Girish Venkatachalam wrote: > Dear friends, > > Please excuse the silly subject line. I am unfortunately not qualified > enough to come up with a better one. > > First my assumptions, then my questions. Request inputs on both. > > Assumptions > --------------------------------------------------------------------- > > a) Most of the spam originates in USA.
Either incorrect or close to incorrect. IF it is correct, it is due to the number of computers in the USA, and "most" would mean "more than others". Avoiding US computers won't change your spam situation much at all (i.e., lopping off 30% of a problem still means you have a problem). The internet is truly global. Where you are really doesn't matter much. It costs the spammer the same to send to their next door neighbor as it does to send across the world (nothing!), so they don't discriminate by geography. > And high bandwidth links and busy > mail servers are common targets. totally incorrect, both as targets to send spam to and to get spam from. Sure, spammers love to plant their sending boxes in high-bandwidth places, but they happily use nets of home computers, too, and they are much easier to get. They don't care at all what your connection is at the receiving end. > b) Spam control strategies differ depending upon which leg of the spam > propagation cycle we are in. Let me explain. > > *) Spammers have some kind of 'radar' that looks for vulnerable > hosts/networks and they abuse them for carrying their traffic. Sometimes > ISPs connive with spammers and let them use their networks. At this > point, the spam is in the egg form. Irrelevant. You can't stop it at the source unless you really screwed up. :) (the "radar" is really trivial, look for machines that try to infect you with a virus, you know that machine is infected, you know how it got infected, you can now compromise it the same way. Yawn. That's just one way). > *) Once the spammer gets a foothold to munge his mail ID and > originating IP/network, then he looks for bandwidth guzzler techniques > involving smart programming involving a combo of IP and TCP techniques > to deliver millions of mails in a jiffy no. I am not sure what you are trying to say, but there is no magic. Just compromised and improperly managed computers, and simplistic delivery software. The delivery software almost never shows any real "smart" programming. A step up from the crap code of your typical virus, but hardly robust or skilled code, or they just use sendmail/postfix/qmail/ whatever. Any of these programs send mail as fast as most pipes will allow, there is no magic that lets you send millions of messages on a slow link in a couple seconds. > *) The final leg is when the spam reaches the destination MTA/ > user's mailbox yeah, but not sure what your point is, other than this is where you get to try to deal with it, assuming you control the MTA or your mailbox. > c) We have to necessarily use a combination of spam control strategies > for combating this disease. eh. Not really. Depends. I guess I use three systems, myself: 1) spamd greylisting. 2) Thunderbird's spam filtering system 3) the delete key. So, I guess I do use more than one, but all are "set and forget". My e-mail address is all over the 'net, so it isn't hard to find me, yet MOST of the spam I get is coming through OpenBSD mail servers. Spamd takes care of the vast majority of the rest. I'm amazed how effective it is for basically being "set up and forget". A friend of mine uses the "you can't find me" method for spam control. He gets a domain, gives an address to a very few people, and after a a few years when the address "escapes", he abandons the domain and uses a new one. Not my style. :) If you have low traffic and a small number of users, you can probably get by very well with one "high-end" spam control app. The problem there is scaling to huge numbers of users and messages. > Okay now for my questions. First please correct my assumptions. Thanks. > > Questions > --------------------------------------------------------------------- > > 1) Since my field of activity is neither USA nor do I have access to > high bandwidth what effect will greylisting have on me? Is there a point > in using greylisting since it is highly unlikely that someone is going > to use me/my networking/my MTA as scapegoat for sending spam they will be sending spam TO you. That's what greylisting is going to help you with. > 2) case b) also does not apply since very few routers here run BGP or > give spammer enough ammo for his job. Should I still go in for clever > tricks with pf and spamd like greytrapping, source tracking, > blacklisting etc.? doesn't hurt, will help. I have no idea why you think what your routers run will influence the spam sent to you. You posted a message to a public e-mail list, spammers will figure out you exist. You have friends that stick your name along with hundreds of other names on a stupid "send to everyone you know" human-propelled virus mail, again, the spammers will find you. Other friends have virus infected machines, spammers will find you. Put your address on a web page, spammers will find you. They don't care about your routers or the speed of your server or what country you are in. I have a few e-mail addresses that are entirely guessable that get more mail from people guessing my personal address (incorrectly) than spam, yet other mail addresses on the same domain or server get hammered. If they don't see you, they don't know you exist. I get this at work regularly...people call and complain that they just suddenly started getting huge amounts of spam. Why? Because someone let their e-mail addresses land in the spammer's address lists. When no one knows you are there, you get no spam. When you are seen on the net, you become known. Unfortunately, your friends have much more control on your exposure than you do. MOST spam control systems are very processor intensive. Greylisting, greytrapping and the like are all almost no-load solutions. Even if you do decide you need more, greylisting/greytrapping significantly reduces the number of messages you need to look at, so you don't have to do as much processing. This is good. > 3) I hate spamassassin and I love dspam and its statistical filtering > math. But alas, the project is largely unmaintained and dying. What > alternative do I have in combating spam by textual analysis, context > sensitive Bayesian techniques and so on? Assuming this is a personal mail server, first of all, see how much gets through spamd. If not much, use your delete key for the rest. IF you really have a problem, then get fancy. Don't make your life difficult if you don't have a problem. Nick.
