ietf
[Top] [All Lists]

Re: How Not To Filter Spam

2004-02-17 21:33:51
On Tue, 17 Feb 2004, Vernon Schryver wrote:

From: "william(at)elan.net" 

It is also a classic example of what is wrong with the MUA filtering

You certain dont assume that there is nothing wrong with the filtering
system you use and others may try duplicate as well. Otherwise how would 
you explain that you have Elan and completewhois.com listed as filtered
on your site. Do you honestly believe we ever sent you any SPAM? Or maybe 
you're making certain assumptions about envelope from or normal "From:" 
headers and complaining when others are making the similar assumptions?

Mail from Elan and completewhois.com is unwelcome at rhyolite.com in
patt because of a message that said:
You might want to post headers that show it being sent from some open-proxy
in pacific and showing use of email accounts that were never there.
 
] Elan.Net Internet
] T.1 T.3 Frame Relay
] If you need more information about us or are interested in network services 
] (managed hosting, collocation, dedicated servers, t1, t3), please send 
email to info(_at_)elan(_dot_)net 
] 
] For More info 
] http://www.elan.net
] sales(_at_)elan(_dot_)net

There are additional, independent, sufficient reasons for that listing
that we do not need to explore. 
Except that we did not send that message and anti-spam community was 
informed it was a joe-job (95% guessed as much on their own). Considering 
you knew who I'm am, I suspect you knew all this as well and if you did 
not you might have notice a warning about this on the website. 

An advantage of a vanity or other tiny domain is that it can use
blacklists that would have intolerable false positive rates at other
or larger outfits but that have 0.000% local false positive rates.
That is unlikely considering what I know about your list. 

Unless you make a good effort to research anything you probably have as
many problems as some of the most agressive ip-based filtering sites (like 
spews), you might make a number of good hits but would have number of misses
as well. Besides that as has been shown many times, for spammers its a 
lot easier and less expensive to get new domain that to get new ip block - 
and many do and setup hundreds of new domains on monthly basis. As such 
the value of domain-based filtering is very minimal indeed.

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net