An example of why I hate the web

[H. S. Teoh]

On Tue, Mar 03, 2020 at 09:29:11PM +0000, sarn via Digitalmars-d wrote:
[...]
> Spam isn't as much of a problem as I expected.  I've had about two
> outright spam emails in nearly five years on my main server.

You're lucky.  I have a couple of public-facing email addresses, mainly
from open source contributions, and over the years those addresses have
ended up on countless spamlists.  Now I regularly get hundreds of spams
a day.  Fortunately, I hardly actually see any of them, because I have 4
layers of spam filters: SpamAssassin + Bogofilter on my mailserver, and
another SpamAssassin + Bogofilter on my local mailserver.

They are actually not completely redundant, because the SA + BF on the
mailserver is trained on spams that are received directly, whereas the
local filters are trained on the remnant of spam that makes it past the
first two layers, so they catch what the first two layers failed to
catch.  Spams with a high enough cumulative score get blackholed; spams
with iffy scores are saved in a spambox that I clean out every couple o'
months or so.  Over the years, there have been very few false positives,
so I've been reducing the minimum score. Now I hardly see any spam out
of what must be hundreds impinging my mailserver every day. When they do
show up, it tends to be very few and easy to just delete and forget.


> Most spam I get is from people who get my business card and
> "helpfully" sign me up to their newsletters, or people emailing me
> because of my blog and asking me to link to unrelated websites they
> have.  Stuff that I'd get with a bigger service, anyway, and is easy
> to deal with.  I guess it's just not economical to spam some nerd's
> private mailserver with ads.

Most of the spam I get is actually not ads (which I hardly get much of,
'cos I generally don't give out real email addresses for stuff unless
it's actually something I care about), but scams (mainly the Nigerian
419 variety), phishing attempts, and malware attachments.

One thing I've learned over the years is that spammers don't actually
care about their target audience (what a concept! :-P); their goal is to
hit as many email addresses as possible to increase the response rate up
to the profitable level. For this purpose, they purchase spamlists on
the black market, and acquire a botnet or two to spam every email on
those lists indiscriminately. Basically, a wide scattershot in the hope
that something would stick.  Sad to say, given the reported email scam
incident counts on various sources, something *does* stick.  When they
have millions of addresses on their lists, all it takes is for 0.01% to
respond and they've already made their profit margin.

And most people don't realize that the absolute worst thing to do is to
reply to spams in any way, even if it's to yell abuse at them, or to
click on so-called "unsubscribe" buttons: many unsubscribe buttons are
fake; all they do is to flag your email address as "valid" and post it
to 50 other spamlists. Replying has the same effect. As with internet
trolls, the best response is not to play.


> Reliability is a more important problem.  Email's pretty robust thanks
> to mail queues and retries, so a mailserver doesn't need to be up
> 24/7, but the fact is if it goes down it stays down until you fix it.
> It's rare but can happen at a bad time.  I pay an uptime service to
> alert me if my mailserver goes down (same as everything else I run).

The only time my mailserver goes down is either the VPS died, or I
screwed up a mailserver upgrade. The latter is pretty obvious, and can
be fixed right away.  The former involves an email to tech support, and
generally things come back up within a reasonable amount of time.


T

-- 
We've all heard that a million monkeys banging on a million typewriters will eventually reproduce the entire works of Shakespeare.  Now, thanks to the Internet, we know this is not true. -- Robert Wilensk