Dear friends,
Please excuse the silly subject line. I am unfortunately not qualified
enough to come up with a better one.
First my assumptions, then my questions. Request inputs on both.
Assumptions
---------------------------------------------------------------------
a) Most of the spam originates in USA. And high bandwidth links and busy
mail servers are common targets.
b) Spam control strategies differ depending upon which leg of the spam
propagation cycle we are in. Let me explain.
*) Spammers have some kind of 'radar' that looks for vulnerable
hosts/networks and they abuse them for carrying their traffic. Sometimes
ISPs connive with spammers and let them use their networks. At this
point, the spam is in the egg form.
*) Once the spammer gets a foothold to munge his mail ID and
originating IP/network, then he looks for bandwidth guzzler techniques
involving smart programming involving a combo of IP and TCP techniques
to deliver millions of mails in a jiffy
*) The final leg is when the spam reaches the destination MTA/
user's mailbox
c) We have to necessarily use a combination of spam control strategies
for combating this disease.
Okay now for my questions. First please correct my assumptions. Thanks.
Questions
---------------------------------------------------------------------
1) Since my field of activity is neither USA nor do I have access to
high bandwidth what effect will greylisting have on me? Is there a point
in using greylisting since it is highly unlikely that someone is going
to use me/my networking/my MTA as scapegoat for sending spam
2) case b) also does not apply since very few routers here run BGP or
give spammer enough ammo for his job. Should I still go in for clever
tricks with pf and spamd like greytrapping, source tracking,
blacklisting etc.?
3) I hate spamassassin and I love dspam and its statistical filtering
math. But alas, the project is largely unmaintained and dying. What
alternative do I have in combating spam by textual analysis, context
sensitive Bayesian techniques and so on?
Finally I have the choice of using hackish solutions like tagging mails
with X-spam-* scores with procmail or other filters with collaborative
user feedback from shared databases. Kind of like the DCC stuff by
Vipul's razor or gmail.
I also believe that without user feedback and individual training spam
cannot be combated effectively. Each user has his own behavioral
patterns when it comes to mail.
How should I design my spam control 'fishing net'?
I don't want to make the holes in my net too small thereby catching
small fish (false positives), at the same time I should catch big
fishes.
Thanks for your inputs and pardon my ignorance and this lengthy mail.
Happy new year folks! ;)
- Girish
