[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SPAM fiiltering - spam breakdown



hi ya jesus


On Fri, 1 Nov 2002, Jesus Climent wrote:

> 
> From my experience i would say: Do not use RBLs to reject mail, but to
> tag it.

a good reason against rbl's
	http://www.ifn.net/rblstory.htm

and i agree...  and i also disagree


if  i was gonna tagg an email ( spam ) for later processing ...
i might as well have spent the 1 second to check it the first
time and hit the "D" key  ... instead of looking at that email twice

- spam is counter productive for many reasons..

- for personal stuff ... everything is spam... unless i
  explicitly allow it 

- for work stuff ... dont know who or where email will come from
  it is spam if it meets the following rules

  - my "spam" rules/definition ...

       Deny access from all open relays 
       use Global RBLs and localized RBLs
       Reject all emails from servers with bad/missing reverse DNS 
       Reject all emails from fake users
       Reject all emails addressed to non-existent users on your server 
       Reject all emails with bad/malformed/faked headers 
       Reject all emails with bad/malformed/faked mesgID  
       Reject all emails with missing/bad subject lines 
       Reject all emails from known "spam generating software" 

       last .. kill those "properly addressed emails" that are still spam 
       Reject all emails with "spam content" - not easy to do 

	== notice ... most of the above is just properly configured boxes
	== and not even counting words or sequences of words yet in
	== the body of the message

-
- checking the status of the 2100 spams received at just 1 email address
- in October
	i was curious of the breakdown of the anti-spam filter...

--->>	- about 1000 have bad message_id <<<--- notice !!

	- about 250 have bad reverse dns
	- about 250 trip over check_eoh ( header errors including rbls )
	- about 100 using known spamware
	- about 100 sending email requiring license for those activities
	- about 100 relaying denied ( not a real spam )
	- about  50 to unknown recepients
	....


	-- worrying about rbls is NOT a major issue

- and yes... i depend on 3rd party software to determine if its spam
	sendmail is my choice of mta
	- rbls since i do NOT want to make my own access list

	- and for those that do make it thru that is not in any RBLs yet
	  i deny it in my list wheni get around to it

- 3rd party software works great ... when used properly???

c ya
alvin



Reply to: