[Sussex] SPAM Filtering Revisited

Mon Aug 21 20:01:45 UTC 2006

Andy

On Mon, 2006-08-21 at 17:04 +0000, Andy Smith wrote:
> On Mon, Aug 21, 2006 at 04:48:05PM +0100, Steven Dobson wrote:
> > But you are sending me the forged e-mails, at least you are forwarding
> > them on to me.
> 
> No I am not!
> 
> If 192.168.0.5 connects to your mail server and gives you a mail
> that it says is from fuhwerfhu at strugglers.net then at what point
> have I been involved in this until you decide to connect to my
> servers to see if fuhwerfhu at strugglers.net is a real deliverable
> address?

I agree that you have had no part in the process up until this point.
But how can anyone tell that if any strugglers.net email address is
genuine unless I get strugglers.net involved?

The one thing I like about computers is that any system that is
repetitive is programmable.  So there must be a way to slove the forged
sender problem with requires no human intervention.

> I don't have a problem with people's systems doing various checks on
> my systems when my systems send mail to them.  I have a problem with
> machines all over the world connecting to me to verify emails that
> my systems never sent, especially when there is little practical way
> to ensure I am not overwhelmed by this!

If that is the case shouldn't you implement SPF and make sure you never
send any emails from outside your domain?  Unless you are claiming that
spam is not a problem.  I heard one pundit claime that 50% of all e-mail
sent to day are spam.  I'd say that that figure is about right judging
from the number of spams that hit my mail server every day.

> > Here is a real world example from today.
> 
> It should be noted that the example you give is not really related
> to sender CBV and is just about the perils of multiple mail servers
> passing on mail leaving the one at the end unable to take many
> useful antispam measures.

I didn't think this thread was just about CBV but about spam filtering
in general.

> SORBS is not perfect and many people disagree with its policies.
> 
> At lug.org.uk we don't use SORBS either, but if you would like us to
> use it for addresses that forward to you, and this list, then that
> should be no problem.

Okay, let me ask this another way.

What do you recomend as the best practices and policy for blocking spam?
What do you use?  You admin big e-mail servers that me.  I'm just a
small time home network admin.  I'm happy to learn from the "big boys".

> > So you trust Blackcat to do all the approprate checking that you do.
> 
> No, actually.  This is a very suboptimal solution and BCN's backup
> MX was only added because of the severe problems that we've been
> having with our main server for lug.org.uk.

Okay, I'll accept that as I know there are issues with lug.org.uk at the
moment, and if I have to get a little extra spam as a result so be it.

> As I say, if there are any extra antispam measures you would like
> enabled just for yuor and/or your list's lug.org.uk addresses then
> we can do that.  The only one I would be opposed to without careful
> thought is the sender CBV. :)

As I said I was looking for best practices.  One would appear to be the
checking an inbound IP against a list of known spam relays.  If SORBS
isn't the best then which one is better and why?

Steve