Thread: More ado with phishing..
View Single Post
  #16   Report Post  
Posted to uk.d-i-y
The Natural Philosopher[_2_] The Natural Philosopher[_2_] is offline
external usenet poster
  
Posts: 39,563
Default More ado with phishing..
Tim Streater wrote:
In article ,
The Natural Philosopher wrote:

Tim Streater wrote:
In article o.uk,
"Dave Liquorice" wrote:
On Thu, 23 Feb 2012 14:44:57 +0000, Tim wrote:

I'm sure that if the will (and the money) existed, 99.9% of them
could be intercepted at server level.

Very little spam arrives in my inbox I think the last bit was about
two weeks ago. The junk mail folder (sorted by Spam Assasasin) has 14
messages in it since the begining of the year. If I look in the logs
I see around a couple of attempts an hour to send me stuff that gets
rejected at the SMTP level. So yes spam is easy to intercept at the
server level. But doing the blacklist lookups etc adds server load so
the big providers are reluctant to do much checking.
What's it got to do with the server?
A hell of a lot.

at least 50% of pure spam never reaches your mailbox.

If it comes from blacklisted mail senders.

Mmm.

*I* get to decide whether mail is
spam or not. What is spam for me may not be for you. A good spam
filter is trainable, but it has to be trained by the end-user.
Have a look at what most of the ISPs use - www.spamhaus.org

And read the FAQs to see WHY having your OWN spam filter wastes YOUR
bandwidth.

Well that's bleeding obvious innit. In my case I wrote my own Bayesian
spam filter in PHP as part of the Eudora-alike email client I have written.

I have been busy setting up my own mail service so I don't have to use
an ISPs one and well over 50% of the incoming email is now being rejected

Didn't you say above that this is a waste of bandwidth? ducks


No, its less bandwidth to reject them THERE in some core connected
machine room, than download em. And they get rejected the moment they
connect.


because

- its addressed to users (in domains I own) that do not and never have
existed.
- its coming from IP addresses DIRECTLY to my server that are known
'Dial up' type blocks, and therefore should ONLY be sending mail via
their ISP's relay.

How do you know they are dialup blocks? You looking them up in RIPE?


Because such blocks are recorded by a spam central monitor - in this
case spamhaus.org - and a quick check as they connect reveals this, and
they get dumped. Before their blather has even been transmitted


- its coming from other IP addresses that are blacklisted as spam
originators.

That still leaves me with about 20 messages a day that do get by that
are spam.

Actually, since midnight, 23..

I appear to have had 3 today. One of these is from the Ideal Home Show
and at the moment I consider that to be spam so I'm leaving it in the
spam folder. If at some time in the future I cease to feel that way,
It's simple enough to retrain the spam filter.

You haven't been online as long as I have or sent as many emails..and
you probably don't have a domain that looks almost like a well known
book company, whose IT department was stupid enough - and probably is
still stupid enough, to tell the users that really yes they were
mydomain.co.uk and not mydomainco.co.uk.

So they still 5 years after I told them to stop, are sending out email
marked as being from my domain, and the replies all bounce back to my
domain, and then get rejected because I am NOT Amanda Walker of the
mydomain book company....

The there is the case of the email identity I used on Ebay. Golly that's
gone all over the world now.

Then my domains were registered at a trusting time too, and my name and
address and email address are still there for anyone who trawls the
whois register ..


So getting 50% dumped before it hits my ADSL is really a good start.



Reply With QuoteReply With Quote