Re: [exim] SPAM Filtering - Losing the war!

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] SPAM Filtering - Losing the war!
Marc Perkel wrote:

>
> Odhiambo Washington wrote:
>
>>    "Junk mail is war. RFCs do not apply."
>>        --Wietse Venema

>>
>>
>>
>>Hello!
>>
>>With the recent upsurge of spam, I am strongly compelled to ask:
>>
>>Is there anyone on this list who can afford to brag about the
>>effectiveness of their spam filtering techniques? (With the
>>exception of Marc Perkel ;))
>>
>
>
> To tell you the truth I'm losing ground lately against spammers. Two
> reasons. The Image spam is getting through and because it poisons the
> bayes I've lost much of the effectiveness of bayes filtering. I'm still
> holding on but I've had people who I hosted for for over a year who
> never had a single spam who are now getting a few. I am also having a
> few more false positives than I used to.
>
>



By contrast, we are *gaining* ground. But the reason has almost nothing to do
with Exim per-se or clever rules in general.

It has to do with turning the entire equation around.

To wit:

- spend less time tuning for manipulation of mal-arrivals, and more time in
face-to-face meetings with principle decision-makers explaining the costs, lost
time, and commercial / personal risk of NOT acting firmly.

We needed that so as to get approval to use the 'heavy weapons' in our arsenal.
Latest such meeting earlier today.

It hasn't hurt the 'cause' that everyone has noticed an increase in what gets
past the filters. The articles in public press as well as trade journals
outlining the *billions* at stake are making *everyone* more aware that their
own bank or brokerage accounts are at risk.

Nor has it hurt that the whiners and complainers have found the mail from their
non-compliant 'servers' is being blocked by more than just *our* servers.

*

- *WE* - the mailadmins of the world - have handed the spammers the environment
they need to grow and prosper. The time for 'be generous as to what you
accept..' and fawn over 'false positives' is gone. Ancient history.

*

If every 'honest' MTA on Planet Earth started dropping rDNS fail, dynamic-IP
sources, and HELO vagaries on a specific date, the problem would abate
dramatically same-day

Nothing overly clever about such rules.

One needs two things:

- Top-management or client-pool buy-in to strict rules.

- Willingness to apply our own creativity to carefully crafting 'white' listing
for the 1% or fewer of desired correspondents on 'challenged' hosts, instead of
'black' listing much of the world.

The first is the only one that is hard to get.

And *until* we get that *and apply it*, the rest is just computerized masturbation.

JM2CW

Bill

>>That would mean:
>>
>>1. You are using Exim and its techniques only
>>2. You show stats that your accuracy is very good...
>>2. You present stats that show negligible false positives...
>>
>>...and you are NOT using any of those expensive appliances!
>>
>>It's becoming evident, day by day, that the war against spam is
>>almost a full time job ;)
>>
>>Perhaps it's time we got exim-sntispam@??? to share ideas on
>>fighting spam and the rapidly changing techniques being used by
>>spammers. So much time and resources are consumed by spammers that we
>>need to declare spam as the "third world war".
>>
>>
>>
>
>
> I'm thinking about suing Microsoft to get them to release their security
> patches to the public.
>
>

You will also have to sue at least two governments who want and *need* those
security holes to keep their costs of monitoring down. Wake up and smell the coffee.