Re: SPAM

To: "Robert H. Clugston" <robert@csnsys.com>
Cc: Debian-ISP <debian-isp@lists.debian.org>
Subject: Re: SPAM
From: Robert Varga <robi@piros.zold.net>
Date: Mon, 28 Feb 2000 23:05:26 +0100 (CET)
Message-id: <Pine.LNX.3.96.1000228224814.28838B-100000@piros.zold.net>
In-reply-to: <NBBBIMLAEPCKBNMEMGDBMEPOICAA.robert@csnsys.com>

There are some telltale signs, which can be used to filter for.

Some of this is invalid or missing addresses in the headers, forged
delivery routes in the Received: headers, or you can filter by the ip of
the smtp client which connected to your mail server, as in this example.
The latter can be done by using RBL databases, which are documented in
your mailserver software's documentation.

You can also filter according to the content of the message, although this
brings up some legal questions. The most typical signs of spam messages
today is the write to address xy@... to be removed from the database line
at the bottom of the message. 

So much about detecting spam.

Another question is what to do with detected spam:

a. refuse it in the smtp session: this will prevent the spammer to use
your host for spamming, and your machine won't bother with trying to
deliver bounces to usually non-existent addresses. This may be difficult
to implement in some mail server software, but there is no other negative
aspects for this. If it can be implemented, then it is the ideal solution.

b. bounce the message in the delivery phase: your mail server will have to
try to send bounce mails to probably non-existent addresses.

c. ignore the message ( > /dev/null) In this case, there is the danger of
losing mail which is false positive for spam-check

d. move mail to a temporary folder, which can be browsed by the user, and
is periodically deleted.

e. other actions...

Probably the best course is to enable the users to decide the action for
them on a per-user basis.

Implementing this:

1. Yourself... see doc.
2. There are sites on the web which provide spam-filtering for your
mailserver. See spamcop.net for one...

And a few things in the example to identify spam:

On Mon, 28 Feb 2000, Robert H. Clugston wrote:

> Received: from sdv-ca4b-122.rasserver.net (sdv-ca4b-122.rasserver.net
> [204.30.199.122])
> 	by mail.abcdef.com (8.9.3/8.9.3/Debian/GNU) with SMTP id LAA03981;
> 	Mon, 28 Feb 2000 11:37:56 -0800

You can filter the ip address of the client. There are RBL databases for
dialup ip addresses. You in no way has any obligation for accepting SMTP
connections from users you have no relation to, and they don't want to
transfer messages destined to your host. Search for MAPS-DUL to know more.

> X-Authentication-Warning: mail.abcdef.com: sdv-ca4b-122.rasserver.net
> [204.30.199.122] didn't use HELO protocol

You can enforce the usage of the HELO protocol, since that is part of the
RFC, so it is mandatory.

> X-Mailer: ÐÏà¡±á

No valid mail software puts junk in any of the headers...

> To: @abcdef.com

Invalid mail address... (no localpart).

> From: Taylor@dabsol.co.uk
> Message-Id: <udcgvwcjyterkxxdar.jgjjwkgrwkcqsivwqbq@SeaBreese@dabsol.co.uk>
> Content-Type: text/html;
> 	charset="iso-8859-1"
> Content-Transfer-Encoding: 7BIT
> X-UIDL: 98d6626f2abd5c62a5262f7f63236527
> 
> 	What can I do to stop these messages from coming in. Is there anything to
> help stop the flow of unsolicited commercial e-mails?
> 

These are a couple of things to filter for.

Robert Varga

Reply to:

References:
- SPAM
  - From: "Robert H. Clugston" <robert@csnsys.com>

Prev by Date: Re: SPAM
Next by Date: Re: SPAM
Previous by thread: Re: SPAM
Next by thread: Re: SPAM
Index(es):
- Date
- Thread