Re: Debian and spam

Tue, 23 Nov 2004 06:42:06 -0800 

on Sat, Nov 13, 2004 at 06:04:57PM -0500, Carl Fink ([EMAIL PROTECTED]) wrote:
> On Sat, Nov 13, 2004 at 12:15:00PM -0800, Paul Johnson wrote:
> 
> > I tend to prefer real email management over fake email address hacks.
> > Keeps everything simpler, makes the spam easier to report, etc.
> 
> Who are you reporting spam to, anyway?  I'd like to contribute but I'm
> woefully out-of-touch.

Personally, my own recommendation would be that you don't.  It's a lot
of traffic, and you have to deal with massive amounts of unreachable
addresses, etc.  Not to mention false hits.

That said, I do it, and have written tools to do same:

    http://linuxmafia.com/~karsten/Downloads/SpamTools.tar.gz

Scripts are defanged by default, some of the configurations are specific
to my own needs, you *will* shoot yourself in the foot, but if you want
to report spam at a rate of one per 20-40 seconds, this will do it.
I've reported some 55k+ spams so far since March.

For a simpler solution, SpamCop works well.

My own main interests are:

  - Finding out where spam comes from (Korea, China, SBC).  Fully 15%
    (more or less) comes from one network, 25% from the top 3-5
    networks.

  - Finding out what DNSBLs are accurate (SpamCop, SpamHaus), a few
    others.

  - Finding out if reporting cuts the spam load (not much).


The most useful thing I've found is the DNS-based IP to ASN / CIDR
mapping resource at http://www.routeviews.org/.  This lets you aggregate
spam to a high level and identify trends, very readily.

More stats and stuff on my homepage (below), and by Googling "spam by
asn", particularly on the linux-elitists mailing list.

Upshot of all of this:  a soon-to-be-released version of SpamAssassin
should be incorporating ASN and/or CIDR classification for automated
scoring on these characteristics.  I'd like to see MTAs and firewalls
pick up similar capabilities.


Peace.

-- 
Karsten M. Self <[EMAIL PROTECTED]>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    MX Radio - With Bob Edwards, who needs NPR?       http://www.xmradio.com/

Attachment: signature.asc
Description: Digital signature

Reply via email to