[PLUG] Get off of junk mailers list...

Tim tim-pdxlug at sentinelchicken.org
Fri Jul 31 15:53:18 UTC 2009


> I suspect that viruses generate lists of email addresses somehow of 
> potential customers who are susceptible to fraud and other things.
> So how do you fight back?  How do you get off of the list?

You don't get off of spam lists once you're on.

> My ISP Opus never seems to let spam through.  How does Opus manage
> to stop more of this stuff than I do?

Through a whole big bag of tricks that change over time, I'm sure.  If
your mail server white lists IPs based on stuff like SPF and DKIM,
then it can more aggressively greylist or blacklist other IPs.  Then
there's secondary DNS checks and finally the more accurate bayesian
filters that can be applied.

I've never been impressed with spamassassin myself.  It always struck
me as a system with far too many levers and buttons.  The average joe
has a tough time tuning it and full email content filters should never
be tuned by humans.  They should simply be trained through machine
learning.  Anyway, I digress...

What it comes down to, is if your full time job is to filter spam, you
get pretty good at it.  If you don't have that much time to put into
it, then stuff is going to get through eventually, since spammers are
always changing their tricks.

> I'm getting a lot of you won, give us your personal information fraud
> among other things.  I get emails that read like they are from some
> uncouth woman who wants to have sex with me complete with a link to
> a web site that looks like an online pharmacy.  I imagine what I am
> describing is something that others have experienced as well.

You actually read your spam?

> One way to stop spam cold is to blacklist every possible email
> source and only whitelist the ones that you know are legit, but
> this breaks the way things are defined to say the least.  

Yeah, it does.  I've often been burned by people who blacklist all
DSL/cable modem IP addresses.  I've finally managed to get good DSL
provider who sets my reverse DNS now, so that helps a lot, but if
receiving legit email matters to you, you have to be careful.

> There
> is also the risk that you won't let a legitimate email through
> where the sender won't retry.

Yes, exactly, this is the biggest challenge.  My view on it is that
full bayesian content filters (DSPAM, crm114) are by far the most
accurate methods of filtering.  If properly trained, they can be
incredibly good.  However, these do suck up a lot of CPU, so you need
to use some level of border filtering such as {grey,black}listing in
order to save bandwidth and CPU, but don't be too aggressive with
those, otherwise you won't even know what you're missing.

Note that Bayesian filters must be trained.  There are many ways to do
this.  For me, when I receive a miscategorized message, I forward it
to one of two email addresses on my server that processes it as spam
or nonspam, depending on the mistake my filter made.  I use CRM114 and
I can share with you some scripts for it off list if you like.

good luck.
tim



More information about the PLUG mailing list