On Thu, 12 Feb 2009, Jesse Stroik wrote:
John Hardin wrote:
On Thu, 12 Feb 2009, Kris Deugau wrote:
> What do you do to push that last 5% or so of missed spam over the
> threshold from nonspam to spam?
Do you greylist?
Of course not. The assumption that spammers cannot follow RFCs is a silly
one.
The assumption is not that they _cannot_ follow RFCs. The assumption is
that they _ignore_ them where they feel it impacts throughput. See also
pre-greeting.
There are a variety of greylisting/triplet techniques that make some
sense but only if you assume that spammers won't likely use RFC
complaint mailers anytime soon.
Many still do not. Again, it's not a silver bullet, but it does still
shave off a portion of the volume.
In addition, even if all spammers *do* retry and greylisting by itself
doesn't block *any* spammy messages, the delay gives the DNSBLs that much
more time to list new spamvertised domains.
Do you use any MTA-level DNSBLs?
No. I allow spamassassin to query dcc/pyzor/spamcop, but I don't trust
any one or even two of those DNS/URL blacklists with enough points to
categorize something as spam on their own because all of those
blacklists have had false positives. Especially spamcop.
How do you feel about zen?
The tendency I've observed in people is to see that you are getting
95-98% of their spam filtered (say, they were getting 200 a day, now
they get 3) and they want to find some way to get the filter to catch
those last three.
Delete the last three.
Ultimately that's what you have to do. The only way to automatically
filter 100% of spam is to unplug your MTA from the 'net.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Of the twenty-two civilizations that have appeared in history,
nineteen of them collapsed when they reached the moral state the
United States is in now. -- Arnold Toynbee
-----------------------------------------------------------------------
Today: Abraham Lincoln's and Charles Darwin's 200th Birthdays
