[TCLUG] abuse@hotmail = joke@dumbass.com

Sat Aug 18 13:23:52 CDT 2001

In part, Bob Tanner wrote:
> 
> What does he tell me? The message all have forged headers. Oh, boy. Like I
> cannot read an SMTP header to see that it's -not- forged. Damn! I just want to
> black-hole all of hotmail.com.
> 

So what's stopping you?  Oh yeah... your customers, some of whom
have secondary hotmail accounts or correspond with people who do.

Unlike smail mail, where the person sending the mail is free to
determine what class of delivery each piece should get, E-mail
basically doesn't have any class structure... or at least, one that
works ("Precedence:" headers clearly don't work as intended).

Snail mail requires the sender to pay for the delivery.  E-mail does
not.  If anything, the recipient of E-mail is the one having to pay,
if only for storage before deletion and the time consuming act of
deletion itself.

In the end, until some sort of cost structure borne by the sender is
introduced for E-mail -- and I'm not necessarily talking just money
here, E-mail systems will remain fertile ground for any number of
spammers.

So, instead of just dumping E-mail from hotmail.com into the bit
bucket, why not change the paradigm a tad?

1- Identify a list of E-mail hosts sending you spam.

2- Refuse to accept delivery for every E-mail from your list of "bad
   hosts" for 24-48 hours (i.e.: the sender's /var/log/mailog will
   fill up with messages like "stat=Deferred: Connection refused by
   <yourhost>", while at the same time, their outgoing mail spool
   files fill up, too ;-).  Once you accept the E-mail for delivery,
   run it through a filter that tags it with a header line like:
      X-spam-proofer: Delivered by <localhost> as second class E-mail

Note that _all_ E-mail ends up being delivered... However some E-mail
gets delivered faster than others.

And gosh, who knows?  In order to save disk space, some spammers
might even cleanse their outgoing spool files occasionally for
messages that can't be delivered quickly... thereby preventing that
spam from ever hitting your site.

On the customer education side, explain what the "X-spam-proofer:"
header line means, and let your customers decide rather or not to
dump any give E-mail.

Heck, you could probably generate some extra revenue by making this
whole thing a fee-based optional service.