filters. (i.e. Unix procmail, elm filter
or Eudora Pro on Mac or PC)

Some people have had some success with first filtering out all the lists
they subscribe to, then filtering mail that does not contain any of their
addresses in the headers to a junk mail folder. This won't help with
"personalized" junk mail, but it has some merit to reduce the volume in a
generic way.


---
    Albert Lunde                      Albert-Lunde at nwu.edu