Misguided SPAM Filtering techniques

• Previous message (by thread): Misguided SPAM Filtering techniques
• Next message (by thread): Misguided SPAM Filtering techniques
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Patrick W. Gilmore wrote:

> Where did you get that 99% #?

Statistics from my own mail server.  Yours may vary.  In the course of 6 months, 
on one honey-pot email address, I received about 10,000 spam messages that were 
classified as from forged addresses by spam assassin.  I'm sure you are familiar 
with these, they are like aslkuews at hotmail.com, lkjjyes at yahoo.com, etc.  I also 
received about 200 other messages that spam assassin classified as spam for 
overall score.  My statistic is a little off.  98% of them were forged 
addresses.  Not all of that remaining 2% had a valid address, most of them were 
either from domains that did not receive email, or addresses that did not exist.

I have my c/r system setup on this account to discard the forged hotmail 
accounts, as well as the email that was otherwise classified as spam.  The rest 
I handle manually until I find a conclusive pattern.

> That is neither the statement that most CR systems make in their 
> challenge, nor what most people who use the system think it means.

The problem is that C/R systems is not the only means to stop spam or viruses, 
or other junk.  As you said, it only validates email addresses.  If they are 
valid, and confirmed as such, the email gets through.  Anyone that sees it as 
otherwise is mislead.

> I'm sure you have.  I'm also certain you have put a burden on other 
> people, which is the reason we all hate spam

So, I burden a VERY small number of people over the course of 6 months, since 
99% of the forged addresses are dropped at the server, and a challenge is never 
sent.  I understand that my setup is unique, and that commercial c/r systems 
likely don't discard anything.

And, is it really a burden if you SEND me an email to validate yourself?  If it 
IS such a burden, then I invite you not to send email to start with, especially 
not to me.

> I'm not at all certain I agree with your reasoning.  If someone wants to 
> send e-mail from home, they can use 587, or your server, or VPN, or .....

Yeah, and since the ISP only accepts email from their customers with a valid 
login from their IP addresses, when their customer takes their laptop elsewhere 
they can't send email.  Most are not going to know to change their SMTP server, 
and many more aren't going to have a valid SMTP server which to send email 
through when they are traveling.

And your your comment of VPN or port 587...  Those are not always options either.

> I am assuming you also do not list your IP addresses in the PBL?  So the 
> "99%" of your users who do _not_ need to work from home, but are 
> infected, are allowed to spew spam at me?

If the user is infected, they are infected.  Not much that can be done about 
that.  Fortunately, most infected PCs do not bother to send email through the 
user's SMTP server.  As long as the user connects to the SMTP server, starts TLS 
and authenticates themselves, that's all that I require.  This is on my personal 
email server, which serves only a handful of trusted users.  I can't speak to my 
current company's external email server.  The Internal one requires a VPN, but 
also runs Microsoft software, so it's highly suspect.

  -Sean

(Please respond only through the list)

• Previous message (by thread): Misguided SPAM Filtering techniques
• Next message (by thread): Misguided SPAM Filtering techniques
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]