Re: Debian and spam

To: debian-user@lists.debian.org
Subject: Re: Debian and spam
From: "Karsten M. Self" <kmself@ix.netcom.com>
Date: Tue, 23 Nov 2004 06:41:22 -0800
Message-id: <[🔎] 20041123144122.GE7697@localhost>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20041113230457.GA20729@nitpicking.com>
References: <[🔎] 004601c4c8cf$063ca640$85120a0a@rtownsdt> <[🔎] ceb0ad0041112080264e21be6@mail.gmail.com> <[🔎] 87r7mxwlob.fsf@ursine.dyndns.org> <[🔎] 20041113230457.GA20729@nitpicking.com>

on Sat, Nov 13, 2004 at 06:04:57PM -0500, Carl Fink (carl@fink.to) wrote:
> On Sat, Nov 13, 2004 at 12:15:00PM -0800, Paul Johnson wrote:
> 
> > I tend to prefer real email management over fake email address hacks.
> > Keeps everything simpler, makes the spam easier to report, etc.
> 
> Who are you reporting spam to, anyway?  I'd like to contribute but I'm
> woefully out-of-touch.

Personally, my own recommendation would be that you don't.  It's a lot
of traffic, and you have to deal with massive amounts of unreachable
addresses, etc.  Not to mention false hits.

That said, I do it, and have written tools to do same:

    http://linuxmafia.com/~karsten/Downloads/SpamTools.tar.gz

Scripts are defanged by default, some of the configurations are specific
to my own needs, you *will* shoot yourself in the foot, but if you want
to report spam at a rate of one per 20-40 seconds, this will do it.
I've reported some 55k+ spams so far since March.

For a simpler solution, SpamCop works well.

My own main interests are:

  - Finding out where spam comes from (Korea, China, SBC).  Fully 15%
    (more or less) comes from one network, 25% from the top 3-5
    networks.

  - Finding out what DNSBLs are accurate (SpamCop, SpamHaus), a few
    others.

  - Finding out if reporting cuts the spam load (not much).

The most useful thing I've found is the DNS-based IP to ASN / CIDR
mapping resource at http://www.routeviews.org/.  This lets you aggregate
spam to a high level and identify trends, very readily.

More stats and stuff on my homepage (below), and by Googling "spam by
asn", particularly on the linux-elitists mailing list.

Upshot of all of this:  a soon-to-be-released version of SpamAssassin
should be incorporating ASN and/or CIDR classification for automated
scoring on these characteristics.  I'd like to see MTAs and firewalls
pick up similar capabilities.

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    MX Radio - With Bob Edwards, who needs NPR?       http://www.xmradio.com/

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Debian and spam
  - From: Wayne Topa <brittman@capital.net>
- Re: Debian and spam
  - From: Carl Fink <carlf@fink.to>

References:
- Debian and spam
  - From: "John Hannibal Smith" <jsmith@cistst.com>
- Re: Debian and spam
  - From: Michael Marsh <michael.a.marsh@gmail.com>
- Re: Debian and spam
  - From: Paul Johnson <baloo@ursine.dyndns.org>
- Re: Debian and spam
  - From: Carl Fink <carl@fink.to>

Prev by Date: Re: And the thing is installed by apt-get at... ??
Next by Date: Fetchmail trouble with mailing lists
Previous by thread: Re: Debian and spam
Next by thread: Re: Debian and spam
Index(es):
- Date
- Thread