Could everyone please help me test the new email server?
It is very aggressive with regard to rejecting spam, and I am a bit worried
that it will prevent valid emails from getting through. This server is
designed to instantly reject email while the sending server is still
connected and send back a message as to why it was rejected so that a
legitimate sending user at least knows that the message was not delivered.
What it does NOT do, is send me a copy of rejected emails, the result being
that I don't have to look through the several thousand (a day) junk emails I
get to try to figure out if there are any false positives from the spam
If you have not already done so, and it is still in September of 2006, would
you please send an email to:
So far this seems to be working well. I have not received any word that a
valid email was blocked and I have received (and replied to) a number of
emails from around the world...
Including one from Adam Davis with all the standard spam keywords in it...
Which my filter did NOT block! Think about this... Adam is a friend and if
he wants to talk to me about v eye ah gu rrr ah then that should NOT be
blocked. And I am NOT whitelisting on "tanstaafl" just not blocking based on
keywords, filters, etc...
> So far this seems to be working well. I have not received any word that a
> valid email was blocked and I have received (and replied to) a number of
> emails from around the world...
> Including one from Adam Davis with all the standard spam keywords in it...
> Which my filter did NOT block! Think about this... Adam is a friend and if
> he wants to talk to me about v eye ah gu rrr ah then that should NOT be
> blocked. And I am NOT whitelisting on "tanstaafl" just not blocking based
> keywords, filters, etc...
> Send me an email, see if it gets through:
> And email TakeThisOuTjamesnewtonEraseMEspam_OUTpiclist.com if you get a rejection or don't hear my
> reply by tomorrow.
And there is the second false positive. Both have been from gmail accounts
and both were due to spamcop listing that specific gmail server as a source
Notice that in the reject message there was given a phone number to call...
Not that I would expect that to be used, but my point is that some alternate
form of communication can be provided.
I'm in the process of modifying the server to send back a message with a url
to a web page that explains why the message was rejected, what to do about
it, apologies for the false positive and gives another method of contact.
I may extend that to the point of allowing the blocked sender to white list
themselves... Or not...
Note that the 553 error code returned tells the sending server that the
email address it was trying to deliver the email to was not valid. A spammer
will use that return code to "cull" his or her list of email addresses.
Hopefully removing my email address from the list, with the result that they
will not even attempt to spam me in the future. This is only possible with
blocking at the instant of delivery. Most email spam systems accept the
delivery (confirming to the spammer that the email address was valid) and
then later reject or tag the email based on a listing from spamcop et all.
Another point here is that Mike now knows that spamcop has listed his gmail
server. He can go to spamcop and not only see why, but also, in most cases,
request that spamcop de-list the server. Actually, in this case, it would
require someone on the gmail team to do that, and I think this listing is
pretty bogus: In fact, spamcop has de-listed it already. But if Mike were
with a local ISP, and they were not being really careful about their users
sending spam, with the current, after-the-fact RBL blocking systems, Mike
would never know that. With this instant blocking, Mike will get indications
from all the people he tries to email that his ISP is being black listed.
This gives him the option of contacting his ISP to try to pressure them into
cleaning up their act, or of getting a separate email account with a
I usually use greylisting filters, which, assuming decent (compliant)
sender SMTP servers, do not drop any legitimate mail whatsoever, and in
my case they got rid of 80% or more of my spam. What gets through gets
caught in the Thunderbird bayesian filter mostly. Only drawback is mail
gets delayed 10 or so minutes the first couple of times it comes from a
On Tue, 2006-09-12 at 16:26 -0700, James Newtons Massmind wrote:
> Herb, I got your email (two I think) but when I tried to reply to one, I
> With reference to your message with the subject:
> "RE: tanstaafl"
> The local mail transport system has reported the following problems it
> encountered while trying to deliver your message:
> *** hgrafSTOPspamspam_OUTemail.com
> 550 <MetaMTA?v1.21>: No thank you rejected: Mail refused: See
> Your mail message is being returned to you in the next part of this message.
> Should you need assistance, please mail
Very interesting, thank you for that James.
When I paid for that email address I was assured there was no spam
blocking software, and that none would ever be added.
It appears that behind my back they added one at some point, which would
explain why I haven't received some other emails I expected these past
I emailed the admin with a VERY terse email suggesting ALL spam blocking
be removed from my account immediately. I never received a response, but
a few hours later the piclist emails started to come through again on
that account, go figure...
> I'm in the process of modifying the server to send back a message with a url
> to a web page that explains why the message was rejected, what to do about
> it, apologies for the false positive and gives another method of contact.
That other method of contact may be a web page that allows the person to
send a message to you using your server.
> I may extend that to the point of allowing the blocked sender to white list
> themselves... Or not...
Or having a link in the message that is generated by the page I mentioned
above that allows you to whitelist that address with just a click.
> Notice that in the reject message there was given a phone
> number to call...Not that I would expect that to be used, but
> my point is that some alternate form of communication can
> be provided.
The List is international; such long distance calls are not always
easy from many points of view. Perhaps some IM or Skype would be
better for the alternate form. Even Gmail has something voice enabled,
if I'm not mistaken.
Taking into account that list holder prefers all tools in-house, I'd
suggest he would think of setting up his custom IM on his server. It's
relatively easy with, say, ASP.NET 2.0 Script Callbacks for text
communication. All the precious PIC related communication could be
stored this way. Though I am not sure this would not negatively affect
> When I paid for that email address I was assured there was no
> spam blocking software, and that none would ever be added.
> It appears that behind my back they added one at some point,
> which would explain why I haven't received some other emails
> I expected these past few months.
There are a couple things I should note:
First, I screwed up and didn't realize that the "announce yourself" setting
in my new mail server is what it would use for the helo command; which is
what they rejected. My server said
Helo MetaMTA v1.21
And they rejected it based on the fact that a space isn't really allowed in
a helo command.
I've changed the name and that won't happen again.
Second, I should note that this sort of helo blocking is exactly what I'm
doing now. I'm blocking anyone who helos with "friend" or "localhost" or
"web" or anything that has an ip address in it such as
"dsl-234-22-112.telecom.co.br" since these are generally a good indicator of
a spam source. Real email servers say helo with names like
"mail.massmind.org" or "gmail-out-34.google.com"
Them telling you there was no blocking and then putting it on was bogus of
In short, google refuses to identify the actual source of the email. Spamcop
users DID receive spam. Normally (with Yahoo or Hotmail) they would be able
to block only the actual computer that sent the spam to the gmail email
server to send out to the victums. Since Google will not ID the actual
source, spamcop is blocking ALL mail from that google server.
You can argue both sides of that up and down and around until you are blue
in the face.
For me the most interesting thing is that google is allowing spam to be sent
(not that I blame them, it's hard to regulate users) and they are, in
effect, protecting spammers while damaging legitimate users by not
identifying the actual source. On the other hand, if the identify the
source, they are failing to protect the privacy of their users. Damned if
By the same token, spamcop is both damaging and protecting their users at
the same time. ...damned if you don't.
The two companies need to work out a way for spamcop users to report the
spam, via spamcop, back to google who will then have some means of figuring
out the source from their own records and instantly shut down the offenders;
trusting spamcop to finger only actual spammers.
You gmail guys might want to suggest that via your customer support; 'cause
spamcop does too good a job to drop, gmail has too many outbound servers to
white list and you are going to be guilty by association as long as the true
source is not known.
I received emails from a total of 60 people. (I'm sort of amazed that more
people didn't email.)
I had two rejections, both caused by spamcop blocking the gmail servers.
I had a couple people who, for what ever reason, I missed replying to, but
on review, I HAD received their emails.
As far as I know, everyone who sent me an email, via the new email server,
got a reply or a rejection note that explained why they were not able to
send. E.g. "spamcop says you spam"
Yesterday, the 18th, it processed 569 emails of which 530 were spam, of the
spam 485 were properly rejected and 45 were accepted. Of the 45 which were
accepted, 1 made it past the filters without being flagged as probable spam.
So that is less than 0.2%, which is just fine. But, more importantly, even
if we assume that the filters had correctly flagged the 485 that the email
server instantly rejected, that is 485 fewer emails that I had to look at to
avoid a false positive.
For more on what I'm doing see:
40B5&P=2949 where you can also read the dissenting opinion from the experts
who tell me my method will cost me "customers" and is not RFC compliant.