Re: [exim] Avoiding bounces

Top Page

Reply to this message
Author: Niels Dettenbach (Syndicat IT & Internet)
To: Luca Bertoncello, Luca Bertoncello via Exim-users, exim-users
CC: Always Learning
Subject: Re: [exim] Avoiding bounces
Am 27. Mai 2018 08:07:37 MESZ schrieb Luca Bertoncello via Exim-users <exim-users@???>:
>Of course I do that!
>But unfortunately I already get tons of spam...
>A couple of years ago was better, but now I get many spam per day
>again... :(

Spam and spam fighting is a evolutionary development. Things worked years ago very well against >90% of real (!) spam are more and more useless while newer spammer strategies emerge which require newer ways. On the other hand - the amount of "self driven" Internet MTAs of many entities / companies was higher years ago - so i.e. reverse DNS or rfc-conformity was not a usable "hard" criteria at that time and white mail / ham from a lot of mailers with somekind "buggy" behaviour was to accept. Today it is possible to "expect more" from a source MTA.

Typical working anti spam solutions (without false positives and a very high recognition rate use multiple stages of different solutions and strategies and more dynamic criteria.

There is no real "one reciept for all" howto, but some things are typically involved by successfull anti-spam solutions today:

- checking "conformity" to typical RFCs
- DKIM, SPF, DMARC (be aware of lists)
- multiple DNS blocking lists
- razor
- spamassassin rulesets
- greylisting strategies
- virus filters
- phishing url filters
- bayesian analysis

Exim allows to store and work with variables. Such could be used to "count" and "weight" multiple aspects of a Email before to decide about a bounce (bit similiar to spamassassin). I.e. requsting a list of DNSBL and "count" each record by weight is helpful today (instead of just block if in a list...).

Run a "anti-spam" MX with a really high recognition rate of real spam (not legal list mail or newsletters) without (!) producing "false positives" was and is a time consuming job - offen to much for a small company mail system. The current Definition of "false positives" (what really IS spam and has to be blocked) is a important part which has to match expectations of the "Users" ("white" Senders as Recievers)

But it costs traffic, hardware and energy too, so that many free mail providers not want or are not able to go so far with their service.

I'm not a fan of "spam folders" for business users as they do not really save time, because they have to check that folder regularly to avoid lost business email.

I usually avoid Spamfilter "training" by users too as this leads to mis-usage which could result in false positives.

All in one solutions like (standard) Spamassassin could help very wide in "smaller" systems / for "season" admins, but are just a basic barrier in practice.

I know that many admins of smaller mailers block on a list of TLD, domains or a geotarget base as a "quickanddirty spam filter", but the result is not a Internet email service anymore (as it doesnt work for potential / real white and proper email Senders) and it will lead to bounces false positives.

This would not be acceptable for i.e. business users which rely on and "just" expect a reliable email service.

For me, such ugly "hacks" of mailer admins are one reason why many Users today tend to see Email as a "unreliable, outdated messaging" solution.

hth a bit,

Niels Dettenbach
Syndicat IT & Internet