Re: Use content-based spam filters, not address-based ones

[Devdas Bhagat <devdas () dvb homelinux org>]

On 13/10/04 09:49 +0800, Ng Pheng Siong wrote:
> Hi,
>
> I mostly lurk on this list. Now and then I post a followup. I just got a
> bounce from one of the addressees of my followup thusly:
>
> <XXX () XXXXX XXX>: host XXXX.XXXXX.XXX[999.99.999.99] said: 554 Service
>     unavailable; Client host [219.74.168.48] blocked using cbl.abuseat.org;
>     Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=219.74.168.48

Responses offlist, please. I am not sure that firewall-wizards is the
right place to debate policies that belong on spam-l or similar.
I block based on a few DNSBLs, so you may want to use a smarthost for
your mail instead.

> I've only recently started using automatic spam filtering. This happens at
> the SMTP level, in two layers: 
>
> 1. Check the FROM address. This stops those pretend ones like
> ENGLIS2003blahblahblah () yahoo com. It should be able to stop a lot of
> phishing ones too, but I let those thru anyway because I'm collecting them.
>
> 2. Check the content after DATA has been received. I use the Python
> Spambayes package in a simple 20+ line script. (Trained on about a thousand
> spam and a thousand ham messages prior to deployment.)
>
> Just this two-layered filter is enough to bring my spam down to an
> acceptable level.

Interesting. However, some of us do not want to even accept the data for
simple reasons of bandwidth transfer, or because we know that filtering
on the data is useless for our requirements.

I wish that some of my mail would be filterable that way.

Oh, and acceptable level of spam is zero. A tolerable level of spam,
which does not impact normal mail much, is slightly above zero.

> I object to filtering by the other side's IP address. I've been delivering
> mail directly from my desktop for many years, when I discovered my ISP's
> SMTP relay was losing my mail silently. This was well before Canter and
> Siegal. *spit* 

Cool. I filter based on the IP address.
We do that at $WORK too. http://nixcartel.org/~devdas/minute.png is a
random minute of the day for us. That is just stuff rejected at the edge,
based on a few DNSBLs and SMTP envelop checks.

> Yeah, sure I have colo servers and I can set my desktop to relay mail off
> those, but why do the extra work? (For the longest time, I've concluded
> that much of IT work is "make work" generated by other IT people.)
Well, the only person who can decide if they want your mail, or not is
the recipient (or the postmaster of the receiving server acting on behalf 
of the recipients on that server). If your mail meets their spam
rejection criteria, too bad. Send your mail in a way that it doesn't
meet those criteria.
 
> Sorry if this sounded like a rant. The technical takeaway: please consider
> using a content-based spam filter, not an address-based one.

Spam is not about content, it is about consent.
IMHO, that implies that spam rejection must be done before DATA.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards