Misguided SPAM Filtering techniques

Patrick W. Gilmore patrick at ianai.net
Mon Oct 22 16:28:50 UTC 2007


On Oct 22, 2007, at 11:41 AM, Sean Figgins wrote:
> Dave Pooser wrote:
>
>> Whenever I get one of those, I go ahead and confirm the message so  
>> the spam
>> gets through to the end user. I figure if they think I'm gonna  
>> filter their
>> mail for free, well, they get what they pay for.  :^)
>
> And that is probably just fine, as 99% of the true spam comes from  
> email addresses (and often doamins) that either do not exist, or  
> often are not configured to receive email.  The result is that 99%  
> of the spam filtered by spamarrest (or other challenge-response  
> techniques) is never actually seen by any human.  If you didn't  
> send the the email, why bother confirming it?  Aren't you also  
> adding back to the problem?

Where did you get that 99% #?


> Even if you confirm your email address, that's all that spamarrest  
> is asking for.  If the email address is valid, then it's done it's  
> job.  If the email address is not valid, then the spam gets stopped.

That is neither the statement that most CR systems make in their  
challenge, nor what most people who use the system think it means.


> I use a challenge-response system in conjunction with other  
> techniques, and have reduced the amount of spam I have to deal with  
> by a couple orders of magnitude.

I'm sure you have.  I'm also certain you have put a burden on other  
people, which is the reason we all hate spam


> I also advise the list membership here that if they DON'T want to  
> get the challenge from my agent, they should send responses through  
> the list.

That would be me. :)


> As fas as the original poster...  When I was working for a  
> particular MSO the topic came up for filtering port 25.  It took me  
> about a minute to convince them that it was a bad idea, as a lot of  
> people with broadband are the work-fro-home type, and not all of  
> them VPN into their work, but instead use their corporate SMTP/POP/ 
> IMAP server to do their business.  Since handling these valid  
> servers on a ticket basis would prove to be too much work, the plan  
> was scrapped.

I'm not at all certain I agree with your reasoning.  If someone wants  
to send e-mail from home, they can use 587, or your server, or VPN,  
or .....

I am assuming you also do not list your IP addresses in the PBL?  So  
the "99%" of your users who do _not_ need to work from home, but are  
infected, are allowed to spew spam at me?

-- 
TTFN,
patrick





More information about the NANOG mailing list