Re: [exim] Outbound Spam Protection

Top Page

Reply to this message
Author: Marc Perkel
To: exim-users
Subject: Re: [exim] Outbound Spam Protection

On 1/12/2012 10:20 AM, Jeff Lassman wrote:
> On Monday, January 02, 2012 11:49:07 AM The Doctor wrote:
>> The bigger sticker is this:
>> someone poisons an account with a spamming script.
>> The only way to detect this is the set up outbound spam
>> detection to protect your reputation.
> There are other ways to detect this which haven't been discussed yet in this
> thread. We do the following:
> 1. We limit the quantity of email recipients a username can send daily without
> us being notified. We use 200 as a default, and adjust as necessary. As a
> hosting company, we limit per hosting account, not per individual email
> address, but you can do it either way. This early notification allows us to
> look outgoing emails manually; even with thousands of outgoing accounts the
> human energy load is surprisingly lite.
> 2. We've created a feedback loop with AOL. Generally all spammers have a
> number of AOL addresses in their email address lists, and AOL will arrange to
> send back to us copies of all emails from our servers which their users report
> as spam. While there are some false positives, again the human energy load is
> surprisingly light.
> We don't want to run SpamAssassin on all messages because SpamAssassin uses a
> lot of machine resources, and because many spammers carefully test their
> messages against SpamAssassin before sending them.
> Jeff

I've done a few tricks for outbound filtering. Spammer always send a lot
of email fast. So if someone is sending email slowly, say less that 2
per minute, then they aren't spamming and those email can be bypassed
without filtering. Once the stream is determined to be fast you can look
at things like AOL feedback and number of bad recipients. That's the
basis of the outbound filtering I do.