Firewall Wizards mailing list archives
Re: Use content-based spam filters, not address-based ones
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Thu, 14 Oct 2004 22:11:52 +0530
On 13/10/04 09:49 +0800, Ng Pheng Siong wrote:
Hi, I mostly lurk on this list. Now and then I post a followup. I just got a bounce from one of the addressees of my followup thusly: <XXX () XXXXX XXX>: host XXXX.XXXXX.XXX[999.99.999.99] said: 554 Service unavailable; Client host [219.74.168.48] blocked using cbl.abuseat.org; Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=219.74.168.48
Responses offlist, please. I am not sure that firewall-wizards is the right place to debate policies that belong on spam-l or similar. I block based on a few DNSBLs, so you may want to use a smarthost for your mail instead.
I've only recently started using automatic spam filtering. This happens at the SMTP level, in two layers: 1. Check the FROM address. This stops those pretend ones like ENGLIS2003blahblahblah () yahoo com. It should be able to stop a lot of phishing ones too, but I let those thru anyway because I'm collecting them. 2. Check the content after DATA has been received. I use the Python Spambayes package in a simple 20+ line script. (Trained on about a thousand spam and a thousand ham messages prior to deployment.) Just this two-layered filter is enough to bring my spam down to an acceptable level.
Interesting. However, some of us do not want to even accept the data for simple reasons of bandwidth transfer, or because we know that filtering on the data is useless for our requirements. I wish that some of my mail would be filterable that way. Oh, and acceptable level of spam is zero. A tolerable level of spam, which does not impact normal mail much, is slightly above zero.
I object to filtering by the other side's IP address. I've been delivering mail directly from my desktop for many years, when I discovered my ISP's SMTP relay was losing my mail silently. This was well before Canter and Siegal. *spit*
Cool. I filter based on the IP address. We do that at $WORK too. http://nixcartel.org/~devdas/minute.png is a random minute of the day for us. That is just stuff rejected at the edge, based on a few DNSBLs and SMTP envelop checks.
Yeah, sure I have colo servers and I can set my desktop to relay mail off those, but why do the extra work? (For the longest time, I've concluded that much of IT work is "make work" generated by other IT people.)
Well, the only person who can decide if they want your mail, or not is the recipient (or the postmaster of the receiving server acting on behalf of the recipients on that server). If your mail meets their spam rejection criteria, too bad. Send your mail in a way that it doesn't meet those criteria.
Sorry if this sounded like a rant. The technical takeaway: please consider using a content-based spam filter, not an address-based one.
Spam is not about content, it is about consent. IMHO, that implies that spam rejection must be done before DATA. Devdas Bhagat _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Use content-based spam filters, not address-based ones Ng Pheng Siong (Oct 14)
- Re: Use content-based spam filters, not address-based ones Devdas Bhagat (Oct 14)
- Re: Use content-based spam filters, not address-based ones Jim Seymour (Oct 14)
- Re: Use content-based spam filters, not address-based ones Paul D. Robertson (Oct 14)
- <Possible follow-ups>
- Re: Use content-based spam filters, not address-based ones Abe Singer (Oct 17)