[UbuntuWomen] request for anti-spam workshop

Jacinta Richardson jarich at perltraining.com.au
Wed Aug 1 00:51:00 UTC 2007 

Jan Claeys wrote:

> That's nice, but now for the advanced question: how do you stop spam as
> an ISP?  As an ISP, you don't know if a recipient of 1 of your 2 million
> mailboxes is a silk importer...  :)

Many ISPs (and big companies) use a combination of products such as:

	Spam::Assassin             http://spamassassin.apache.org/
	Amavis (email virus checker) http://www.amavis.org/

With various options turned on such as:

	Bayesian Filtering
	(selected) Real-time Blackhole Lists
	White lists
	Personal black lists
	Reverse DNS look-ups
	SPF record look-ups

If timely email delivery is not 100% essential (this varies by company) then
they might also use:

	Greylisting


These options don't exactly scale as well as one might hope though, so the
bigger ISPs often buy a commerical solution which does all this but scales well
at the hundreds of thousands email addresses mark and which come with
guarantees.   For example I heard last week at a conference that Internode
(serves about 5% of the Australian market) uses Ironport (
http://www.ironport.com/ ).


For our business, with less than 20 email addresses we still use a fairly hefty
solution:

* Greylisting stops about 50% of our spam before it gets in.  For the
uninitiated, greylisting holds a database of servers who've sent us mail before.
 If a new server sends us mail then our server says "I'm really busy right now,
can you try again later".  Real mail servers will then usually try again in 5
minutes or so, and that mail will get through.  On the other hand, many spammers
use programs which don't try again, so we don't get those messages.
Unfortunately the number of these spammers is going down (proportionately) as
greylisting used to stop about 80% of our spam.  :(

* Spam::Assassin edits the headers of our email giving it a spam score then lets
it go through.  It uses bayesian filters, RBLs, white lists and possibly some
other options.  We then use procmail to move those messages into a Spam folder.
 I get about 50 messages in that folder every day.  I check through it and
deleted all messages about once a week.  Sorting by subject line makes this
trivial.  The last time I had a false positive was years ago.

* Thunderbird's Bayesian filtering is pretty good and catches 10 out of 11 (or
thereabouts) spam messages each day that Spam::Assassin doesn't catch.
Unfortunately it's got about a 2% false positive rate, so  I have to check that
junk folder more carefully.  Still, sorting by subject line again does make this
very quick.



Some individuals and very small businesses use various challenge response tools.
  These work by making it difficult for anyone new to send you mail.  A new
person sends you mail, your mail server looks them up fails to find them and
sends them a "are you really human?" message.  They reply, or go to a web page
or something, and that registers them as being allowed to send you email.  These
are cute for individuals, but I warn businesses to stay away from them!  90% of
the time I get one of these, I just move on to a competitor as I find them annoying.

All the best,

	Jacinta

-- 
   ("`-''-/").___..--''"`-._          |  Jacinta Richardson         |
    `6_ 6  )   `-.  (     ).`-.__.`)  |  Perl Training Australia    |
    (_Y_.)'  ._   )  `._ `. ``-..-'   |      +61 3 9354 6001        |
  _..`--'_..-_/  /--'_.' ,'           | contact at perltraining.com.au |
 (il),-''  (li),'  ((!.-'             |   www.perltraining.com.au   |

More information about the Ubuntu-Women mailing list