Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] state of the art spam filtering
- Date: Wed, 17 Mar 2010 01:30:00 +0100
- From: Francois Cartegnie <fcartegnie@example.com>
- Subject: Re: [tlug] state of the art spam filtering
- References: <20100316092524.c153a4a9.attila@example.com> <201003161358.41373.fcartegnie@example.com> <4BA006CA.4090706@example.com>
- User-agent: KMail/1.12.2 (Linux/2.6.31.5-desktop-1mnb; KDE/4.3.2; x86_64; ; )
Le mardi 16 mars 2010, Darren Cook a écrit : > > * Reject senders listed in RBLs (spamhaus works well) > I've had email blocked because the sending IP somehow got in their list. > Blacklisting is equivalent to JR thinking this: the chikan on today's > train came in through the Shinjuku shin-minami entrance today, so let's > close those ticket gates down. Darren, I don't know what kind of IP got blacklisted, but Spamhaus has different lists, aiming different targets, and listing policies. If people got listed, that's usually there's a real persistent problem. Spamhaus sells lists to major spam blocking software. They need to be clean. > > * Reject senders with reverse subdomain containing blacklisted works (ex: > > *dyn*.foo.com, *dsl*.foo.com, *ppp*.foo.com, ...) > > No it doesn't. What about the genuine people sending from a subdomain > like that? They might be 99% spammers, 1% genuine, but this is still > throwing away real email. Who sends mail from a dynamic/dialup/customer ip today ? Every dyn ip can send mail through the isp's servers. Customers outgoing port 25 is even blocked by ISP today. As you're mentioning, that's 99% chance of being crap. But I never saw the remaining 1%. If it's legitimate, they'll have to manage to get their server on a regular subdomain, with a regular reverse. (a dyn IP is not a stable MX for receiving replies !) Now, remembering that RBLs exists, you'll have the risk of receiving a blacklisted IP, and won't have any authority to request a delisting. > > * Mails to non-exiting accounts goes to blackhole. Never bounce anything. > > So, how do users discover they mis-typed an address? Won't they just > assume fcartenie@example.com is ignoring them deliberately? If you have a single MTA that can check of the account before accepting the mail, this is not a problem. If you're a relay or your MTA can't check before accepting, you'll end up bouncing the message... Once a spammer notice this, he'll use it to spread his content using your own server. http://www.backscatterer.org/?target=backscatter As long as the sender can't be certified (domainkeys,dkim), there's no clean way to fight bounce spam today: Reject or Drop. Don't bounce. Francois
- Follow-Ups:
- Re: [tlug] state of the art spam filtering
- From: Edward Middleton
- Re: [tlug] state of the art spam filtering
- From: Lewske Wada
- Re: [tlug] state of the art spam filtering
- From: Attila Kinali
- Re: [tlug] state of the art spam filtering
- References:
- [tlug] state of the art spam filtering
- From: Attila Kinali
- Re: [tlug] state of the art spam filtering
- From: Francois Cartegnie
- Re: [tlug] state of the art spam filtering
- From: Darren Cook
- [tlug] state of the art spam filtering
- Prev by Date: Re: [tlug] state of the art spam filtering
- Next by Date: Re: [tlug] state of the art spam filtering
- Previous by thread: Re: [tlug] state of the art spam filtering
- Next by thread: Re: [tlug] state of the art spam filtering
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |