Projects / SpugSpam


SpugSpam is a script that runs a confirmation- response spam filter. It is designed to be flexible and is intended for use within your procmail pipeline. It is not intended to be user friendly.


Recent releases

  •  25 Sep 2006 02:41

    Release Notes: This release allows multiple remote patterns in the recvdpat file. The sender and deliver script format has been converted from a shell script to a single command to avert a security hole.

    •  29 Nov 2005 22:18

      Release Notes: This release adds added SPF checking (ala PySPF). The license has been changed to the GPL.

      •  10 Apr 2005 17:42

        Release Notes: This release fixes a bug in which a subject-header confirmation was not recognized if the "subject" header preceded the "from" header.

        •  31 May 2004 11:24

          No changes have been submitted for this release.

          Recent comments

          06 Jun 2004 11:58 mmuller

          Re: nice idea but..

          > .. the spammers use not only fake

          > addresses, in many cases they use

          > existing email addresses they don't own.

          You are correct, and I considered this problem very seriously and for a very long time before creating spugspam. To some extent, spugspam protects its users at the expense of other unprotected email users.

          My rationale for implementing and releasing it anyway is economic: the benefit to those protected is great, the cost to those affected is small. The cumulative cost (of receiving a large amount of confirmations from many confirm-response users) to those affected may be very high, but this should motivate them to adopt protection mechanisms of their own, thereby strengthening the system as a whole.

          This situation will improve as more hosts implement SPF protections. SPF checking will be integrated into a future version of spugspam, so if a host provides an SPF record, your chances of receiving a confirmation request for a message that you did not send will be much smaller.

          But I do apologize to everyone to whom my program has sent bogus confirmation messages (in the confirmation message, in fact) which is more than you can say for the writers of those virus scanning programs...

          31 May 2004 07:45 cycomate

          nice idea but..
          .. the spammers use not only fake addresses, in many cases they use existing email addresses they don't own. So sending those confirmation emails produces traffic and fills the real address owner's inbox with useless confirmation requests for emails he didn't send.

          Do you know the virus notifications some providers send? Whenever a worm/virus uses your email address - even if it wasn't your computer that's been infected with that worm - you get some stupid messages from providers telling you that "your message did not pass their filters, 'cause they identified the worm blabla.w32.y in that email'".

          Now, when someone uses your script and receives a worm, the owner of the (ab-)used email address not only gets those "your email contained a virus" messages but also your confirmation emails.


          Project Spotlight


          A Fluent OpenStack client API for Java.


          Project Spotlight

          TurnKey TWiki Appliance

          A TWiki appliance that is easy to use and lightweight.