What E-Mail Validation Tools Do You Use? 87
morcego asks: "As we are all too much aware, spam is an increasing problem. Each of us has our own set of tools and methods to try and reduce the amount of spam we receive, each with different pros and cons. Also, on a more broad front, we have options like SPF (+ SRS), Microsoft's own Caller-ID, and
Yahoo's DomainKeys that we can use. These days, it is incredibly easy to implement any (or all of these), using publicly available frameworks and libraries (libspf2, and milter, to name a few). I have been using SPF for quite some time now with some measurable results, although nothing earth shattering. Which of these are you using, if any? Why, or why not? Do you think any of them really contribute anything to fight spam?"
Re: (Score:2)
none (Score:1)
Re: (Score:2)
Nice, but usefull? (Score:2)
Me, I would rather say "If your domain isn't in the same netblock as the ISP it represents, score heavily against."
Re: (Score:1)
I (literally) don't get this "rule". Could you explain what you mean by "ISP it represents" in this sentense.
Re: (Score:2)
Re: (Score:2)
Furthermore, these systems are not designed as anti-spam systems. Phishing and JoeJobs they may help with. Spam not at all. Since they don't help fight spam, there is no incentive to adopt them.
Re: (Score:2)
Re: (Score:2)
2) No shit.
3) Ban all you want. Domains are cheap so spammers will create more...
End result - no change at all in spam volumes. If all the big ISP's got together and said that in January 1, 2008, they would no longer accept mail from anyone without an SPF record / SenderID, you MAY get 70% compliance. But I doubt it. In order to be truely effective, you need 90%+ compliance. Even at 100% compliance, you won't fix #3.
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Mailvisa (Score:3, Informative)
I have only two problems with it: 1. I have to train it regularly, and 2. nowadays, lots of mail slips through, because it contains words related to programming languages.
Re: (Score:1)
I used to be very happy with the spam filtering that came with Thunderbird (after some preprocessing at the ISP's end). Now, however, most of the spam I'm seeing in my inbox is of text encapsulated in a single image which seems to fool the filter quite successfully. Not too sure how to get around this without having to sit down and spend some time working on it, which really means the spammers have won.
Re: (Score:2)
Re: (Score:1)
And as you can see, due to the use of greylist+spamhaus RBL I actually end up receiving a
Here cometh the plague of antispam-resistant spam (Score:1)
SPF ? (Score:1)
I use GMail (Score:1)
I use GMail :) (Score:4, Interesting)
I find this way I get 99.95% accuracy - things that GMail misses as spam, my local SpamAssassin catches. As a side bonus I have GMail's awesome interface to read my mail when on the road (much better than the Squirrel Mail I was using, and still better than RoundCube).
This brings up another point - I don't know why Google doesn't add IMAP connectivity to GMail, soyou could use it's interface to read email from other hosts. I don't see why their ad technology would not work with this scheme.
Re: (Score:2)
In fact, if they can forward your mail to another account (which they do) and they can offer POP3 (I think they do), they can offer IMAP, too.
Re: (Score:2)
Re: (Score:2)
Oh, and the "From" field in my Outlook inbox shows the correct sender.
Re: (Score:2)
Re: (Score:2)
Spamassassin (Score:2)
One thing I wish it would allow would be to train it on all rules, not just those that the Bayesian filters use. Some of the rules give me a lot of false positives, but they'd be fine for others: so why do we have to manually change
Greylisting and SBL+XBL (Score:2, Interesting)
Greylisting alone helped to lower e-mail traffic drastically and blocking lists take care of known spamming hosts. I'd recommend using both to anyone running a e-mail server.
Re: (Score:1)
Re: (Score:2)
Er, what's the context for that "5"? If your company only gets 100 emails a day that 5 is actually pretty lousy. (Now if they get 100K a day then it's great!)
Re: (Score:2)
BTW, even OCRing (which is very expensive computationally) of image spam
spf,CallerID,DKIM validates sender only not Spam ! (Score:3, Interesting)
this cuts out about 70% of (stupid) spammers
you also need to blacklist people who send you spam (and you can be confident that you get them because of the above technologies)
if you Ever want to send lots of mail to hotmail users you need to have callerID setup yahoo and gmail both trust you more if you have domainKeys
so things are moving on and there is no reasson why people should not have at least one of SPF CallerID or DKIM setup on their domain !
you will note that people here also use filtering but the question is does the filtering feedback to the blacklists ?
regards
John Jones
p.s. I work in the mail vendor world...
SpamFilter (Score:2)
This *might* be due to ISPs doing a better job of bulk filtering out the obvious junk before we even see it. Some of the domains I have that are on other than my main ISP do seem to end up with more spam, but after filtering via SpamBayes I see very little...
pf OS fingerprinting (Score:3, Informative)
Re: (Score:2)
So you blacklist all mail from yahoo, hotmail, gmail, msn, aol, verizon, earthlink, etc.? Because all of those servers send to spamtraps all the time.
Re: (Score:1)
Re: (Score:2)
You are better off maintaining a per SENDER whitelist rather than per SERVER to be effective in this scenario (which is what we do for "evil" domains like yahoo and such that are heavily used
Re: (Score:1)
There is a timeout after which a host is removed from the blacklist.
But in fact I do not really see this as a problem, why should I want
email from a provider sending spam through their mailserver? The mailserver of an
ISP will only send spam created by their own users (on which they should act)
and will not act as an open relay for others.
Also note that I do not block on sender address, but on the IP of the delivering
mail server.
And the list is.... (Score:2)
Exim + greylisting +c lamav + Spamassassin.
Here are the plugins to spamassassin and custom rulesets:
Plugins:
---------
Razor2
SpamCop
AWL
MIMEHeader
ReplaceTags
Custom Rulesets
----------------
We use a selection of the SARE rulesets
70_sare_adult.cf
70_sare_bayes_poison_nxm.cf
99_FVGT_Tripwire.cf
bogus-virus-warnings.cf
This was stopping most of our spam...however we were still getting a lot of spam that contained images with the spammy message. So about 2 weeks
Re: (Score:2)
also have a look at the other SARE and jennifer rules - I find these very useful.
Re: (Score:1)
Re: (Score:2)
Thunderbird Extension for Sender Verification (Score:1)
https://addons.mozilla.org/thunderbird/345/ [mozilla.org]
http://razor.occams.info/code/spf [occams.info]
Use ASSP (Score:1)
SPF is not antispam! (Score:2)
Re: (Score:2)
Re: (Score:2)
SPF (and related technologies) are not designed to cut down on spam. They are designed to prevent Joe jobs and address forgery.
I just went through this with a security company for a Visa audit, so let me expand on this. They seemed to think that checking the Mail From: for a local user, when sender wasn't authenticated (I would assume - we never actually got that far), was a valid way of checking for forgeries. There are multiple problems with this.
DNS blacklists, SPF, Amavis, Spamassassin (Score:2)
I used to get more than 300 spam mails per day (intercepted by Spamassassin), due to the use of DNS blacklists I now only receive about 15 spam mails per day wich are intercepted by Spamassassin.
Only about 3 spam e-mails per day actually make it into my mailbox, with zero false positives.
The good thing about DNS blacklists is that the spam e-mails are actually rejected in the mail protocol, therefore it will hit spammers directly a
Re: (Score:1)
I use the Sorbs.net responses 5, 7, 9, and 11. I don't use the more common 6, nor 11. I did, but too many false positives.
I use spamcop, abuseat.org, antispam.or.id, dsbl.org, relays.ordb.org, and the spamhaus.org responses 2, 3, 4, and 6.
I also run my own lists. I reject around 12,000 and up e-mails a day with about 300 a day making it through to the anti-spam filters and maybe 100 get
Re: (Score:2)
*All*? I run a mail, gaming, and web server off of a dynamic IP. Forwards out through a smarthost, so blacklisting isn't a problem, but it isn't infected with viruses nor am I using it for illegit purposes (ok, well it probably does violate my ISP's TOS, but fuck'em).
-b.
SPF and other Mail Filters... (Score:1)
MXLogic (Score:2)
My problem was finding a way to filter spam without filtering even a single legit email. Lost email means a lot of lost revenue. The only solution I found in a year of searching was mxlogic.com. We still get spam,
SPF. Postgrey and Spamassassin (Score:2)
RBL and SURBL on the server side (Score:2)
I have published my SPF data - so at least other people have the option of identifying whether stuff that claims to have come from my domain is legitimate or not. But our mailers are not yet doing SPF lookups. When we have a little time, we will pr
Re: (Score:2)
You're running Groupwise? GWAVA is overrated and is mainly useful for integrating spam filtering into Groupwise's Internet Agent. Nothing that SpamAssassing + ClamAV + ProxSMTPd won't do for you. And that combination is available as part of a package for an IPCop firewall box called CopFilter. The only downside is that CopFilter isn't as configurable as it should be via the Web interface. But for a free product, it's pretty darn good.
-b.
Re: (Score:2)
Re: (Score:2)
Copfilter has a digest option too. We're not using it ATM, since I have it set up to block only the most egregious examples of SPAM i.e. those with scores of 25 or above. The rest simply gets
Wetware (Score:2)
My ISP contracts with Postini for Spam filtering. (Score:2)
See their web site here [postini.com]...
Re:My ISP contracts with Postini for Spam filterin (Score:2)
My previous ISP imposed Postini on me with no notice (they sent me an email bragging about it three days after they started using it). It passed 50% of the spam and stopped 20% of the ham. I turned it off.
Re: (Score:2)
I don't blame you for dropping it given how it was introduced at that ISP, but I think you also lost a chance to use a fairly effective anti-spam tool.
My mail server says, get the hell of its lawn! (Score:2)
Even though this is my own personal mail server, I haven't had too many false positives as far as rejects go... certianly nothing that a tweak here or there in the allow/deny hosts file wouldn't take care of.
All in all, I've recieved less than a dozen pieces of spam in the last year and a half. Not
Greylisting (Score:3, Informative)
I use spamd on OpenBSD to do greylisting. That cuts an enormous amount of spam out.
For those who aren't familiar with greylisting, when an smtp server attempts to deliver an e-mail the from address, to address, and IP address of the sender are put in a database and the mail is refused with a non-permanent error code.
Assuming the smtp server sending the e-mail follows the RFC, it will try again later. When it tries again after at least 20 minutes from the original attempt, it accepts the e-mail and adds the IP address of the source to a whitelist. For the next 30 days, any e-mails from it are white-listed. After that, the server is verified again.
I also keep a seperate white-list for non-RFC compliant servers and for frequent senders. Some servers only try one to three times and quit. Another problem is e-mail from some large e-mail farms may make each attempt to deliver the e-mail from a different server with different IP addresses, so I'll add their e-mail addresses to the white-lists as well.
One method I use for adding IP addresses of selected senders that send a lot of legitimate e-mail to the whitelist is to look up their SPF records and use that to identify the usual e-mail servers for the domain.
A few ISPs appear to put their entire address space in the SPF record. For example, panix.com's SPF record is
Needless to say they don't get whitelisted since I only want to whitelist e-mail servers, not their users spam-zombie computers.
In other words, I use the SPF records to identify legitimate e-mail servers from selected domains only.
I use CanIt (Score:2)
I used to "roll my own" with SpamAssassin and MimeDefang. Then I started using CanIt [roaringpenguin.com] at work (I liked them initially because the author is the author of MimeDefang). They have a free version that works well for me at home now. We have been using it for about 4 years at works and it does a great job incorporating grey listing, SA, MimeDefang, ClamAV, etc. into an easy to install and maintain system with a nice web interface and a database backend. It can scale well when we need it to and the support is great
Re: (Score:2)
We were using MimeDefang + SA for a while, but it wasnt enough. Second the vote for Canit... just (as in Wednesday) rolled out Canit/PRO to serve mailboxes for 5000 full-time employees. Works well, cost is very reasonable. It has the benefit of the centralized solution for reduced maintenance, but we can use the web interface to customize mail flows for people with particular needs.
Spampal (Score:1)
I pay poor children... (Score:2)
TMDA Catches All My Spam (Score:1)
TMDA [tmda.net] catches all my spam. I does not examine content. It sends a request for response to all unknown senders. Since the vast majority of spam has forged return addresses, no responses are sent back and the mail stays in the TMDA pending queue until it expires. Humans, on the other hand, reply, and their mail is removed from the pending queue and gets through. When I set up TMDA, I populated the whitelist with all the email addresses of my correspondents and lists.
Around 75% (150/200 daily) of my ema
Re: (Score:1)
ASSP (Score:2)
I also use it at home and have nearly the same effectiveness.
As far as various technologies, I don't believe any solution which relies sole upon one or two technologies will be that effective. ASSP seems to be the best so far at combining SPF/Greylisting/bayesian/various oth
SpamAssassin's success. (Score:1)
For example, content filtering in general is largely a short-term solution. Spammers invent and use obfuscation tricks; tools detect them, spammers invent new ones. Rinse, repeat.
Longer term solutions have to address root causes. These increase the consequences of spamming. IP blacklists, URI blacklists, domain blacklists, for example, result in negative consequences for bad actors and their associates. (Includin