Re: Anti-Spam Router -- opinions?

[Joe Abley <jabley () isc org>]

On 6 Apr 2004, at 05:23, Michael.Dillon () radianz com wrote:

> To succeed against the spammers we need to IGNORE the content
> and target the behaviors. Why does your mail server accept
> incoming email from unknown and unauthenticated sources?
> Why does your mail server allow your customers to relay
> more than a few messages a day without special permission?

If the behaviours were easy to identify, there would be no spam.

My mail server accepts incoming e-mail from unknown and unauthenticated 
sources (a) because there is no widely-deployed mechanism to recognise 
or authenticate sources such that good ones can be distinguished from 
bad ones and (b) because the same sources are frequently responsible 
for sending spam and non-spam.

How do you distinguish between a home user sending twenty legitimate, 
real messages per day, and a home user whose PC has been 0wned, and 
which is sending twenty illegitimate messages per day?

The behaviours will adapt to defeat any attempt at classification. The 
content is the only thing which reliably identifies messages as spam, 
and the only way to classify the content with high confidence is to 
have the recipient read it and decide whether she is glad she received 
it.

I have now exceeded my self-imposed mailing list threshold of 0 
messages about spam per month.


Joe