« Links Roundup | Main | Simon Waters Makes Our Case for Us »

June 16, 2005

Jef Poskanzer on Eliminating Spam

Jef Poskanzer has written up a readable, if highly opinionated, list of ways to completely block spam. Also using sendmail, he's taking a fairly hard line, which I applaud. The Background is very similar to the story that inspired enemieslist, though he's obviously gotten an order or two of magnitude more spam than we ever got here. But the basic story is the same: tried this, didn't work well enough, tried that, didn't work well enough, tried combining them, no luck or not enough luck, decided to get serious, hacked my own sendmail.cf, etc.

Many of his recommendations are tweaks to sendmail's defaults, some require recompiling, some use software he wrote. Most rely on detecting and blocking mail from hosts that behave antisocially, which is essentially how enemieslist works. Unfortunately, with the exception of the sendmail configuration changes, most of his approach relies on post-DATA tests. So, even though he's blocking most of his mail, he's accepting most of it first. (This may be affected, for now, by the use of GreetPause, but once the next round of worms is out and knows how to work around it, that won't help him).

Far better, IMHO, to refuse mail from hosts without properly set up non-generic reverse DNS and cut out two thirds of the noise right off the bat. His refusal to use DNSBLs is understandable - we had a similar lack of trust in them when we got started (both in their owners/operators and in whether they'd be around in a few months, given the high rate of DDoS'd dropouts in early 2003). And yet, we use several DNSBLs here, and while they are helpful (blocking over 40% of all inbound delivery attempts) they're not a panacea. If anything, they're cheaper than wasting CPU on Bayesian analysis, though. Poskanzer should reconsider DNSBLs. Between SBL/XBL (which includes CBL) and DSBL, we've grown pretty reliant on them even though we have faith in our own antispam solution, because while they work it makes sense to use them. Once they're gone, if they go away, we can look at the problem differently. But for now? Use them.

Posted by schampeo at June 16, 2005 3:37 PM

Search Blog

Browse

• Archives
• Categories
  • antispam in practice
  • consortiae
  • gripes
  • history
  • legal
  • news
  • privacy
  • project
  • security
  • spammers
  • studies and statistics
  • tactics
  • tools
  • viruses and worms

Feeds

• RSS
• ATOM

• Classifications
• News
• Request Eval