omgwtfspam?!
I got a friendly letter in my yahoo! inbox that went something like this:
The account with the username ‘stilldavid’, is running out of disk space. Please remove some files from this account, or ask the administrator to increase your disk quota. You have currently used 80.22% of your disk space.
Now I had a hunch that this wasn’t simply due to the huge number of files I keep for this blog, so I investigated. As it turned out, most of the used-up space was living in my email inbox – but not where I thought. A coupe years ago (that’s like forever in internet time), when I set up my most recent host, I configured a “catch-all” email address for stilldavid.com that I told myself I’d check all the time yadda yadda… long story short, it never happened, I stopped checking it after about 15 seconds.
Until now.
Upon my investigating, I rediscovered this inbox, and checked it. There were over eleven THOUSAND messages waiting for me, and guess what. They weren’t all for me.
That’s right, I had somewhere on the order of 11,000 spam messages that had never been checked just sitting on my server waiting for … someone to delete them I guess. But this is where it gets interesting. My server won’t let me delete messages until they have been downloaded off the server in a “successful pop3 session”. Needless to say, a “successful” session is a session which successfully retrieves all email off the server. All 11,000 messages.
So I set up Mail (yay for apple naming conventions!) for the account, configured it to delete messages after download, pressed the get mail button, and waited. About 20 minutes later, I had recieved all the mail off the account, and they had cleared out my inbox for the next 3 years of spam catching.
Okay, now the worrisome part. I started deleting the message in bulk out of the mail account, but also skimmed the subject lines to watch the trends in spam (Only a geek would get jollies from that) and the exponential increase in volume from 2004-2007.
Here’s what I saw in some of the more recent messages:
I’m getting a whole lot of mailer daemon messages, which leads me to believe that someone is remailing spam from my server. I don’t take the blame, but I shift it to my host, because remailing should be impossible (or really difficult) with a properly configured server. That, and I don’t have any mail-related scripts on my server at all, so there’s nothing that I conrol that can be easily exploited.
*sigh* Time to investigate further…