I sympathize to an extent. I filter spam strictly on header information;
actually it works quite well, but some things are apparent.
On Fri, 26 Mar 2021, Phil Stracchino wrote:
On 3/22/21 11:28 PM, Phil Stracchino wrote:
On 3/20/21 10:33 PM, li...@lazygranch.com wrote:
This stops many a spammer. I forget who posted the info on the fqrdns
but that is very effective as well.
So I switched a couple of days ago now to using this instead of
reject_unknown_helo_hostname. So far it seems to be working well.
With a few days more observation, it turns out that not only does the
fqrdns list not block any of my current incoming spam, but it DID block
at least one major source of legitimate incoming mail. So it did more
harm than good.
I question whether blocking dynamic IP ranges is actually a valid and
useful antispam measure any more.
The motivations of someone who serves multiple constituencies are
different from someone who serves only one. The tactics and considerations
of someone who's job is to "deliver all mail" is different from someone
who's objective is to "stop spam". Both of these are confounded by
otherwise legitimate third parties who would pay a spammer to deliver
their precious mail if they were the lowest bidder (and they don't care
what their third party servicer does with your personal information
afterwards).
What is spam or is not spam is partly in the eye of the beholder and
partly over the horizon for them: someone who regularly conducts business
with some entity may not care or even be completely unaware that said
entity sends unsolicited communications to others.
At the present time, there are two infrastructure tells which enable me to
filter 95% of spam; there are innumerable manifestations of those tells,
you only need to choose one manifiestation of each and you're pretty much
guaranteed a 95% success rate.
If you serve multiple consituencies, that should be good enough; let them
fine tune it if they care, you can even tell them it's for respect of
their privacy rights.
There are many things which suggest other things about infrastructure,
reverse DNS is one of them. (Have I /ever/ received email I care about
from domains hosted on these nameservers? Out of all the nameservers in
all the world, why do I get so much mail from domains served by them?)
However while these sorts of infrastructure hints are generally
suggestive, nothing of this sort is a reliable positive, or negative, test
for spam. I've got stuff in the email processing chain to account for it,
but I'm not expecting Postfix to do it.
--
Fred Morris
