Archive

Archive for the ‘Mails’ Category

Facts, hacks and attacks from my life as a web application developer

April 25th, 2012 No comments

How to not get caught in spam filters

Reliably sending email without getting caught in spam filters is a full-time job, for someone. Surely not for an end-user, but for every end-user email, there is an administrator somewhere who has to deal with daily occurrences of some user message not getting through because it got stuck in a spam filter on the other end.

At the enterprise level, this could easily be several people’s full-time jobs. Spam filtering is constantly evolving. This is partly due to new spam filtering initiatives that require administrators to configure something new, such as SPF or DKIM. A few years ago, SPF didn’t exist. Now, anyone who sends lots of email virtually has to implement it. It’s also partly due to other administrators; sometimes you just have to get on the phone with the recipient’s admin to figure out what’s going wrong.

This guide is not for those enterprise admins. It’s for the hapless developers pressed into Postfix config duty for a small start-up, or for the first time admin just getting into outbound mail. What follows is a quick and dirty guide to making sure 99% of your email is delivered.

Make sure you’re not on a DNS blacklist (aka RBL: Reverse Blacklist)

By far the most frequently used type of spam filter is the DNS blacklist. There are hundreds of free services out there that keep records of IP addresses they think send a lot of spam. Virtually every spam filtering product on the market comes pre-configured to look at a few of these every time they get a new connection. It’s fast due to extremely low over-head (DNS scales, baby), and relatively accurate.

You will need to know what IP you’re sending from. You can check many blacklists at once via various different sites.

If you are on a blacklist, you might be wondering how to get off it, and how you got on in the first place. Unfortunately, there is no single answer. Each blacklist has its own criteria for who it lists, and has its own process for removal. Indeed, many lists don’t allow removal at all. It’s the wild-west out there. If you find yourself unable to be removed from a popular blacklist, you may have no choice but to buy another IP address. Just make sure it’s clean first!

Some people think blacklists are the devil. If you have ever found yourself at the mercy of a popular, but totally non-responsive blacklist, you might agree. But in general, the problem is that some administrators outright block email that matches a single blacklist. If you’re an inbound admin, don’t do that! You want to weigh many factors, and multiple blacklists, before you decide to reject a message. Regardless, they are a reality of the modern Internet you need to just deal with.

Make sure you’re not an open relay

If you want to STAY off blacklists, you at the very least need to make sure you’re not an open relay. Basically, you should not accept and definitely not send out any mail that’s not destined for a domain you actually own. Testing can be done via telnet, or via a web-based tool.

Reverse DNS (aka PTR records)

Another very common check is whether your IP address is named, or unnamed. The idea here is that dynamic IPs, such as those given to home users by their ISP, generally don’t need to have names associated with them. A lot of spam these days comes from zombied home machines.

This is a simple DNS fix. You just need to create an PTR record for that IP address. You can check if your PTR is setup correctly with the following command.

  1. dig -x MY_IP_ADDRESS

MX Records, postmaster, root & abuse

While the standards RFCs don’t require you to receive mail just because you’re sending mail, in reality many anti-spam systems are biased against message from a domain that does not also accept mail. You don’t have to send and receive from the same server(s), but if you’re sending mail from @example.com, it’s a good idea to make sure some real human somewhere is getting any messages sent to [email protected], [email protected] and [email protected].

Postmaster IS strictly required by the RFC. Root is a legacy version of postmaster. Abuse is a relatively new “standard” that many administrators would try first to resolve a spam issue.

Inbound email is a whole other subject. But the basic gist is that you need an MX record for example.com, and it needs to point to a server that can accept mail for example.com. If you don’t have an existing inbound server, or don’t want to run your own, many hosted alternatives exists.

You should explicitly test postmaster, root & abuse manually via your regular email client to make sure they actually work.

HELO, I’m your mail server

Mail servers communicate via a protocol called SMTP. It’s actually a plain-text protocol, which you can easily emulate via telnet. The very first line of a SMTP handshake is the “HELO” command, where the sending server identifies itself. A typical example would be “HELO example.com”, meaning, “Hi, I’m the mail server for example.com”.

Many spammers set this to a bogus value, or try to use the recipient’s host name or IP address, which is nonsensical. In any case, the correct thing to do is for you to set it to your domain.

How you set this will vary by mailserver. In Postfix, it’s the myhostname parameter in /etc/postfix/main.cf. Checking it is easy; just send a message through the server, and look at the headers on the remote end. Your hostname will show up on the first “Received” header line:

  1. Received: by example.com (Postfix, from userid 0)
  2.  id A72979E4144; Thu, 18 Mar 2010 23:00:01 -0400 (EDT)

SPF/DKIM

SPF and DKIM are newer standards that are slowly gaining popularity. The basic idea is that your DNS records can encode a list of rules about what IP addresses are allowed to send mail for your domain. It’s a whitelist, versus a blacklist. Typically, you can ignore these unless you’re sending a large volume of mail.

Monitoring

That just about covers anti-anti-spam 101. As mentioned, this will likely be an ongoing effort, and you need to keep on top of how it’s going. Ideally, there would be an administrator who would be alerted if emails are bouncing due to spam filters. For postfix, I would recommend pflogsumm.

  1. apt-get install pflogsumm
  1. sudo crontab -e
  1. # every work-day at 11pm
  2. 00 23 * * mon-fri cat /var/log/mail.log |/usr/sbin/pflogsumm -d today |mail -s “daily mail log” [email protected]
Categories: google, Internet, Mails Tags:

A day without SPAM

April 10th, 2011 No comments

Well I am one of those guys who get tons of mails everyday, but the main problem in my case is that I use to get many SPAM mails everyday. Well I thinks most of us have the same problem.
But today a miracle had happen its 11.26pm here and I have not received even a single unsolicited mail yet. And since its about half an hour left for the end of the day, I believe k wont get any more mails now. So I can confidently say that today is the day when I got not even a single spam mail in my inbox or even if I do its either trapped by Gmails spam assassin or has been automatically deleted by my own spam filtering method.
But what I want to share today is that why do we get spam mails and how to avoid it. If I start from scratch spam mail are basically promotional mails that we all receive everyday every-time, one good thought here is why do we get all such stuff? A one liner answer to this is because we all give our mail ids very easily to anyone and anywhere in the Internet and email spamming is considered as best and cheapest method to drive traffic on a website. Be cautious as spam mails contains various tricks like spoofing, phishing and spreading virus on your systems.
Although spamming is now considered as a very poor technique of website marketing (due to the great efforts done by Gmail/Yahoo/MS guys which makes them ineffective) still many folks try the same method to gather audience.
Well all I can say is follow these simple steps to make sure you wont get spammed anymore:
1) Create two email ids, one for handling your personal mails and other for giving it to websites all over the internet. Remember internet is a way good technology and you have to give your email ids for correspondence, separating personal mails and mails used for correspondence/contact purpose is a very nice method for managing your emails and is less irritating. One thing to consider is that every site won’t send you spam mails, only few will do. So don’t think that you should not give your email id to anyone.
2) Always mark spam to mails that are spam rather than just ignoring it, believe me you wont get at-least that kind of mail ever. And this will also block the source.
3) If you have your own domain or if you are planning to get one, make your mail id like [email protected] or [email protected], mails like this do not get even a single spam mail.
4) If you are publishing your email to your blog or any forum do write it like this yourmail [at] gmail [dot] com. This will avoid spam bots from capturing your mail. You may use your own method of writing your email on a forum page by editing the method given above.

And ya do change your password every 2 weeks and make it alphanumeric and add few special symbols to the same.

You may reach me via email at [email protected]

How to handle emails

October 28th, 2010 No comments

It seems to me that as you grow old, your rate of getting emails increases. Or at least thats the case for folks in academia it seems. The question is, how do you respond to these emails or take actions on these emails. This is what I do, and I am eager to know how others do it. I have a huge hierarchy of email folders and I have Inbox. There are different groups/clubs I am attached with. I have email filters which filter emails from these mailing lists and send them to their respective folders. These are the emails which I don’t want to respond to or read immediately. All my work emails and other emails remain in Inbox. And they remain there till I have taken action on them. That may mean just reading them again, or replying back or doing something else. So, basically, at any point of time, my Inbox has emails that are either unread or I haven’t taken action on them. Now sometimes, I get emails to which I want to respond but I don’t have time/I am lazy. They stay in Inbox. And sometimes they stay there for a month or so. And sometimes when I get back to those emails, I see that there is no point replying to them anymore. Now, I feel bad about that because I usually claim that if you have emailed me, I will reply to it even if I reply late. So, what do you do?

Source: How to handle emails – by rohitj (true copy)