Re: Use content-based spam filters, not address-based ones

["Paul D. Robertson" <paul () compuwar net>]

On Wed, 13 Oct 2004, Ng Pheng Siong wrote:

> Hi,

Hello- I'm not totally opposed to the occasional rant- hence the approval,
but I'm going to try to stop this one from getting too far out of hand...

> I mostly lurk on this list. Now and then I post a followup. I just got a
> bounce from one of the addressees of my followup thusly:

One bounce isn't all that bad- you should see what comes to the list owner
box...

> Just this two-layered filter is enough to bring my spam down to an
> acceptable level.

That's acceptable level for you- not necessarily for anyone else...

> I object to filtering by the other side's IP address. I've been delivering

I have filtering issues frequently- my colo provider gets lots of dirtbags
who sign up for a server, spam, then come back with a new identity and
credit card and do it again.  They try to clean up, but they're on a
blocklist now, and some measure of my mail doesn't get through.  I figure
if folks don't get my mail, then I'm not going to worry about it- what
they accept for their security or connectivity policies is up to them- I
wouldn't want them to tell me how to run my systems and networks, so I
won't presume to tell them how to run theirs.

> mail directly from my desktop for many years, when I discovered my ISP's
> SMTP relay was losing my mail silently. This was well before Canter and
> Siegal. *spit*

I have it worse- my colo provider used to host Wallace, so their level of
innocence in all things spam is routinely challenged.

> Yeah, sure I have colo servers and I can set my desktop to relay mail off
> those, but why do the extra work? (For the longest time, I've concluded
> that much of IT work is "make work" generated by other IT people.)

There's always a line with extra work- why stop my MTA from relaying?
That's extra work!  Why stop my systems from being used as zombies?
That's extra work!  Why patch vulnerabilities, that's extra work!  Etc.

> Sorry if this sounded like a rant. The technical takeaway: please consider
> using a content-based spam filter, not an address-based one.

I feel your pain- but everyone needs to decide how much pain they're
willing to endure.

I *often* get false positives from content-based filters from list
postings, and to me, they're more of a pain than something that bounces
the connection (those are handled automatically.)

All solutions suck pretty equally, other than making spamming a capital
offense globally.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards