• Immutable Page
  • Info
  • Attachments

AboutSpamikaze

Spamikaze is an automated spam block system. Unlike some other spam block systems, Spamikaze does no tests for open proxy or open relay vulnerabilities. Spamikaze is passive and completely driven by mail coming into a system's spamtrap addresses.

Spamikaze is based on the following premises, which appear to be true on the sites where the authors are running Spamikaze:

  • Almost all mail received at spamtrap addresses is spam.

  • Almost all spam is sent from IP addresses that are not mail servers, so no legitimate email is lost by blocking those.

  • Open relays and easy to detect open proxies are being abandoned by spammers (due to the traditional blocklists), in favor of virus infected Windows machines with hard to detect spam trojans.

  • The chance of somebody else receiving a spam before you is very high, since you're only one of over a million recipients.

  • If users (or mail servers) warn each other from which IP addresses spam is flowing, spam can be blocked before it is delivered to most recipients.

  • Spammers have to send out millions of emails to make a profit; spammers cannot be profitable without sending out bulk email.

  • Since spammers have millions of addresses on their lists, it's going to be economically impossible for them to find out which addresses belong to real users and which belong to spamtraps.

  • If implemented properly, an anti-spam solution should be able to use the numbers against spammers, turning the tables against those who send unsollicited bulk email.

Currently, Spamikaze works roughly as follows:

  • A spamtrap receives an email (most probably spam).

  • The passivetrap script figures out which IP address delivered the email to the spamtrap's email server.

  • The IP address gets added to the local Spamikaze blocklist, unless the IP address is whitelisted (eg. a known mail server).

  • Spamikaze notifies other Spamikaze systems of the spamtrap event (future functionality, not currently implemented).

  • The local mail server will reject mail from the IP address that sent mail into the spam trap.

  • After a configurable number of days the IP address is automatically dropped from the blocklist.

  • Alternatively, somebody removes the IP address from the list using the web interface. This happens in the rare cases where the spam comes from an actual mail server that also wants to send legitimate mail to a mail server protected by the local Spamikaze list.

  • If a new spamtrap hit happens from the same IP address, the timeout is extended, or the IP address is listed again.

The end effect should be that IP addresses that only send you spam stay on the list for long times (blocking all spam), while IP addresses from which legitimate mail comes only get blocked for short periods (so spam is blocked, but you don't miss out on the legitimate email).


Category Documentation

Tell others about this page:

last edited 2006-07-14 00:40:50 by JamesDay