Great Circle Associates List-Managers
(June 1998)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: RE: Spam Filtering and Messy Details
From: Todd Day <today @ di . com>
Date: Thu, 11 Jun 1998 23:23:55 -0700
To: "'List-Managers @ GreatCircle . COM'" <List-Managers @ GreatCircle . COM>

>It's a retorical question, but you get my drift.  Bulk E-mail
>spam has changed the nature of the net forever and there is no going
>*Somebody* is going to have to make some small sacrafices in order for
>us to get rid of this crap, and it may (unfortunately) end up being the
>owners and operators of legitimate mailing lists.

One of the hard lessons in life is that in a free society, you must
continually fight to defend your freedom.  While your proposal has many
positives, at the core, it is a throwback to a centrally managed system
that is the antithesis of the promise of the Internet.  As such, it is
doomed to failure.

I think each site is going to have to approach SPAM filtering their own
way.  Let me describe what I am doing to fight SPAM at my site and on my
e-mail lists.

Not only do I manage and moderate a few e-mail lists, I also take care
of e-mail connectivity for the company I work at.  We've been hard hit
here by SPAM since many employees were quite active on Usenet and
investment lists the second we got on the Net.  I considered it a
challenge to block or blunt the attempts of SPAMmers to sneak
advertisements into our company.  I went out and read up on all the cool
new features of Sendmail 8.8.8 and installed a four level SPAM blocking
system in our  I used the information found in Ron's handy
blacklist to seed my database of sites to block or deflect.  This action
cut down on about 40% of our inbound SPAM.

I then went out and found the SPAMCAN patches for Sendmail.  These have
been a godsend.  I patched SPAMCAN so that it still forwards the e-mail
to the intended person, but puts a special SPAMtag into the first line
of the message.  I then taught the employees how to write a filter to
remove these marked messages from their Inbox and into a separate folder
for them to peruse at their leisure.  I did this because I'm afraid of
someone sending a legitimate message subject of, "I have tons of $$$$
and I want to buy your products" - I don't want to accidentally trashcan
a message like that! (The $$$$$ can set off the filters since it is used
in the Subject line by a lot of SPAMmers.)  Even though the employees
still look over the SPAM (most can be deleted simply by looking at the
>From or Subject lines), they don't seem to mind because the messages
don't appear in their Inbox.  It feels like a small victory.

This worked pretty well, but then started to not work so well.  The
SPAMmers were changing tactics and headers and Internet providers and
more were making it through my filters.  What to do?  The third weapon
in my arsenal is a public folder I created called "Junk Mail".  Whenever
an employee finds some SPAM that did manage to bypass my traps and is
not marked with the SPAMtag, they place it in this folder.  Every month
or so, I go through the folder, looking for common sources (so I can
block IP banks) or common headers (so I can SPAMCAN messages with new
filter entries).  I have found Ron's recently released ipw tool useful
in tracing IP blocks to a common source.

This combination has proven to be quite powerful.  Employees who got the
worst of the SPAM report the amount of SPAM they now get has been cut
down by 98%.  But how does this relate to e-mail lists?  Already, my
lists are protected by the same IP-block rejection and
destination/source filtering that protects employee e-mail.  And I've
modified majordomo to reject any inbound message marked with my special
SPAMtag.  I have one fully moderated list - I've only had to delete one
SPAM message from it in over three years.  I have a handful of
unmoderated lists and digests.  Majordomo screens out about 5 SPAM mails
per week.  I think two have gotten through in the past three years.

So, none of this may apply to the smaller list owner not running their
own site.  But a lot of us here also have other network administration
duties that might include generic e-mail service.  For those in this
position, I highly recommend looking up the new SPAM filtering methods
found in Sendmail 8.8.8.  I also recommend the SPAMCAN patches to
Sendmail.  They've made handling SPAM at my site a lot more fun. :-P

-todd-  <<-- used to be there, at
least - site was down when I wrote this

Indexed By Date Previous: Re: Ron's idea (and mine)
From: Chuq Von Rospach <chuqui @ plaidworks . com>
Next: Re: Finding A Listowner
From: Rich Kulawiec <rsk @ gsp . org>
Indexed By Thread Previous: IMHO
From: johnjohn @ triceratops . com
Next: Re: [spamtools] Spam Filtering and Messy Details.
From: Stan Ryckman <stanr @ sunspot . tiac . net>

Search Internet Search