On Wed, 15 Oct 2008, Michael Deutschmann wrote:
You could set your system up to automatically whitelist any address your
customer mails to. This will protect you if someone your customer is
already talking to suddenly gets listed.
Already do that. And use honeypots for blacklisting (and content filter
training) - as well as behavioural triggers, like 4 forged MFROMs in a row from
an IP gets it blacklisted, and 4 nonexistent RCPTs from a MFROM gets the IP
blacklisted (and the MFROM blacklisted if SPF Pass). The blacklist (and
whitelist) is self-maintaining. Paying for a public blacklist, which I then
have to make exceptions for, would not save me or the MTA any work.
One customer was already using 4 public blacklists - and still getting hundreds
of thousands of spams per day to the inbox (2 million connections per day). We
purchased a commercial spam filtering contract. As soon as I switched the
MX records, the company (who shall remain nameless) deleted our account
and threatened to sue us for crashing their mail server and denying
service to all their other customers (Duh - that's why we needed your
spam service people). We then switched to spamsoap, which had no problem with
the volume, but still let thousands of spams per day through. So I upgraded
the MTA to a low end 2.8Ghz Pentium D with 1G ram on a 5mbit cable account, and
handled it myself. The python script quickly built a blacklist and handles the
2 million connections while serving PHP pages without breaking a sweat (95%
idle). The first company must have been doing something lame like trying
to run spamassassin on each and every message. Spamsoap could be worthwile
just to cut the connection rate (they use public blacklists) - but then SPF has
to use the Received header field.
I think the next feature will be NS reputation. Unfortunately, the spammers
will simply start using throwaway domains for NS servers. But they
aren't yet.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com