Politech mailing list archives

Previous By Date Next
Previous By Thread Next

FC: One last reply on "nice" spam filters

From: Declan McCullagh <declan () well com>
Date: Tue, 17 Jun 2003 00:49:50 -0400

---     

Date: Sun, 15 Jun 2003 12:19:54 -0700 (PDT)
From: Joe St Sauver <JOE () OREGON UOREGON EDU>
Subject: Re: "Nice" Spam Filtering Respones
To: declan () well com, brad () crisp net

Hi,

Your recent post to politech was passed along to my by a colleague... had
a few comments for y'all (interposed inline below):

#       A) Of the Open Relay blockers, most people seemed to like ORDB (
#http://www.ordb.org ).  It scours the net looking for open relays, just
#like Orbz used to do.

I would encourage you to also check out the mail-abuse.org RBL+ (see
http://mail-abuse.org/rbl+ ). Not free, but pretty cheap (at for
.edu/nonprofit type folks). It does a nice job on open relays and some
other classes of content.

#       B) Of the proxy blockers, there was no clear consensus, but
#opm.blitzed.org and proxies.relays.monkeys.com seemed to be the favorites.

I've been looking at the open proxy problem a little, and I think I'd
suggest Wirehub/Easynet instead. Feel free to see:

http://darkwing.uoregon.edu/~joe/proxy-dnsbl-comparison.gif

http://darkwing.uoregon.edu/~joe/open-proxies-used-to-send-spam.html

http://darkwing.uoregon.edu/~joe/proxies/ (this last link is for a paper
talking about the Open Proxy Problem that I presented at the Internet2
Member Meeting in Arlington a month or two ago; PDF and PowerPoint formats
are provided)

#       C) Of the manual spam blockers, ones that add known spam sources manually,
#the Spamhaus SBL ( http://sbl.spamhaus.org ) is by far the most recommend,
#and probably fits the bill of the "nicest".

Yep, the SBL is definitely the correct choice there.

#       D) There is actually one aggregate.  blackholes.easynet.nl contains both a
#list of open proxies and the spamhaus sbl, but not an open relay blocker.
#
#2) Additionally, there are two other methods for blocklists, but I'm not so
#sure they fall under "nice".  The first is country blockers.  These block
#all e-mail from the designated country.  ( china.blackholes.us
#korea.blackholes.us  nigeria.blackholes.us ) As a business ISP, I'm not so
#sure I can just go and block whole countries, but I'll wager they would
#stop a good chunk of spam.

I would urge ASN-based blocks rather than country based blocks. There are
definitely ISPs that don't give a damn (including Chinanet, China Netcom
and Kornet, among others, see
http://darkwing.uoregon.edu/~joe/spam-friendly-carriers.html ), but those
ISPs don't necessarily fully occupy a given geographic region. :-)

#The second is blocking "dynamic" and "dialup"
#IP's.  Essentially, these sites try to track IP's that belong to dialup and
#cable modem users.  As someone who runs a home server off his cable modem,
#I think this is a bad idea, but others might want to consider it.

We handle these via local /etc/mail/access rulesets -- works great for us
for the most part.

#3) Lastly, everyone seems to love SpamAssassin.  One person even sent me a
#message ten times saying I should use SpamAssassin and probably just didn't
#know how to use it properly, despite my original message stating
#SpamAssassin was not what I was looking for.

I guess I must be the one exception. I discuss a number of the reasons why
I'm less than enthusiastic about content based filtering as a solution at
http://darkwing.uoregon.edu/~joe/spamwar/ (presented at the Northwest
Academic Computing Consortia meeting a week or two ago).

#The problem is managing its
#use for 20,000 people.  Different people will want different levels of
#SpamAssassin.  I use it myself, but I have to order it in procmail
#carefully, otherwise it will mark all of my nightly root-mail and other
#cron jobs as spam.

delay_checks allows one to exempt certain addresses from filtering if you're
using sendmail. This should be done to insure that RFC 2142-mandated addresses
don't filter complaints/requests for unblocking, etc.

Regards,

Joe




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
-------------------------------------------------------------------------
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: