Drowning in a deluge of spam

I’m sure everyone knows that email spam is a growing problem and that there’s not a great deal we can do to stop it entirely – initiatives like SenderID can help reduce the volume an organisation receives, and by using smart sender and recipient filtering* and connection filtering to drop inbound connections from known spammers or IP addresses that have been dynamically assigned, you can reduce things still further.

* The basic problem here is that by definition, mail arriving from the internet is anonymous. If you’ve ever looked at an SMTP conversation between two servers, you’ll see they’re just a bunch of clear-text commands, with the sending server saying “Hello“, then “I’ve got mail from <…>” and “it’s going to <…>” and followed by the body of the message. There’s nothing to stop anyone sending mail “From:” any address they choose… and anti-spoofing/anti-spam technology has to try to play catch up by filtering out the cases which don’t look legitimate, as well as by filtering content which appears dodgy.

At Microsoft, for example, our IT group filters any email which is coming from the outside and claiming to be “From:” any @microsoft.com address. The thinking is, there is no valid case where anything will ever traverse the internet legitimately coming from a Microsoft address, and enter the Microsoft network from outside via SMTP. So – if you’re a spammer trying to mail into Microsoft and pretending to be Bill, don’t bother. Your email will be “dropped on the floor”.

My own problem is that I have a personal email address which has been the same for about 13 years, and I was generally very careful about giving it out (registering on websites etc), but in recent years have relaxed my policy since the junk mail filters in Hotmail/MSN/Windows Live are generally pretty good and I got very little spam.

Now, some *&”%#!^ spammer has started spoofing mail from my address, and as a result I get a vast number of Non-Delivery Reports, Out of Office messages or notifications that my message has been junked since it looks too spammy. We’re talking anything up to 1,000 messages a day, which Hotmail manages to categorise as unwanted and sticks in my Junk folder, and maybe 50 or 60 that make it through to the inbox.

I’m sorry if you’ve ever had spam from my address – believe me, I don’t want to sell you Meds, offer you cheap replica watches, or present a solution for lengthening any anatomical components. Really, I’m quite happy working in IT.

I can’t think of what to do. I really don’t want to close the account since it’s a very short & sharp email address, and I use it for lots of legitimate non-work related things. I can’t stop someone pretending to be me, so I’m destined to be spending ages cleaning up my mailbox every week until the spammer gets bored and picks on some other address to spoof instead.

Unless anyone else knows different? Let me know if you have any suggestions which might stop the spammer and yet not cripple my own email address…

Leave a Reply

Your email address will not be published. Required fields are marked *