[fw-wiz] Use content-based spam filters, not address-based ones

From: Ng Pheng Siong (ngps_at_netmemetic.com)
Date: 10/13/04

  • Next message: Paul D. Robertson: "Re: [fw-wiz] WLAN DMZ Ideas"
    To: firewall-wizards@honor.icsalabs.com
    Date: Wed, 13 Oct 2004 09:49:03 +0800


    I mostly lurk on this list. Now and then I post a followup. I just got a
    bounce from one of the addressees of my followup thusly:

    <XXX@XXXXX.XXX>: host XXXX.XXXXX.XXX[999.99.999.99] said: 554 Service
        unavailable; Client host [] blocked using cbl.abuseat.org;
        Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=

    I've only recently started using automatic spam filtering. This happens at
    the SMTP level, in two layers:

    1. Check the FROM address. This stops those pretend ones like
    ENGLIS2003blahblahblah@yahoo.com. It should be able to stop a lot of
    phishing ones too, but I let those thru anyway because I'm collecting them.

    2. Check the content after DATA has been received. I use the Python
    Spambayes package in a simple 20+ line script. (Trained on about a thousand
    spam and a thousand ham messages prior to deployment.)

    Just this two-layered filter is enough to bring my spam down to an
    acceptable level.

    I object to filtering by the other side's IP address. I've been delivering
    mail directly from my desktop for many years, when I discovered my ISP's
    SMTP relay was losing my mail silently. This was well before Canter and
    Siegal. *spit*

    Yeah, sure I have colo servers and I can set my desktop to relay mail off
    those, but why do the extra work? (For the longest time, I've concluded
    that much of IT work is "make work" generated by other IT people.)

    Sorry if this sounded like a rant. The technical takeaway: please consider
    using a content-based spam filter, not an address-based one.

    Thanks. Cheers.

    Ng Pheng Siong <ngps@netmemetic.com> 
    http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog
    firewall-wizards mailing list

  • Next message: Paul D. Robertson: "Re: [fw-wiz] WLAN DMZ Ideas"