On Wed, 22 Jul 2009 10:31:35 -0600, Robert Lopez <rlopez...@gmail.com> wrote: > We get a lot of spam from a marketing company that uses hundreds of ip > addresses and hundreds of domain names but it always comes from > "support" at which ever names they are using that day. > > My supervisor wants me to block all email coming from "supp...@*".
Uhm, that plan is just plain wrong, sorry. Our ticketing system uses support@<ourdomain>, which would mean that you'd block all mails that are directed to/from our ticketing system. And I know that quite a lot of other companies use just the same local part for their ticket system(s) (which means that you wouldn't be able to communicate with their support, either), except when you manually whitelist them each time that you find out about one of these incompatabilities. > I have concerns about blocking legitimate email. You should have severe concerns in case you implement that kind of block, yes. Unless you don't correspond with _any_ other company (or rather, nobody ever sends you "unsolicited", but desired mail), I'd have severe doubts that blocking supp...@* this generally helps you even the slightest bit; you're just replacing one evil with another. Are the marketing emails somewhat "related"? I.e., could you train a bayesian filter to match and discard them? Or, do they have some kind of reappearing header (apart from the "From")? For the former, you could test by training a spambayes* with some "ham" and some "spam" (which in this case is the marketing letter[s]), and integrate that into the mail delivery chain using the local delivery agent. I use this method successfully to sort out some recurring chain-mails we receive from one of our suppliers, who doesn't seem to be able to unsubscribe us from his mailings. For the latter, you could use a Header-Check inside the smtpd_end_of_data_restrictions from Postfix. Those would be at least two _sensible_ routes to try, I'd say. * http://spambayes.sourceforge.net/ -- Heiko Wundram Gehrkens.IT GmbH FON 0511-59027953 | http://www.gehrkens.it FAX 0511-59027957 | http://www.xencon.net Gehrkens.IT GmbH Strasse der Nationen 5 30539 Hannover Registergericht: Amtsgericht Hannover, HRB 200551 Geschäftsführer: Harald Gehrkens, Daniel Netzer
