A few weeks ago a spammer decided to start doing a dictionary attack against my domain name, and neither my SpamAssassin or procmail configurations were set up to handle it. This resulted in my INBOX being flooded with hundreds upon hundreds of identical pieces of spam sent to non-existant usernames @camworld.org. I finally updated my .procmailrc file with the following simple recipe (thanks, Jascha):
:0 * !^To: username@example.com * !^To: username2@example.com * !^To: mailing-list-name@example.com * !^To: mailing-list-name2@example.com * !^To: FirstName LastName $HOME/mail/caughtspam
Of course, my list is actually longer than this, but you get the idea. This allows only email that has a match in the To: field to be written to my INBOX folder. Everything else gets sent to a Pine mailbox called ‘caughtspam’. Every month or so I download this file, rename it with a datestamp, and then save it. To give you an idea of how much spam I’ve been getting, here are the statistics for the caughtspam files I have saved (Sep03-Feb04 caughtspam files are on a CD somewhere, I’ll dig ’em up):
| Date Span | Size of File | Number of Spam |
|---|---|---|
| 05/13/03-06/14/03 | 79,358,680 | 11,490 |
| 06/15/03-07/01/03 | 52,246,804 | 6,806 |
| 07/02/03-07/28/03 | 79,159,458 | 12,400 |
| 07/29/03-08/28/03 | 75,674,141 | 10,050 |
| 02/13/04-04/26/04 | 160,673,603 | 30,907 |
| 04/26/04-05/18/04 | 118,367,435 | 27,667 |
Posted by Cameron Barrett at May 19, 2004 02:03 PM