Am 01.12.2014 um 23:46 schrieb Franck Martin:
On Nov 26, 2014, at 10:50 AM, Reindl Harald <h.rei...@thelounge.net> wrote:Am 26.11.2014 um 19:45 schrieb Franck Martin:On Nov 26, 2014, at 10:19 AM, Matthias Leisi <matth...@leisi.net <mailto:matth...@leisi.net>> wrote:Agreed, it is cheap in resources. However, it will be easier to add to a domain blocking list than to add to an IPv6 blocking list. May be first line of defense is the wrong naming. IPv6 blocking lists will be to remove the extreme badness of the Internet"domain blocking list" is already done with SpamAssassins URIBLonly URLs found in the email, that’s very limited.
stats saying something different
blocking sender domains blindly is error prone because you penalty a legit domain because some faced forged sendersYou think that spamhaus, SURBL, URIBL, and any other reputable list service would add in their blocking list a legit domain because some faced forged sender?
no, but many "i know enough" admins are error prone in that case
I think they do know the difference, and even in the case they do collateral damage, they provide public resolution forms, as long as the sender knows how to resolve the block... Have you tried to block based on the domain in the envelope from or From: header? What is your experience?
that a good forged email is often hard to distinct
My experience says it is very useful
my point in context of that thread is that using previous valid addresses as honeypot is dangerous to stupid - you have no clue in most cases about the context how the RCPT got chosen and i know a lot of people sening once or twice a year some mail to their limited address book
congratulations if you in that case (you can't know) block the whole sending server because one of your team memebers left
the point of spam filtering is get out the junk *but* the point of maintain a mailserver is to receive 100% legit mail and if that means 5 junk mails get through - so what - block 5 legit important mails because you want to achieve 100% junk free does much more damage
i am coming from a commercial solution where the vendor more and more started to reahc 100% hit rate with growing collateral damage up to just inacceptable
a user can easily delete 5 junk mails a user can impossible know and re-receive wrongly blocked maildo what you want - i personally would use valid RCPT addresses only over my dead body as a honeyot some months after the address no longer is used
signature.asc
Description: OpenPGP digital signature
