Geekblok

Spamcop isn’t a new or web2.0′ish website, but I’m always amazed that a lot of geeks haven’t heard of it before, so I decided to post a little something on Spamcop and how to effectively set it up with mutt (yeah, that geeky mail client).

Spamcop is a website that can help you report spam. Simply forward/bounce emails to a special mail address. After they have received the message, their software will determine where the email came from and who should be contacted. You can simply look through their “investigation” and if all is ok, report the spam. Why should you do this, instead of simply ignoring spam? The main reason, of course, is to get spammers disconnected from whatever source they’re using. But besides that, Spamcop is running a rather popular DNSBL (DNS BlackBlock List). This may even be used by your mail provider!

Tracing headers and finding out the source of the spam can be rather dull work, especially if you receive a lot of spam mails. So why not outsource that process to Spamcop? The beauty is that they also trace the spamvertized URLs and the responsible people for that will also be included in the report.

To make it as easy as possible, I’ve used some macros in mutt. First of all, sign up with Spamcop to get your submit mail address. Then grab the perl script and put it anywhere on your system (put the submit mail address in there). After that, simply add this line to your “.muttrc”:
macro index 'S' "<tag-prefix><pipe-entry>/path/reporter.pl\n<tag-prefix><delete-message>"

Now, when you receive a spam message, simply select it in mutt and press SHIFT + ‘S’. The message will be forwarded to Spamcop and you’ll delete it straight away. When Spamcop finishes processing the mail, they’ll inform you by mail and give you a link with all the details. Go there (or use WWW::Mechanize::SpamCop what I personally do not recommend) and check the results. If you’re happy with the results, submit the form and you’re done. You’ve just helped the world to become a better, spam-free place.

Do you, in any way, already contribute to spam-fighting?

Email address validation can be rather tricky. RFC822 gives you some pointers, but to validate an address is still pretty darn hard. In Perl, there’s the module Email::Valid to help you, which does a rather good job, but look at the source for the regexp!

Today I came across a new website called spam-proof-email-generator. Of course I threw in a query that’s bugging quite a lot of parsers: my+address@mailserver.somedomain.co.uk. Most of such JavaScript “checks” hang on the plus sign (which is perfectly valid, and quite useful!) and the subdomain part. And yep, this website tells me the address in invalid. Strange, for you’d expect a site designed for handling email addresses to be a bit more careful!

So let’s look at their technique. Their validation is merely done on the client side (JavaScript). The code is childishly simplistic though. This regexp will determine whether your address is valid or not (broken down into two lines): /^[a-zA-Z][\w\_\.-]*[a-zA-Z0-9]@[a-zA-Z0-9][\w\.-]* [a-zA-Z0-9]\.[a-zA-Z][a-zA-Z\.]*[a-zA-Z]$/;

But when you disable JavaScript, you can bypass this simple check and insert any string you like, as you can see here:

So, yeah, rather a useless service. Why not create your own image with GIMP/Photoshop, use JavaScript to display the address or use something like user [at] domain [dot] com?

Today I received one of those emails again:

Subject: **Message you sent blocked by our bulk email filter**<br /> Body: Your message to: &lt;h.bokking@some-domain.dom&gt;<br /> was blocked by our Spam Firewall.<br /> The email you sent with the following subject has NOT BEEN DELIVERED:<br /> Subject: October 70% OFF

Well… thanks but no thanks, postmaster at edutel.nl!

I can very well understand the message was denied by their “Barracuda Spam Firewall” : the message originated from Russia and the V-pills-word was included in the “From”-header, two reasons enough to mark a message as spam. But I was never the actual sender of that message, since the “From” was forged…

This is a common technique used by spammers, but to overcome this one should never ever BOUNCE spam!! There’s even a whole page dedicated to “Why you shouldn’t bounce spam and viruses“, explaining why it’s better to REJECT these kind of emails. A must-read for every so called postmaster!

I myself don’t reject, but DISCARD all spam-messages identified by SpamAssassin / amavisd-new into a separate folder for further analysis, so it gives me the opportunity to make some tweaks to the spam-filter itself.