LittleBITS: Email Delivery Problem and Blocking Spambot Accounts

ace · November 13, 2023, 8:41pm

Originally published at: LittleBITS: Email Delivery Problem and Blocking Spambot Accounts - TidBITS

We’ve been dealing with some server-side issues of late, and Adam Engst takes you behind the curtains to apologize for an email delivery failure and explain how we blocked an onslaught of spambot-created accounts.

gib · November 13, 2023, 10:50pm

I shared your pain since I run my own mail server under an outdated version of CommuniGate Pro’s “community version” (up to 5 accounts, which they ungenerously discontinued). Like you, I’ve blocked Russia, but also China and a few high-noise-to-signal countries like the Seychelles and Cyprus. You probably don’t have that luxury.

If you don’t already, I suggest you also block all unassigned IP addresses (“bogons,” from CYMRU). Is this what some people call the “dark web”?

chrischram · November 14, 2023, 7:00am

Just a data point, which may or may not be relevant to this issue: TidBITS #1684 got to me, but was filtered to Junk. This may have happened in the past, but was so long ago I can’t remember when.

db59 · November 14, 2023, 10:21am

I’ve found the WordFence security plugin for WordPress very effective at blocking access from IP addresses of known spammers. Definitely worth a look if you’re not already using it.

ace · November 14, 2023, 6:06pm

I’ll look into that—I’d rather not have to manually update the Stop Spammers blocklist from another list. It’s possible the plug-in already does something along those lines.

I heard that from another person too—there must have been some text in there that Gmail’s spam filter didn’t like. Please just mark it as Not Spam to help train the filter. Thanks!

We actually are using WordFence, and it claims to be blocking a ton of connections, but doesn’t protect against spambot-created accounts in any way. I confirmed this with WordFence support and have stuck with the free version because of that.

Matt_McCaffrey · November 14, 2023, 6:43pm

It is a frustrating job. In some of my work gigs, I started and maintained WP sites with strict membership requirements and a limited population (nothing like TidBITS).

But when I picked up a church website that had been built by a graphic artist using GoDaddy and WP, I found it was infested with bots injected into the code, apparently to invite all their friendbots. It took cleaning a copy of the content, staging it to a new ISP, and installing a raft of security measures to clean it up.

Even then, the URL itself was still a magnet for new bots. Like you, I found the free version of WordFence to be good enough for dealing with the swarm of brute-force, unaimed bots that just keep trying for up to a hundred (or more) attempts before they move on temporarily. I also felt very free to block individual IPs and groups of IPs if they were the source.

Again, frustrating, and it could become one or more people’s full time job.