Re: [tlug] TLUG spam?

[Brett Robson <b-robson@example.com>]

Jonathan Byrne wrote:

>
> My gig these days is lead spam analyst at one of the major
> email security companies (yeah, that's really a job title :-), and while
> I can't go into much detail about our techniques, my answer to that
> question is "Not more ways than a regex can handle" :-)


The funny thing is I get spam trying to sell me drugs that I don't even 
know what they are. One classis (or something) I always think of as Calpis.
BTW v1agra seems to have slipped through your regex, or aren't you using 
your own product? ;)



> If you run a ton of mail the problem isn't the bandwidth, but the time.
> We use no external RBLs, not even ones which I really trust. Partly, it's
> a matter of accountability.  We are answerable to our customers for
> whatever we block by IP address, so we want to maintain complete control
> over that.  


Rejecting network from computers with interesting names like the 
following is certainly better than accepting an email (and validating 
the receipants address) and then quietly dropping it. Anyone who runs a 
mail server that has cable or [a]dsl in their reverse lookup needs to 
try a bit harder.

c-66-41-207-234.mn.client2.attbi.com
cm218-252-3-140.hkcable.com.hk
7-246.240.81.adsl.skynet.be
adsl-68-124-94-60.dsl.sndg02.pacbell.net

Brett