Great Circle Associates List-Managers
(May 2002)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: for anti-span tools
From: Alvin Oga <alvin @ planet . fef . com>
Date: Sun, 19 May 2002 23:35:28 -0700 (PDT)
To: kimi @ kimbwei . com (kim brooks wei)
Cc: list-managers @ greatcircle . com, alvin @ planet . fef . com (Alvin Oga)
In-reply-to: <a05100305b90e1b94af23 @ [65 . 234 . 137 . 30]> from "kim brooks wei" at May 20, 2002 02:03:02 AM

hi ya kim..

> I've registered a website, which is available for a
> collaborative effort on building some spam-blocking tools.

sounds like fun ....

i spent the past week ... playing with sendmail + check_local
	( check_local-3.15, check_local-4.4, check_local-5...
		- antispam stuff
		- antivirus stuff
		- open relay stuff

	- checking headers and stuff... ( didn't quite work )
	( maybe incompatible with slackware-7.x

	- havent tested with suse-8.x and redhat-7.3...

	- faster/easier to just hit the "delete" key...
	but more irritating than spending a week on the silly problem

there are 126 RBLs....  most of um freee...

there are lot fewer procmail antispam filters...

spam should be stopped at these places...
	- at the router/firewlll
	- at the MTA ... reject what it thinks is spam
	- at the pop server ... rejecct with procmail
	- user based rules..

problem is lots of illegitimate DNS out there... that is the 
primary problem  of knowing a real spammer address from a misconfigured
DNS...   that oyu have to manually put back in as "accept real email"
from what is normally thought of as a spammer

Spammer is...
	- any server with bad/missing reverse dns
	- incorrectly addressed recipients
	- any bad/missing headers
	- anybody with fake return address
	- anybody that is in the RBLs... 
		- a big problems of the accidental opps that get you 
		into a blackhole... time consuming to dig your way
		back out of it

	- anything that says "Make money fast"  or "free viagra"
	and hundreds/thousands of other "keywords/phrases"

	- other spammer definitions ???

- too many legal isues for "defining" what is a spam at
  the isp level... but at a corporate level or user level ...  
	-- very easy to defend your/our claim that "this email" is 
	an obvious spam and waste of time/$$$/resources/productivity
	... etc...
a corraborative effort will help fighting spam in the 
following areas...
	- maintaining an uptod date RBL
	- maintaining a "header" checking tools
	- creating an app that checks content of the message

c ya
alvin .... antispam .. antivirus stuff...

> Maybe (some of) the following ideas will work:
> A website run by a group of interested parties which houses a
> block-spam database which is updated on a regular basis.
>       The database contains three lists: private servers delivering
> spam mail, multi-user servers allowing their servers to be used for
> spam mail and a list of ISPs and web(/mail)hosts that provide public
> service and voluntarily participate in the DATABASE
> program.
>       Facilitation is provided to participating ISPs/mail hosts who
> wish to block mail from the sites listed, for keeping their filters
> up-to-date.
>       Acess to the databases is by password, obviously.
>       Spam must be proven before servers are listed.
>       And naturally, tips to users on how to take steps to eradicate
> spam with links to all the good anti-spam sites that are out there
> today.
> Part 1	An ISP or mail host publishes a statement to its users that
> all mail from the addresses at will be filtered and
> blocked as undeliverable. Corrections or reports should be addressed
> directly to the site.
> Part 2	Any group or individual which sends out a mass (needs to be
> defined) mailing must cc his SMTP host (or a mutually agreed upon,
> third-party entity) with a copy of the email and receive (retroactive
> is OK) approval on the mailing. ISPs will investigate any mass
> mailings not following this procedure with an eye to blocking the
> outgoing mail privileges of mail that was sent out as spam.
> Mail that is sent out from a yahoo-groups address will be relayed on
> to those requesting to receive it. Other Yahoo mail (or mail from any
> heavy facilitators of spam mail) might be returned with a message
> like this,  "due to Yahoo proliferating too much spam, users of this
> service have requested that mail from Yahoo addresses be returned
> unread." Instructions could be provided on how to obtain an email
> address with a more responsible provider.
> .... gotta get Energizer b a t t e r  i   e    s .   .   .   n  o
> m  o r  e    p     o     w      e     r
> Kim
> --
> Please be well.
> Kim Brooks Wei    ?    P O Box 626 ? Fair Lawn ? NJ  07410   ?    V
> 201.475.1854

Indexed By Date Previous: Re: e-postage again
From: Chuq Von Rospach <chuqui @ plaidworks . com>
Next: Re: e-postage again
From: Nick Simicich <njs @ scifi . squawk . com>
Indexed By Thread Previous: Re: for anti-span tools
From: Chuq Von Rospach <chuqui @ plaidworks . com>
Next: Re: for anti-span tools
From: kirk Bailey <idiot1 @ netzero . net>

Search Internet Search