Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] state of the art spam filtering



Le mardi 16 mars 2010, Darren Cook a écrit :
> > * Reject senders listed in RBLs (spamhaus works well)
> I've had email blocked because the sending IP somehow got in their list.
>  Blacklisting is equivalent to JR thinking this: the chikan on today's
> train came in through the Shinjuku shin-minami entrance today, so let's
> close those ticket gates down.

Darren,

I don't know what kind of IP got blacklisted, but Spamhaus has different 
lists, aiming different targets, and listing policies.
If people got listed, that's usually there's a real persistent problem.
Spamhaus sells lists to major spam blocking software. They need to be clean.

> > * Reject senders with reverse subdomain containing blacklisted works (ex:
> > *dyn*.foo.com, *dsl*.foo.com, *ppp*.foo.com, ...)
> 
> No it doesn't. What about the genuine people sending from a subdomain
> like that? They might be 99% spammers, 1% genuine, but this is still
> throwing away real email.

Who sends mail from a dynamic/dialup/customer ip today ? Every dyn ip can send 
mail through the isp's servers. Customers outgoing port 25 is even blocked by 
ISP today.

As you're mentioning, that's 99% chance of being crap. But I never saw the 
remaining 1%.
If it's legitimate, they'll have to manage to get their server on a regular 
subdomain, with a regular reverse. (a dyn IP is not a stable MX for receiving 
replies !)

Now, remembering that RBLs exists, you'll have the risk of receiving a 
blacklisted IP, and won't have any authority to request a delisting.

> > * Mails to non-exiting accounts goes to blackhole. Never bounce anything.
> 
> So, how do users discover they mis-typed an address? Won't they just
> assume fcartenie@example.com is ignoring them deliberately?

If you have a single MTA that can check of the account before accepting the 
mail, this is not a problem. 

If you're a relay or your MTA can't check before accepting, you'll end up 
bouncing the message... Once a spammer notice this, he'll use it to spread his 
content using your own server.
http://www.backscatterer.org/?target=backscatter

As long as the sender can't be certified (domainkeys,dkim), there's no clean 
way to fight bounce spam today: Reject or Drop. Don't bounce.

Francois


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links