Firewall Wizards mailing list archives
Re: Use content-based spam filters, not address-based ones
From: jseymour () linxnet com (Jim Seymour)
Date: Thu, 14 Oct 2004 13:07:39 -0400 (EDT)
Ng Pheng Siong <ngps () netmemetic com> wrote:
Hi, I mostly lurk on this list. Now and then I post a followup. I just got a bounce from one of the addressees of my followup thusly: <XXX () XXXXX XXX>: host XXXX.XXXXX.XXX[999.99.999.99] said: 554 Service unavailable; Client host [219.74.168.48] blocked using cbl.abuseat.org; Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=219.74.168.48 I've only recently started using automatic spam filtering. This happens at the SMTP level, in two layers:
[snip]
Just this two-layered filter is enough to bring my spam down to an acceptable level.
I'm happy that's working for you. Some people think packet-filtering at the border is sufficient, and it works for them, too. To each his own.
I object to filtering by the other side's IP address. I've been delivering mail directly from my desktop for many years, ...
[snip] Best check that desktop, if it's a 'doze box. According to one of the CBL's people: "... that type of listing is overwhelmingly caused by Netsky worms." If you're not running a 'doze desktop, are you behind a NAT router, the LAN side of which has any 'doze boxes that might be infected? Perhaps you're on a dynamic IP, and the previous occupant is infected? It appears that are eight (8) more listings of the same type in that /24. If you're trying to email direct from a dynamic IP, then expect delivery problems. Prior IP residents getting the IP listed is only the start of the problem. Some people, like me, if enough garbage arrives from the same /24 w/in a certain time period, just list the entire /24. Then there are the "dynamic IP blocklists," which I also use.
Yeah, sure I have colo servers and I can set my desktop to relay mail off those, but why do the extra work?
[snip]
Because you want your email delivered, maybe? As I pointed out on another mailing list just earlier today: The days of "...be liberal in what you accept" are pretty much history. The Endless September, floods of spammers and crackers, virusware marketed as an "operating system," so-called "admin"s that can't tell a port from a hole in the ground, and ISPs that don't care that it's their own nest being fouled have pretty much seen to that. Jim _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Use content-based spam filters, not address-based ones Ng Pheng Siong (Oct 14)
- Re: Use content-based spam filters, not address-based ones Devdas Bhagat (Oct 14)
- Re: Use content-based spam filters, not address-based ones Jim Seymour (Oct 14)
- Re: Use content-based spam filters, not address-based ones Paul D. Robertson (Oct 14)
- <Possible follow-ups>
- Re: Use content-based spam filters, not address-based ones Abe Singer (Oct 17)