[fw-wiz] Use content-based spam filters, not address-based ones

From: Ng Pheng Siong (ngps_at_netmemetic.com)
Date: 10/13/04

Next message: Paul D. Robertson: "Re: [fw-wiz] WLAN DMZ Ideas"

Previous message: Christopher Hicks: "[fw-wiz] PKI is the pits?"
Next in thread: Devdas Bhagat: "Re: [fw-wiz] Use content-based spam filters, not address-based ones"
Reply: Devdas Bhagat: "Re: [fw-wiz] Use content-based spam filters, not address-based ones"
Reply: Jim Seymour: "Re: [fw-wiz] Use content-based spam filters, not address-based ones"
Reply: Paul D. Robertson: "Re: [fw-wiz] Use content-based spam filters, not address-based ones"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Wed, 13 Oct 2004 09:49:03 +0800

Hi,

I mostly lurk on this list. Now and then I post a followup. I just got a
bounce from one of the addressees of my followup thusly:

<XXX@XXXXX.XXX>: host XXXX.XXXXX.XXX[999.99.999.99] said: 554 Service
unavailable; Client host [219.74.168.48] blocked using cbl.abuseat.org;
Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=219.74.168.48

I've only recently started using automatic spam filtering. This happens at
the SMTP level, in two layers:

1. Check the FROM address. This stops those pretend ones like
ENGLIS2003blahblahblah@yahoo.com. It should be able to stop a lot of
phishing ones too, but I let those thru anyway because I'm collecting them.

2. Check the content after DATA has been received. I use the Python
Spambayes package in a simple 20+ line script. (Trained on about a thousand
spam and a thousand ham messages prior to deployment.)

Just this two-layered filter is enough to bring my spam down to an
acceptable level.

I object to filtering by the other side's IP address. I've been delivering
mail directly from my desktop for many years, when I discovered my ISP's
SMTP relay was losing my mail silently. This was well before Canter and
Siegal. *spit*

Yeah, sure I have colo servers and I can set my desktop to relay mail off
those, but why do the extra work? (For the longest time, I've concluded
that much of IT work is "make work" generated by other IT people.)

Sorry if this sounded like a rant. The technical takeaway: please consider
using a content-based spam filter, not an address-based one.

Thanks. Cheers.

-- 
Ng Pheng Siong <ngps@netmemetic.com> 
http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Paul D. Robertson: "Re: [fw-wiz] WLAN DMZ Ideas"

Previous message: Christopher Hicks: "[fw-wiz] PKI is the pits?"
Next in thread: Devdas Bhagat: "Re: [fw-wiz] Use content-based spam filters, not address-based ones"
Reply: Devdas Bhagat: "Re: [fw-wiz] Use content-based spam filters, not address-based ones"
Reply: Jim Seymour: "Re: [fw-wiz] Use content-based spam filters, not address-based ones"
Reply: Paul D. Robertson: "Re: [fw-wiz] Use content-based spam filters, not address-based ones"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]