ietf-asrg
[Top] [All Lists]

Re: [Asrg] A response to the critique of my anti-spam system

2004-12-13 12:09:40
On 13/12/04 13:47 -0500, Michael Kaplan wrote:
I admit that my knowledge of mail systems is finite, and I am not sure what 
you mean by "accepted," but this is how I envision current mail systems 
function as compared to my system:

Current mail systems
Email arrives at the server and white listed email is passed on to the
recipients inbox, everything else is passed through a filter >>> A strong
filter removes 99% of spam and on a rare occasion a legitimate email. 
The filtered spam is either discarded or sent to a bulk mail folder
Everything that escapes the filter arrives in the recipients inbox.

God no. This approach doesn't scale to reducing spam at high volumes.
You start by filtering out stuff in the SMTP transaction. (Bad HELO/EHLO
names, syntax errors, greeting as the IP of the SMTP server, non
existing recipients). Then you allow whitelisted hosts through.
Then you check against DNSBLs and local IP blacklists and local sender
address and domain based blacklists.
Additionally, you may check for message lines which indicate malicious
content (attachments ending in .exe, .vbs, .hta, etc which generally
indicate malware).
Only mail that goes through this can hit the per user
whitelist/blacklist.

There are usually multiple levels of whitelists and blacklists, and the
global ones are usually dominant over the per user configs.

Only after 90%+ of the crap is rejected at the edge are you looking at
possible bulk mail filtering by content (UBE is about consent, not
content).

Devdas Bhagat

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg