[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] A response to the critique of my anti-spam system

To: asrg at ietf.org
Subject: Re: [Asrg] A response to the critique of my anti-spam system
From: Devdas Bhagat <devdas at dvb.homelinux.org>
Date: Tue, 14 Dec 2004 00:26:48 +0530
In-reply-to: <20041213184723.C796486B0E@ws7-1.us4.outblaze.com>; from mkaplansolution@lycos.com on Mon, Dec 13, 2004 at 01:47:23PM -0500
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
Mail-followup-to: asrg at ietf.org
Notice-requested-upon-delivery-to: devdas@dvb.homelinux.org
References: <20041213184723.C796486B0E@ws7-1.us4.outblaze.com>
Reply-to: Devdas Bhagat <devdas at dvb.homelinux.org>
Sender: asrg-bounces at ietf.org
User-agent: Mutt/1.2.5.1i

On 13/12/04 13:47 -0500, Michael Kaplan wrote:
> I admit that my knowledge of mail systems is finite, and I am not sure what you mean by "accepted," but this is how I envision current mail systems function as compared to my system:
> 
> Current mail systems
> Email arrives at the server and white listed email is passed on to the
> recipients inbox, everything else is passed through a filter >>> A strong
> filter removes 99% of spam and on a rare occasion a legitimate email. 
> The filtered spam is either discarded or sent to a bulk mail folder
> >>> Everything that escapes the filter arrives in the recipients inbox.
> 
God no. This approach doesn't scale to reducing spam at high volumes.
You start by filtering out stuff in the SMTP transaction. (Bad HELO/EHLO
names, syntax errors, greeting as the IP of the SMTP server, non
existing recipients). Then you allow whitelisted hosts through.
Then you check against DNSBLs and local IP blacklists and local sender
address and domain based blacklists.
Additionally, you may check for message lines which indicate malicious
content (attachments ending in .exe, .vbs, .hta, etc which generally
indicate malware).
Only mail that goes through this can hit the per user
whitelist/blacklist.

There are usually multiple levels of whitelists and blacklists, and the
global ones are usually dominant over the per user configs.

Only after 90%+ of the crap is rejected at the edge are you looking at
possible bulk mail filtering by content (UBE is about consent, not
content).

Devdas Bhagat

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- Re: [Asrg] A response to the critique of my anti-spam system
  - From: Michael Kaplan

Prev by Date: Re: [Asrg] A response to the critique of my anti-spam system
Next by Date: Re: [Asrg] A response to the critique of my anti-spam system
Previous by thread: Re: [Asrg] A response to the critique of my anti-spam system
Next by thread: Re: [Asrg] A response to the critique of my anti-spam system
Index(es):
- Date
- Thread