Firewall Wizards mailing list archives
Re: Use content-based spam filters, not address-based ones
From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 14 Oct 2004 13:44:44 -0400 (EDT)
On Wed, 13 Oct 2004, Ng Pheng Siong wrote:
Hi,
Hello- I'm not totally opposed to the occasional rant- hence the approval, but I'm going to try to stop this one from getting too far out of hand...
I mostly lurk on this list. Now and then I post a followup. I just got a bounce from one of the addressees of my followup thusly:
One bounce isn't all that bad- you should see what comes to the list owner box...
Just this two-layered filter is enough to bring my spam down to an acceptable level.
That's acceptable level for you- not necessarily for anyone else...
I object to filtering by the other side's IP address. I've been delivering
I have filtering issues frequently- my colo provider gets lots of dirtbags who sign up for a server, spam, then come back with a new identity and credit card and do it again. They try to clean up, but they're on a blocklist now, and some measure of my mail doesn't get through. I figure if folks don't get my mail, then I'm not going to worry about it- what they accept for their security or connectivity policies is up to them- I wouldn't want them to tell me how to run my systems and networks, so I won't presume to tell them how to run theirs.
mail directly from my desktop for many years, when I discovered my ISP's SMTP relay was losing my mail silently. This was well before Canter and Siegal. *spit*
I have it worse- my colo provider used to host Wallace, so their level of innocence in all things spam is routinely challenged.
Yeah, sure I have colo servers and I can set my desktop to relay mail off those, but why do the extra work? (For the longest time, I've concluded that much of IT work is "make work" generated by other IT people.)
There's always a line with extra work- why stop my MTA from relaying? That's extra work! Why stop my systems from being used as zombies? That's extra work! Why patch vulnerabilities, that's extra work! Etc.
Sorry if this sounded like a rant. The technical takeaway: please consider using a content-based spam filter, not an address-based one.
I feel your pain- but everyone needs to decide how much pain they're willing to endure. I *often* get false positives from content-based filters from list postings, and to me, they're more of a pain than something that bounces the connection (those are handled automatically.) All solutions suck pretty equally, other than making spamming a capital offense globally. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Use content-based spam filters, not address-based ones Ng Pheng Siong (Oct 14)
- Re: Use content-based spam filters, not address-based ones Devdas Bhagat (Oct 14)
- Re: Use content-based spam filters, not address-based ones Jim Seymour (Oct 14)
- Re: Use content-based spam filters, not address-based ones Paul D. Robertson (Oct 14)
- <Possible follow-ups>
- Re: Use content-based spam filters, not address-based ones Abe Singer (Oct 17)