Great Circle Associates List-Managers
(May 2002)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: large ISPs blocking mailing lists
From: Nick Simicich <njs @ scifi . squawk . com>
Date: Mon, 20 May 2002 21:18:42 -0400
To: list-managers @ greatcircle . com
In-reply-to: <200205201416 . g4KEGQc18454 @ mailman . ucar . edu>
References: <200205161442 . g4GEgre08152 @ mail . rev . net>

At 08:16 AM 2002-05-20 -0600, Greg Woods wrote:
> 2) is arguably a violation of 2822 [which to my reading *requires* that
> sites accept email addressed to 'postmaster'].

Yes, and of course the spammers know this, and so my postmaster account
gets *tons* of spam. I am probably going to be forced to filter it just
because of the sheer volume. I can't find the legitimate messages inside
of the 300 or so spams my postmaster account receives daily.

As far as mailing lists go, the same problem exists. The bounces have to get through to the -owner addresses. But you do not want to read the spam.

I use postfix, which allows me to set up different anti-spam rules for different userids. Thus it is simple to set up a "restrictive" and a "permissive" set of spam protections and use different rules for each (in actual fact, I run 10 different levels for different classes of IDs and sometimes for individual ids). As an example, my -owner addresses for my lists use restrictive permissions, but since majordomo2 uses address extensions for bounce detection, I use permissive anti-spam for the *-owner\+\S+\@ (those of you who read regexp get the idea) so that I get the bounces from even poorly setup sites. The -request address and the list address (which are robots that can read spam without a problem) get permissive checks, but addresses or even versions of same that are read by humans get restrictive checks. I have personal addresses which get even different checks, and so forth.

I have probably wimped, but someone who would normally get rejected by my site can subscribe - by using the web site to subscribe. They can post, since the posting addresses will let someone post, who has confirmed, in almost all cases, even if they can't normally send mail to my system.

But, again, I am in the same dilemma. I have set up the postmaster and abuse addresses to accept mail even from misconfigured sites -- they get the least restrictive checks, the only thing that ever filters them is occasional wild site filters --- I've had a couple of sites go nuts and loop bouncing mail - they get dropped into a short term special filter so that I can restrict them at the RFC821 interface, but they also get a specific reason --- this happens *very* rarely.

I then filter the mail (even from postmaster) through maildrop to try and reduce the spam I actually read in detail. For the postmaster addresses in particular, I have found that checking the received line for reverse translation mismatches and helo mismatches and also checking the rfc822 headers for mail sent openly to postmaster as opposed to bcc'd is really good at sorting the spam sent to postmaster from the real e-mail sent to postmaster.

These checks are surprisingly accurate. I'll admit that without the country block for Korea and the rbl checks and the DNS checks, a ton of spam gets through to the postmaster addresses. A custom perl script displays just enough of the mail to allow me to make the spam-nospam decision very quickly, and spam ends up at the appropriate site (bounced and reported) whereas nonspam (what little does get falsely dropped into this bucket) can be quickly pushed back into the mail mainstream, with a tag such that it won't get refiltered.

A long time ago, it became clear to me that mail had to be dealt with by the 90-10 rule. 90% of the mail had to be dealt with a keystroke (or less) while 10% was worthy of a gui.

Without maildrop (or procmail) to presort the mail, this whole task would be a lot harder.

Why is this appropriate to list-managers? It is especially important that any system running a MLM have a contractible postmaster and abuse - and there has to be a way to read it and find the real complaints while skipping the fluff.

--
War is an ugly thing, but it is not the ugliest of things. The decayed and degraded state of moral and patriotic feeling which thinks that nothing is worth war is much worse. A man who has nothing for which he is willing to fight, nothing he cares about more than his own personal safety, is a miserable creature who has no chance of being free, unless made so by the exertions of better men than himself. -- John Stuart Mill
Nick Simicich - njs @
scifi .
squawk .
com




References:
Indexed By Date Previous: Re: solicited vs. unsolicited mail
From: Nick Simicich <njs @ scifi . squawk . com>
Next: Re: spamjinn.com for anti-span tools
From: kirk Bailey <idiot1 @ netzero . net>
Indexed By Thread Previous: Re: large ISPs blocking mailing lists
From: Greg Woods <woods @ ucar . edu>
Next: Re: large ISPs blocking mailing lists
From: Sharon Tucci <Sharon @ listhost . net>

Google
 
Search Internet Search www.greatcircle.com