fa6 [07] WHAT CAN I DO WITH SPAM MAIL? WHAT IS NOSPAM? WHAT IS SPAMKILL? SDF has a simple filtering tool that you can use called 'nospam'. Its very simple to run and it catches 95% of the possible spam and virii you might receive. Rather than just tossing this questionable email, it is stored in seperate files which you can be notified by using 'nospam -c' if you've received new spam. usage: nospam -e (enable nospam) nospam -d (disable nospam) nospam -c (check for new spam) nospam -l (list blocked spam friendly servers) nospam -r (same as above, but resolve to host names) Another way to deal with spam is to join the VPM membership and create a 'public' or multiple 'public' aliases pointed to your 'private' email address. With VPM you can have an unlimited (within reason) number of aliases pointed to your 'private' email address. You can use these for software registration, mailing lists or other places where you need a REAL email address, but you don't necessarily want to give out your 'private' email address. If one of your 'public' email addresses appears to have made a spam list, you can just toggle the alias with the 'mkvpm' command. For more information on VPM, check out FAQ answer 06 in . A good rule of thumb is: * never give your email address to a stranger. * when posting on public forums such as html bbses or USENET, convolude your email address so that 'email harvesters' don't grab your address to be sold on the next '100 million fresh email addresses' CDROM. * warn your friends about the dangers of using MS outlook and other poorly written 'email clients' (Your friends can unknowingly give away your email address to strangers or send you malicious attachments!) * tell people who write you to never send you email as HTML and never send you an attachment without prior warning So what is SPAMKILL? spamkill is a system daemon that runs on SDF and monitors logfiles for suspicious activity. Its checks for hosts that repeatedly violate the SMTP RFC. Hosts that violate the RFC are considered spam friendly and can quite possibly be exploited open relays. The first thing spamkill does once it identifies as server as a potential spam friendly host, is to write an SMTP REJECT rule against the host so that subsequent incoming messages will be sent back to their senders (in most cases the sender doesn't even exist!), the connection is logged and kept in a permanent history for that host and in extreme cases, a firewall rule is written to prevent a flood of messages from potentially coming in What this does is allow the host sometime to take care of their spam situation (if they actually care to do so). The maximum amount of time that can pass is 60 days. Once a week, SDF will collect information on all blocked hosts and contact the site administrations of both the site and the upstream providers and network managers of the site. The message is very polite and explains what has happened and provides the logfile messages as evidence to help the site admins track down their spammer and take action. Once this has been done, then the host's ban can be lifted and mail can again flow in from that host. This is an optimistic view and definately a rare case. In most cases, the hosts spamkill identifies are hosts that WANT to send spam. Those hosts most likely would not even have validate contact information available, and if they did, they would probably just ignore us. If you want to see a list as well as logs for hosts that SDF has identified, go to http://sdf.lonestar.org under 'legal' under 'abuse' and click on 'known open relays'. The list is dynamically updated every 2 hours. The logged 'bad' messages are permanently stored. 0