How To Reduce Spam and Bouncebacks, Organise Your Email And Still Keep The Convenience Of A Catch-All!
Posted on October 1, 2007
Filed Under Uncategorized | Leave a Comment
Well, it’s a long title and it’s likely to be a long post… even by my standards.
A few weeks back I had a major, and unexpected since I started using SPF, run of undeliverable bounce backs from somebody else’s spam run as I reported in “Does SPF Make You A Target“.
My email provider suggested that the way to avoid this and other spam was to turn off the catch-all option on my account. Nope, sorry, the catch-all option is far too useful. The ability to give every company and website I deal with a unique address is too valuable. It allows me to see who sells on an address and to block an abused address with blocking any other email. I deal with sufficient businesses and websites that going into my email administration to set up a new address every time I need one would just be too much hassle.
So I had to come up with another way…
What I came up with was a script using Sieve, the mail filtering language. I had looked at sieve before but had not been able to find any tutorials that both explained well, and were thorough enough for me to be confidant that I wasn’t about to completely mess up my email. This time, I bit the bullet, and read through RFC 3028. It turned out not to be as impenetrable as many other RFCs.
I’ll include an example script further down but this is what the script is designed to do:
The general idea is that the script looks for certain suffixes to the local part of an email address i.e. the part before the @ and files the email in subfolders or discards the email on that basis. Once the script is installed you no longer see spam and bouncebacks to any address not covered by the script that a spammer cares to guess in your domain (this script is only applicable to those with their own domains). However, as long as you append one of the recognised prefixes to the local part you can still give any business or web site a unique email address within the domain without having to make any changes to your account, whitelist the address or anything else (unless you have other protective measures in place that cause these hassles).
It should have been easy. It wasn’t.
The difficulty was in finding a header specifying the address that the mail was delivered to that could be relied upon to be there. Basically, there aren’t any. The envelope To header should be the definitive source of the To address but in many cases, due to the way email works, is not available! To get around this many mail servers add their own header with the original contents on the envelope To. I’ve included 11 different headers that various programs might add. If you want to tidy the script up then you should be able to find which, if any, your mail provider uses by examining the headers of your email or asking your provider.
To explain the script section by section:
Spammed, Overused And Otherwise Abused
In section 1 you would add email addresses that you know have been spammed, sold on or otherwise abused.
Any email address that matches in this section will be silently discarded.
Organising Your Email
Section 2 sets up which suffixes you wish to use and in which folders you want to file your emails. The script will not create the folders themselves. This has to be done before using the script.
I have deliberately used unhelpful suffixes in the example script e.g. the example script would file anything+xyz@adomain.tld (where “xyz” is the suffix) in the mailing lists folder. You will want to change this. If everybody used the same suffixes it would become easy, once again, for spammers to guess an address. You may also need to edit the layout of the folders you want the mail to be sorted in to. There are two common layouts. one has drafts, sent etc at the same level as the inbox. This is what my provider uses and is what the example script is set up to use. The other has drafts, sent etc as sub-folders of the inbox in which case the folder needs to be specified as INBOX/subfolder, INBOX.subfolder etc – check with your mail provider as to which separator they use.
This is the section that lets you improve the organisation of your email. If you receive a lot of email every day you probably, like me, find that the important stuff that needs dealing with now gets lost amongst the trivial. If you set up your suffixes and folders carefully you can have important stuff, bank notifications, domain renewals etc in a separate folder from trivial stuff like forum thread updates, joke/day/pic of the day etc.
Handling Existing Email Addresses
Of course, it is likely that the email addresses you have been handing out to date do not conform to the format discussed here. Section 3 is where you set up those email addresses that you have already given out.
Personally, I wouldn’t obsess about trying to remember every single address you’ve ever given out. Just leave section 4 filing all other emails into an unfiltered directory for 6-12 months and, as you note new email with valid addresses appearing in it, update the script. This will be a bit of a pain to start with but should rapidly drop off after the first 2-4 weeks in most cases.
The other alternative, here, to editing the script is to contact websites and companies using old addresses and give them a new one.
Everything Else
Section 4 defines what you want to do with mail that has not been handled by any of the above sections. The example shows filing in a separate folder that can be checked for a while.
Once you are happy that all mail is being accounted by sections 1-3 you could change this to discard the mail.
Finally, we come to…
The Script Itself
Comments
Leave a Reply
