lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
hpr-knowledge-base/hpr_transcripts/hpr1969.txt

170 lines
11 KiB
Plaintext
Raw Permalink Normal View History

Initial commit: HPR Knowledge Base MCP Server - MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00
Episode: 1969
Title: HPR1969: Horrors of Spam (and the Greater Horror of filtering it)
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr1969/hpr1969.mp3
Transcribed: 2025-10-18 12:40:15
---
This episode of HPR is brought to you by AnanasThost.com.
Get 15% discount on all shared hosting with the offer code HPR15.
That's HPR15.
Better web hosting that's Aniston Fair at AnanasThost.com.
This is HPR episode 1969 entitled Horrors of Spam and the greater horror of filtering it.
It's hosted by Josh Winnap and is about 13 and a half minutes long.
This episode we will cover the horror that is spam when the first spam email was sent and
the greater horror, at least for hosting providers, that is filtering spam email.
First allow me to apologize.
I have not done an episode of HPR since 2011.
It was my DDoS and how to mitigate it show and it's been really long.
So I'm sorry I haven't jumped on to do another one of these in a while.
It should have more time now that I'm working as a consultant and contractor.
So look forward to seeing some more podcasts from me.
Second, I've been really trying hard to record this while it's been quiet in the house.
But last two days, there have been so many random noises and things like that.
I don't think I'm ever going to get quiet.
So if you're a weird noise, just chalk it up to the dogs or the cats or our noisy dryer
or the guy across the street that insists on mowing his lawn every day.
Moving on into the actual meat of the podcast, we're going to talk about the horrors of
spam and the greater horror of filtering it.
Spam is unwanted email.
It's mass sent.
It's not intended for you necessarily.
It's just tons and there's tons of them.
It's ridiculous.
It started back in 1978.
That was when the first spam email was sent.
May 3rd, 1978, by a guy named Gary.
He was a marketer for the digital equipment corporation.
And he blasted out his message to 400 of the 2,600 members on the DARPA or ARPA net,
which was the DARPA funded so-called first internet.
And of course, he was trying to sell something.
So that actually makes spam older than I am by magnitude of 7 years.
Yeah.
Next bit I want to talk about is what you can do to prevent spam from hitting your mailbox.
Most of you have Gmail accounts or have corporate email accounts that already have inbound
spam filtering.
And that is essentially looking at each message that's coming in and comparing it against
different rejects codes or signatures saying, is this email spammy yes, no, are they talking
about Viagra and they're assigned a certain score.
So if they're just saying Viagra is available for you, that will probably get you a four.
But you send it or you get an email that says, super hot date, women looking in your area,
click here now, that's probably going to get closer to a 50 on the spam list.
But that's only one side of it is that inbound filtering.
As a hosting provider, we actually have to worry about both sides what comes in and what
goes out of our servers.
Any email that is generated from our servers should be checked and that should be the case
with any hosting provider.
Unfortunately, that's not the case with case with most hosting providers.
If an email is generated, there's that potential that it's spam and it goes out and gets
that server blacklisted.
That's one of the big issues with hosting providers right now, shared hosting in particular
is you get one customer that's either been compromised or is intentionally spamming.
They can actually blacklist an entire server because blacklists that are controlled by
groups like spamhoss, they have honeypots essentially set up that are email addresses that
are intentionally scraped by these groups who are selling these email lists for spamming
or at one way or another, they're on these lists and they capture these spam emails that
come in and say, oh, we've gotten a bunch of these emails from this IP address.
Let's add it to our blacklist and that's another way to filter is not only by score of
a email but a reputation of a server and that's the part that hosting providers really need
to look out for is the reputation of the server, how to protect that reputation because
if the reputation becomes poor, most providers will not accept emails from that IP address.
And if it's a bad enough problem, they'll blacklist an entire range.
So a slash 24, I've seen it as bad as a slash 16 where hosting providers just been known
to be an open door for spammers and they just allow anybody to send out emails and an entire
slash 16 for a company in Netherlands actually got blacklisted.
So how big of a problem are we talking about with spam?
At Nana's host, we typically see just shy of 70% of the email that comes in through
our servers that gets passed through, which is usually forwarders.
Forwarders are our biggest source of email like it's caught in our spam filter and we're
looking at just shy of 70% server that does 2,000 emails.
So maybe we're extra spammy, I don't know.
So a bigger hosting company that I've done consulting and contracting for is just that
shy of 60% for 25 of their shared servers on a single cluster that we've set up.
And that cluster does about 100,000 emails.
That's 60,000 emails that don't go out onto the internet and get stopped at that point
because of the out balance spam filtering that they're doing.
And they've got somebody working that full time.
That's a full time job for them.
But what's the big deal, you know?
You're worried about the messages being in the inbox, what's the big deal?
It's just an email deleted.
Without spam filtering in place, you will typically see a few hundred spam emails if it's an
easy guest email like admin info.
If it's your name dot or something along those lines, it's a little bit hard to guess.
But if your email is listening to a website, scrapers go through and look for email addresses.
I mean, that's why a lot of websites like PHP.net, I think even HPR, if I remember I'm pretty
sure we don't just put an email address on the page.
We modify it so that it's not easy for a scraper to just grab the email off.
The next big issue becomes the resources that are involved with processing those emails.
When spam emails are sent out, and let's say it's not even generating from the server
that I got sent out from, let's say it's a forwarder.
The receiving server is having to do the work of saying, is this spam?
And if it is, take appropriate action.
Companies like Gmail, Microsoft, most of your major ISPs, which that's a whole nother.
The rumor has point to me is ISPs because they're the first ones to go off on blacklist
somebody for sending spam, but they are some of the worst offenders for sending spam.
Those guys, if you send enough spam, they'll go off and start rate limiting.
The IP address that the email is coming from.
Blacklisting the domain that the emails are coming from.
And then blacklisting the server.
Those three in particular, are incredibly hard to get off of their spam lists.
Yahoo's another one, really hard to get off their spam list.
And when you're on those spam lists, it's not just a single domain that was sending the spam.
It's now everybody on that server.
So your legitimate business is now being filtered as spam because somebody had a forwarder
set up that forwarded spam onto these guys.
So it's really important for posting providers to know what kind of emails going out
from their servers and filtering that before it goes to the end result or end server.
The other problem we're seeing is that the spammers are getting crafter.
Specifically with the phishing emails, they're starting to get really, really close to the
actual emails.
There have been a couple that had I not known it was spam would have fooled me.
And sometimes they're not getting crafter, but they're targeting more people.
My roommate, his aunt called about five or six months ago because his grandma was trying
to send $1,000 to somebody who had sent her an email asking to have her send $1,000
by a Western Mutual or Western Union, excuse me, Western Union to get him out of jail
because he had crashed into somebody, killed them and now was being held on a $1,000 bail.
And they went so far as after she responded to go off and call her and get her to start
that process.
But she had to go down to the store to visit Western Union, but she couldn't drive thankfully.
And his aunt called him instead of, you know, doing logical thing, you know, call Justin
and see what's going on.
She took this email at face value and was going to pay somebody a random person $1,000 because
she thought her grandson was in jail.
The other thing that we're also seeing is viruses, crypto virus work, the last place I
worked at for my day job, their legal department had somebody that opened up an email address,
legitimately looked like an email that had come from their ID, he department, but instead
it was a word document that had a crypto virus.
And those crypto viruses are particularly nasty because they don't just encrypt the
local system, they encrypt any drive that that person can see.
In this case, it ended up encrypting the entire remote network storage, including all
the backups for every computer that was connected to that network.
Fortunately, my team were on a separate network, so we weren't affected, but everybody got
nailed by that.
And the same old, same old comes up with stolen identity, guys, goes right back to those
fishers.
They are getting really good at falsifying the stuff that they're putting on there.
And it very rarely leads anybody back to who actually did it because it starts from a
compromised web server, typically, where they've uploaded a version of a website that
looks identical.
It's just got weird URL, but people really look at the URLs anymore.
So a little PSA, look at the URL before you go off and put your login credentials in.
So I'm hoping over the course of this brief podcast, you guys have kind of got an idea
of why hosting providers not only need to worry about inbound spam filtering, but outbound
spam filtering.
Since I am now working from home, I'm hoping to get more podcasts done.
That being said, it did take me five years to do this one.
So maybe not hold your breath, but here's hoping, right?
Thank you for listening.
You've been listening to Hacker Public Radio at HackerPublicRadio.org.
We are a community podcast network that releases shows every weekday Monday through Friday.
Today's show, like all our shows, was contributed by an HBR listener like yourself.
If you ever thought of recording a podcast, then click on our contributing to find out
how easy it really is.
Hacker Public Radio was founded by the digital dog pound and the Infonomicon Computer Club,
and is part of the binary revolution at binrev.com.
If you have comments on today's show, please email the host directly, leave a comment on
the website or record a follow-up episode yourself.
Unless otherwise stated, today's show is released on the creative commons, attribution,
share a like, 3.0 license.
Reference in New Issue Copy Permalink