North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Misguided SPAM Filtering techniques

  • From: Sean Figgins
  • Date: Mon Oct 22 18:24:29 2007

Patrick W. Gilmore wrote:

Where did you get that 99% #?

Statistics from my own mail server. Yours may vary. In the course of 6 months, on one honey-pot email address, I received about 10,000 spam messages that were classified as from forged addresses by spam assassin. I'm sure you are familiar with these, they are like [email protected], [email protected], etc. I also received about 200 other messages that spam assassin classified as spam for overall score. My statistic is a little off. 98% of them were forged addresses. Not all of that remaining 2% had a valid address, most of them were either from domains that did not receive email, or addresses that did not exist.

I have my c/r system setup on this account to discard the forged hotmail accounts, as well as the email that was otherwise classified as spam. The rest I handle manually until I find a conclusive pattern.

That is neither the statement that most CR systems make in their challenge, nor what most people who use the system think it means.

The problem is that C/R systems is not the only means to stop spam or viruses, or other junk. As you said, it only validates email addresses. If they are valid, and confirmed as such, the email gets through. Anyone that sees it as otherwise is mislead.

I'm sure you have. I'm also certain you have put a burden on other people, which is the reason we all hate spam

So, I burden a VERY small number of people over the course of 6 months, since 99% of the forged addresses are dropped at the server, and a challenge is never sent. I understand that my setup is unique, and that commercial c/r systems likely don't discard anything.

And, is it really a burden if you SEND me an email to validate yourself? If it IS such a burden, then I invite you not to send email to start with, especially not to me.

I'm not at all certain I agree with your reasoning. If someone wants to send e-mail from home, they can use 587, or your server, or VPN, or .....

Yeah, and since the ISP only accepts email from their customers with a valid login from their IP addresses, when their customer takes their laptop elsewhere they can't send email. Most are not going to know to change their SMTP server, and many more aren't going to have a valid SMTP server which to send email through when they are traveling.

And your your comment of VPN or port 587... Those are not always options either.

I am assuming you also do not list your IP addresses in the PBL? So the "99%" of your users who do _not_ need to work from home, but are infected, are allowed to spew spam at me?

If the user is infected, they are infected. Not much that can be done about that. Fortunately, most infected PCs do not bother to send email through the user's SMTP server. As long as the user connects to the SMTP server, starts TLS and authenticates themselves, that's all that I require. This is on my personal email server, which serves only a handful of trusted users. I can't speak to my current company's external email server. The Internal one requires a VPN, but also runs Microsoft software, so it's highly suspect.


(Please respond only through the list)