[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Earthlink and Swen



on Thu, Dec 04, 2003 at 10:56:59PM -0800, Ross Boylan (RossBoylan@stanfordalumni.org) wrote:
> On Thu, Dec 04, 2003 at 03:08:23PM -0500, Paul Morgan wrote:
> ...
> > I have all services locked down to localhost; my only connections to
> > the outside world are mail, news via nntpcached, web via squid... I run
> > Apache but it too is locked down to localhost.  My mail is run through my
> > ISP's (earthlink's) virus and spam filters before I get it (otherwise I'd
> > be getting like 10 Svens per day). I do see, from time to time, Apache
> > refusing connections attempts which are generally attacks by Windoze worms.
> 
> I had a long talk with earthlink a month or two ago in which they told
> me they were not filtering out swen (and they certainly weren't; I got
> a ton).  Soon after that, I did see some swen-like stuff in their spam
> filter for my account (but I also saw plenty still coming at me).
> 
> What's your basis for saying they are filtering out swen, rather than
> that you're just getting less swen?

Earthlink have implemented virus and spam filtering within the past
month or so, early November, if time serves.

It's more than slightly flawed in several regards:

  - There's no SMTP-time blocking -- the only way to reliably inform a
    sender that their message wasn't delivered, without joe-job risks.

  - Viruses are filtered to a "quarantine" folder, which you still have
    to check and clear periodically.  Whether and how this counts to you
    10 MiB mail buffer quota isn't clear.  Filter is based on Brightmail
    IIRC.  This is *not* enabled by default, but must be selected by the
    subscriber.

  - In "virus storms", virus filtering is enabled automatically.  There
    is no way for the subscriber to control this behavior.

  - Spam filtering is largely limited to "known spam" checks, analagous
    to Vipul's Razor.  This is the same useless crap that was previously
    marketed as "SpamBlocker".  Which didn't....

  - There is a "known senders" mail filtering system, based on
    challenge-response (itself an evil concept) which again quarantines
    mail not delivered, again, counting against your mail buffer.

      http://kmself.home.netcom.com/Rants/challenge-response.html

  - There is no reporting to the user of what mail was blocked, sender,
    subject, or reason for blocking.  There is no option for user
    training of filters.

Upshot:  I've not enabled any of the filtering.  I want to know what is
blocked.  I want blocking at SMTP level.  And I want context-sensitive
spam filters (e.g.:  Bayesian filters).  I can apply this through my own
rules after downloading mail.  Current mail loads are sufficiently small
that I can do this effectively.  I've also found that reporting received
Swen tends to keep counts down (~60-65 per day, vs. 250+ if not
reported).  I've created a few scripts for this (some assembly required):

    http://kmself.home.netcom.com/Download/reportSwen
    http://kmself.home.netcom.com/Download/fqdn2domain


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Reject EU Software Patents!                         http://swpat.ffii.org/

Attachment: pgpzw_CsNyuYz.pgp
Description: PGP signature


Reply to: