OK, thanks. :-) It's pretty clear that my proposal really IS that simple,
and really DOES go a LONG way to solving/reducing the problems of spams, worms,
and viruses.
I *do* urge the use of a good antispam content filter IN CONJUNCTION WITH my
proposal. My proposal, however, *greatly* improves the efficacy of the content
filter.
Since your proposal can be usefully implemented on a small scale (unlike
SPF, which will only work if (almost) everybody uses it), a few
questions:
1) Have you implemented it? Is the implementation available?
I have implemented significant parts of it. I haven't implemented more of it
mainly because at the moment, the level of the problem that I personally have
*here* is brought to a quite tolerable level (for now, at least) by the stuff I
presently have in place.
I continue however to add more things to my incoming mail processing system,
and
some of those I would classify as "experimental". Two recent additions are a
pair of programs that I use to try to "immunize" me from recurring spam
referencing known disreputable sites and domains.
When spam does slip in past my present filters, I append it to a "spam.txt"
file. The first of these two recent additions locates, canonizes (basically,
removing obfuscatory subdomains), and tallies domain names (and IP addresses)
referenced in the spam E-mails. These are deduped, sorted, and written to a
file "spamdomn.txt" which I periodically can look at to see if I see "good"
domains that got referenced somehow (the last good one was amazon.com, for
example, which clearly I don't want blacklisted).
Once I've checked over the list in spamdomn.txt, the second of the two programs
takes the file and adds the domains I wish to block (into the "right" places,
based on various rules and conventions I've set) to the HOSTS file maintained
and used by my mail server. This essentially not only just blacklists the
domain from E-mails, but prevents me (or other software on my system, with or
without my permission) from accessing those disreputable domains, including
using a Web browser (thus also blocking any popups, cookies, hyperlinks,
embedded banner ads, or other such nuisances using those domains).
My present E-mail processing system also blocks incoming E-mails which
reference
those "blacklisted", disreputable domains.
One change I'm going to add to my incoming mail processing system, for example,
is to trash the spams which put the spam into the HTML part and where the
text/alternative part of the message is just saying to "get a capable html
mailer". (AS IF!!!!! :-) )
One of the things my current system here does is to simply discard *all*
HTML-burdened alternative attachments in my incoming E-mails, and to
furthermore
eliminate a large percentage of any HTML tags that try to slip through in the
"plain ASCII text" E-mail body as well.
2) Are you using it yourself?
As I guess I just explained, I'm using some elements of the proposal, along
with
other proprietary filters and such (in part because I presently don't use a
separate "premade" content filter ("Spam Assassin" or similar) so my system
provides both functions, sort of...)
I hope I can be excused for not completing a full-blown, polished,
ready-to-take-to-market professional application for my own, personal use. (I
*will* say for the record, though, that my present filter was architected
internally with an eye to it being useful in a corporate setting, so it
provides
many of the hooks and internal structures to allow different users with
multiple
different POP3 servers and accounts (per user) and different mail accounts and
different rules, etc etc). So it WOULD be usable in a
multiuser/multidepartment
setting, with relatively little effort. It presently runs as a background job
on my Windows 2000 server, and accepts asynchronously issued commands (such as
"exit", "reinitialize certain global tables", etc) issued from elsewhere on the
network. The system is primarily implemented in SPITBOL (a high-performance
programming language with special talents for powerful pattern recognition and
textual manipulation).
One of the features I'd class as "experimental" in my present system I'm using
is a "gibberish detector" which is designed to detect and defeat spam that
contains randomly generated gobbledygook (those spams designed to evade or
defeat other "clever" types of adaptive filters).
My present system also identifies and removes most all cases of those annoying
and repetitive "free mail provider" inline ads and such.
If so, how much much did it reduce the amount of spam,
I don't really have good statistics on that, in part because it just hasn't
been
worth my time to collect all the statistics and compile the reports. I have
detailed (very!) logs of what the mail filtering system has done, but honestly
have done relatively little to analyze those.
...how much time do you spend tweaking your permission
lists, how many people claim that they can't send mail to you?
At the moment, I have just under 2000 messages that have been sent
automatically
to my "spam/quarantine" folder, this covering about since the middle of August.
I've had a few isolated complaints about difficulty sending me mail, although
in most cases investigation turns out that they either misaddressed it or the
mail got improperly bounced by temporary ISP issues or the like.
I spend relatively little time tweaking the filter and whitelist
configurations,
probably less than ten minutes a month. I periodically sit down and devote
some
time to programming, such as this most recent program I wrote to add the
disreputable domains into (at the suitable locations in) the HOSTS file,
usually
when I feel motivated to do that sort of thing.
Again, as long as it's strictly for my personal use, the payback simply isn't
there for me to polish the thing as a serious, professional-grade "product"
suitable for widespread installation. Accordingly, the way this presently
works
is rather keyed to how my systems are configured here. I do have a consulting
client in Wisconsin who I've set up with an incoming mail processing "bot" type
system, which in some ways is similar to what I have here for myself, although
their needs were rather specialized and accordingly their system ended up being
quite different in the end than what I use here. (Their system is, however,
like mine, implemented in SPITBOL and runs as a background job on one of their
Windows 2000 Professional systems).
I would enjoy pursuing the polishing of the system, and elaborating it to full
release quality, so if you know of someone interested in funding such a
project,
with an eye to producing a commercial product, definitely, send them my way.
:-)
FWIW, by the way, over the past three or so days, my incoming mail filter has
used a total of a little over 10 minutes of CPU time, this on an Athlon
(2000+?)
single-CPU Win2K server system. This is without any particular effort being
made to optimize or otherwise study the execution time the various components
are using in detail. I don't consider, at the moment, that scaleability would
be a big problem.
3) Have you deployed it at a scale where you couldn't explain it to
everybody in person (E.g., a company with ~100 employees, a small ISP,
etc.)? Same questions as above, plus: How many support calls do you get?
At the moment, the incoming mail filtering system I use is strictly for my
personal use in my home office. The related incoming mail processingbot system
I've installed at my consulting client is in daily use, in an office of about
15
persons, and I don't remember the last time I got any kind of support call or
question about it. It just sort of sits there and runs. :-)
Gordon Peterson http://personal.terabites.com/
1977-2002 Twenty-fifth anniversary year of Local Area Networking!
Support free and fair US elections! http://stickers.defend-democracy.org
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg