12Wonder
October 11th, 2005, 04:59 AM
Folks, I am not a happy camper. I just spent 9+ hours cleaning up a royal mess on max server.
One of our customers decided to "fight" spam by discontinuing use of an email address in his hosting account. No problem there -- except he did not blackhole his primary "catchall" email account (http://forums.12wonderhosting.com/index.php?act=ST&f=10&t=94), nor did he ever bother to check or delete email in either his catchall or his old spammed email account again. So of course he continued to get spam at the old email address.
Eventually the account ran out of space because of all the unread mail, so mails started bouncing back to senders. Senders' emails continued re-attempting to send the bounced mails, which just created more bounces.
Meanwhile - and here's the major problem, the customer had an auto responder set up for the old email address. I won't quote it exactly for privacy reasons. But it went something like this:
"This email has been sent in response to excessive spam. If you have received this message in error, please resend to [email address withheld]. Otherwise, please remove this email address from your list."
Oy.
People, this sort of thing is the same as saying, "Here, spammer, spammer!! YES, this is a working email address! Please send more spam! Here's my new address to send spam to!"
What happened was inevitable. Spam increased exponentially. Literally thousands of emails choking up the mail queue on that server. Because the customer's account was so overloaded with email that it could not accept any more, this resulted in an endless loop of bounces, bounces-to-bounces, auto-responses, bounces in response to the auto-responders, auto-responders in respose to the bounces ... you get the idea.
Poor max was having fits. Email delivery slowed down for everyone on the server because the mail queue was so overloaded. Although we technically have the option of deleting everything from the mail queue in one fell swoop, this would not have been a great idea because there were other mails in there for other customers' accounts, just sitting there waiting to be sent or delivered. Therefore my fun task of the day was to go on a search & destroy mission through each and every mail in the queue, and find then delete the ones associated with the problem email address.
Auto responders are fine. But please, if you're not going to use blackhole, don't use autoresponders on a catchall account, or on an email account that you never check. And don't invite more spam by using auto responders to give notice of a new email address. Programs used by spammers can harvest email addresses from just about any sort of text, whether in a web site or an email. Worse, an auto responder in response to spam just tells the spammer they've got a live one. The next thing you know, you're on millions of spam lists - way more than you were before. An auto responder to a spammer is just as effective as clicking "unsubscribe" on a spam -- which you ought to know by now does not unsubscribe you, it just tells the spammer this is a working email address which can be sold for profit to millions of other spammers out there.
See Brandon's very helpful post, "Tips for preventing and filtering spam (http://forums.12wonderhosting.com/index.php?act=ST&f=16&t=188)", for what you CAN do to significantly reduce spam, without stressing the server (and your friendly web host ;) ).
Anne
One of our customers decided to "fight" spam by discontinuing use of an email address in his hosting account. No problem there -- except he did not blackhole his primary "catchall" email account (http://forums.12wonderhosting.com/index.php?act=ST&f=10&t=94), nor did he ever bother to check or delete email in either his catchall or his old spammed email account again. So of course he continued to get spam at the old email address.
Eventually the account ran out of space because of all the unread mail, so mails started bouncing back to senders. Senders' emails continued re-attempting to send the bounced mails, which just created more bounces.
Meanwhile - and here's the major problem, the customer had an auto responder set up for the old email address. I won't quote it exactly for privacy reasons. But it went something like this:
"This email has been sent in response to excessive spam. If you have received this message in error, please resend to [email address withheld]. Otherwise, please remove this email address from your list."
Oy.
People, this sort of thing is the same as saying, "Here, spammer, spammer!! YES, this is a working email address! Please send more spam! Here's my new address to send spam to!"
What happened was inevitable. Spam increased exponentially. Literally thousands of emails choking up the mail queue on that server. Because the customer's account was so overloaded with email that it could not accept any more, this resulted in an endless loop of bounces, bounces-to-bounces, auto-responses, bounces in response to the auto-responders, auto-responders in respose to the bounces ... you get the idea.
Poor max was having fits. Email delivery slowed down for everyone on the server because the mail queue was so overloaded. Although we technically have the option of deleting everything from the mail queue in one fell swoop, this would not have been a great idea because there were other mails in there for other customers' accounts, just sitting there waiting to be sent or delivered. Therefore my fun task of the day was to go on a search & destroy mission through each and every mail in the queue, and find then delete the ones associated with the problem email address.
Auto responders are fine. But please, if you're not going to use blackhole, don't use autoresponders on a catchall account, or on an email account that you never check. And don't invite more spam by using auto responders to give notice of a new email address. Programs used by spammers can harvest email addresses from just about any sort of text, whether in a web site or an email. Worse, an auto responder in response to spam just tells the spammer they've got a live one. The next thing you know, you're on millions of spam lists - way more than you were before. An auto responder to a spammer is just as effective as clicking "unsubscribe" on a spam -- which you ought to know by now does not unsubscribe you, it just tells the spammer this is a working email address which can be sold for profit to millions of other spammers out there.
See Brandon's very helpful post, "Tips for preventing and filtering spam (http://forums.12wonderhosting.com/index.php?act=ST&f=16&t=188)", for what you CAN do to significantly reduce spam, without stressing the server (and your friendly web host ;) ).
Anne