Author: Peter Bowyer Date: To: exim-users Subject: Re: [Exim] Opinions sought: Most effective spam reduction techniques
Kjetil Torgrim Homme <kjetilho@???> wrote: > On Tue, 2004-08-17 at 12:35 +0000, Peter Bowyer wrote:
>> I suggest (and use) the following set of measures in our
>> virtual-domain system, in order of increasing cost:
>>
>> 1. HELO checking - disallow bare IPs, HELO with any of your
>> domains[1], HELO not FQDN[1]
>> [...]
>> We've not found any FP issues at all with stages 1-6
>
> really? we have 2-3 cases per week where we reject e-mail from
> systems without FQDN HELO, or the name contains underscore, or their
> nameserver isn't responding (sender verify). we also get the odd
> false positive from sites which are open relays. changing our policy
> isn't being considered, and indeed many of these sites have fixed the
> problem after we told them about.
>
> (I call these false positives since the recipient actively wants the
> correspondence.)
Yes, that's the point - the definition of an FP depends as much on a
management decision as it does on something technical. I'd say that an FP is
not an FP if it meets the technical definition, you wouldn't.
> oh, and don't use SPF. MARID looks to be shaping up nicely, though.
I believe SPF is a useful first step. We block a few tens of 'SPF FAIL'
messages per day, no indication of any FPs. But many/all of these would have
been caught further down the chain. I do it mostly to see what the takeup
is.
