:: RootR ::  Hosting Order Map Login   Secure Inter-Network Operations  

Eradicating spam

Spams are unsolicited emails that often annoy users. It is well-known that spamers use automated tools. Those senders are lost in a land of confusion. Real common causes of spam are: a poor understanding of real-world business, despair, and pathological craving for attention. 'commercial unsolicited email' is a sub-set of spam. Seldom spamers admit they are one, as they efficient in lying to themselves and others, as a habit.

Spamers seldom harm intentionally, but that is not a reason to let them go do. The best way to help them out of their delusion, is mostly by protecting ourselve.

Rootroute accounts filter out many of obvious spam by default. However other spam pass through, and users have choice of action.

1) Preventing generic spam:
Many users choose to have a wildcard email address for a domain. Althoutgh this is often convenient to receive any possible email, spamers often use this knowledge to easily pass througth common filters. so removing a wildcard email address is effective in removing some spam. if you have a domain-wide wildcard email, you can do the following:
  1. Make a list of the email aliases you need to keep. for example info@example.com goes to john@example.com, sales@example.com goes to sylvia@example.com. etc. Ask support to remove the wildcard, along with the list of aliases you keep active. you may want to include common mispellings.
  2. Once the wildcard is removed, only valid user's email addresses and aliases will receive email. everything else will be bounced.
  3. This action effectively cut spam. Of course not all of it, but an amount significant enough to be worth the effort.

2) More on wildcard addresses
Wildcard email addresses can be very convenient. and for this reason, many Rootroute customers use it.
But also wildcards are an open gate to spammers, since they very often try their luck by guessing wildly any possible addresses, automatically. Spam quacks like this technique because they can advertise "buy our 10 thousand zillions emails list". The bigger they swell the list, the more they can sell it to some deluded preys. Thus, wildcard addresses makes their craving to swell wild-cardly... Their preys have not realized yet that the only money spam can make, is to sell this kind of list to apprentice spamers. It is in everybody's interest to cut those vicious circles by any possibly mean. However we leave the actual decision about your own domains to you. How to deal with it is also a matter of taste.

3) Filtering more spam:
All Rootroute accounts have a number of tools to filter emails, such as procmail, perl, and others. You can also pipe all incoming email via a filter of your own coding. If you are uncertain of what some filter does, just ask support@rootr.net.

4) Reporting serious spamers:
If you receive a continuous flow of identical emails, you should notify mail-abuse@rootr.net with a description. We want to know especially about such cases. It may be a dozen identical emails in a day, or sometime much more. But, it can also be one single email received every day, always the same. You can also report to us less serious spammers. If you are annoyed, it's a reason good enough to report something, even if it may not be that serious.

5) Preventing web robots to harvest email addresses:
Many spam robots "harvest" addresses by scanning web sites. that's why you may get spam to known email address if they are listed on the site. A common way of dealing with this is to give out only pseudo form of email addresses, such as jon (at) example.com. However this can be incovenient to online users, especially if they are not too technical. We recommend another technique: use the @ html entity in your html code, for example the following:

<a href=mailto:sales&#64;example.com>sales&#64;example.com</a>.

this appears as expected: sales@example.com
and works fine when viewed and clicked, at the same time, it make it harder for robots to harvest. There are other similar technique, more complex. This one is straight and effective enough. Also robots should know that such email are not mean to be scanned, but only to be used by non-spaming humans. The '#64' is the ascii code for the @ character.


6) Forwarding spam for analysis:
Rootroute has an email where you can forward spam email: spam@rootr.net. when forwarding, make sure to include the complete headers, otherwise, this is useless.
If you use other mail program and are not sure how to send full headers, ask us at support@rootr.net, we will add it here.
Bouncing the email to spam@rootr.net is fine, because bounces contains the full headers.
Any email forwarded there is stored in a database that engineers can use to perform analysis. This is an automated system, so you should not send ordinary mail to this address.

7) Does Rootroute filters spams by default ?
Yes. Rootroute uses special databases such as blacklists, dialup lists, and some filtering system of our own. such spams don't even reach email accounts with us, they get eradicated early in the system. Additionally we monitor emerging tools to filter spam, with a special interest in open-source mail precision tools.
However, whenever there is the possibility that an email may not be a spam, we let it through and let you decide.

8) How to know for sure to which address an email is sent ?
Many spamers use fake smtp envelopes to reach targets. One way to know to whom they send exactly is in the first 'Received: from ...' header. It can be seen when viewing full headers, typically in the line "for <xyz@example.com>; ...some date..." of the 'Received:' header. If they are several 'Received:' headers, the 1st only counts, that is, the one nearer the top.

9) Non-spam email problems
Spam is not the only email problem you may encounter, even if it is by far the most common annoyance. Other problems such as email bombing, threats, email forging and impersonation are more rare. If they do happen, your duty is to email us at abuse@rootr.net. An engineer will pre-analyse it. For threats and similar abuses, we may cooperate and forward the case to the appropriate enforcement entity, regardless of the country. Mail bombs and forging from a static ip are candidates to be blacklisted out from Rootroute network entirely, and sometime from other ISPs as well.

Note: Rootroute prefers hearing about non-important minor cases, rather than missing potential important information. How important it can be is seldom obvious at first sight. For this reason, if you are in doubt about if it's worth reporting or not, you should report to us.


 
::  Contact   ::   ©2017  RootRoute ::  


taintator@RootR.net