P.S. Anyone who has a problem, a suggestion or whatever, please email me off list. If its an issue of false positives, please send me the header of the email in question and why you think its a false positive. If its an issue of scoring, let me know what you feel. The tests are run ONLY against the message headers. The body of the message (and any attachments) are never downloaded by the system. As a test, the CFDJ list is set to bypass all spam tests. This is global to all users. In the final version this will be controllable.
> Go for it. It's a fast UI for end users but it goes directly to the tool. > http://www.houseoffusion.com/spam/pop.cfm > > > > Michael; > > I can't wait to test it! :-) > > > > Doug > > > > ====================================== > > Stop spam on your domain, use our gateway! > > For hosting solutions http://www.clickdoug.com > > ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 > > ====================================== > > If you are not satisfied with my service, my job isn't done! > > > > ----- Original Message ----- > > From: "Michael Dinowitz" <[EMAIL PROTECTED]> > > To: "CF-Community" <[EMAIL PROTECTED]> > > Sent: Thursday, June 12, 2003 6:57 PM > > Subject: Re: iMS CFUG Edition > > > > > > | I feel that banning an IP or domain is a last resort type thing. It is a > total > > | failure in communications and should only be done as a last resort. This is > > why > > | I don't use outside RBLs or the like. If someone is going to be banned, I > have > > | to be sure the reason is good. The process I take may be a long one, but it > > | results in a sure ban. > > | Every spam message I get results in a message to the TRUE domain the spam > came > > | from. In many cases I have to hunt down the true domain and in some I can't > > find > > | them. In a few cases I've got personal messages telling me that the account > > has > > | been closed or the relay fixed. In most I get an automatic response which I > > | ignore. In a few I get error messages telling me that one or the other > account > > | is not in existence and I basically take it on trust that it'll be looked > at. > > | When I get a message of both accounts being non-existent, that's when I > start > > | doing more investigations. In a very few cases this results in a banning. In > > | most it does not. It takes more time, but it's better to be sure. > > | Anyway, I rely on the pattern machine a lot more than any banned list. :) > > | As for links within a spam message, I ignore them. I've been sent spamcop > > | messages because a site I was working with was in a message wrongly flagged > as > > | spam. I'm against draconian rules like they have. > > | > > | The point of all this is to be very light on the admin side, totally self > > | contained and very processor light. The rules I have now are ONLY for the > > | headers of the message. If you put in body scan rules as well, then you'll > get > > | almost 100%. All that's needed is 1 person generating proper rules for all > and > > | then an admin just to look over the spam subjects/results. I've got an admin > > for > > | myself that allows me to look at 20 spam messages at a time, show why its > > spam, > > | what the subject/to/from was and allows me to do something with it. One step > > | operation to process the spam and email the spamming domains. Not perfect > yet, > > | but.... > > | Ah, if only I trusted the other spam fighting tools to do the job I wanted. > :) > > | > > | > > | > If I understand that correctly, that is pretty arcane, especially if the > > | domain > > | > is either spoofed or "joe-jobbed" which would put them in an innocent > > | bystander > > | > category. Operating against the IP number, while not always perfect, is > > more > > | > perfect that using a domain name. > > | > > > | > However, there is something else to consider too, and that is reporting > the > > | > spamvertised web sites, which requires deobfuscating the URL encoding that > > | some > > | > of the more clueless spammers do. > > | > > > | > I also have found that most of the open relay/open proxy block lists only > > | > actually offer a partial listing of actual relays. This is the reason > that > > | for > > | > a blocker to be effective, one must choose several from a long list of > > | databases > > | > in order to do the job you want to do. Most of them allow access at no > > | charge. > > | > some are self-updating, and others never update and consequently get > > stricter > > | > and stricter, which is not a good thing. > > | > > > | > Now, filtering rules, are something else again, and that is a good thing > to > > | > spend effort on, to score the subject and content, and when a threshold is > > | > reached the mail is isolated. The open relay stuff is checked first, and > if > > | an > > | > IP appears on one of them then that mail is not even allowed a connection. > > | For > > | > rules to apply, the email must be downloaded to apply the rules, and once > > | > downloaded, either dumped into dev/null (deleted) or routed to a spam > > folder. > > | > for periodic review to guard against false positives. > > | > > > | > I have been involved in anti-spamming for several years, and I recognize > the > > | > yeoman's job you are doing to create a workable application, and hopefully > > | will > > | > not require a heavy administrative burden for the user. > > | > > > | > The one good thing that can come from the occasional good email that has > > been > > | > blocked is the pressure the ISP's customer can directly apply to them to > > | rigidly > > | > enforce their Terms of Service. The most effective tool for reducing the > > | > endless spew of spam will be when the ISP can no longer make a profit by > > | either > > | > hosting it or allowing it to pass through their systems at the expense of > > | losing > > | > their regular customers. > > | > > > | > My experience is that the smaller, regional service providers are the most > > | > responsive to spam complaints and are pretty quick about terminating > > accounts, > > | > whereas the larger providers are so swamped with complaints, they are, for > > the > > | > most part, unresponsive. Another problem is misconfigured mail servers > that > > | are > > | > operating as open relays, mostly off shore, that do not follow the RFC's > > which > > | > require them to report accurately the origin of email transiting their > > | servers. > > | > The cause may be that so much software overseas is pirated, it is not kept > > up > > | to > > | > date, but I am only guessing here. The result in those cases is that one > > can > > | > never trace all the way back to the origin the source of the spam. > > | > > > | > > > | > ====================================== > > | > Stop spam on your domain, use our gateway! > > | > For hosting solutions http://www.clickdoug.com > > | > ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 > > | > ====================================== > > | > If you are not satisfied with my service, my job isn't done! > > | > > > | > ----- Original Message ----- > > | > From: "Michael Dinowitz" <[EMAIL PROTECTED]> > > | > To: "CF-Community" <[EMAIL PROTECTED]> > > | > Sent: Thursday, June 12, 2003 5:41 PM > > | > Subject: Re: iMS CFUG Edition > > | > > > | > > > | > | As a side note, this is one of the reasons for banning a domain. When I > > get > > | > spam > > | > | from a domain I email both their postmaster and abuse accounts. When I > get > > | an > > | > | email like this, the domain gets flagged as needing a once over. If, > after > > a > > | > | once over, I can't get any response from them (even a recorded message), > > | then > > | > | it's banned. > > | > | This place happens to be a substance abuse center. I'll then go into the > > | spam > > | > | message to see if they were sending it or if they have an open relay. If > > | they > > | > | sent it, then they're spammers and are blocked. If it's a relay, I'll > try > > to > > | > | hunt down their admin to report it. > > | > | > > | > | <[EMAIL PROTECTED]>: host posti.a-klinikka.fi[193.64.139.107] said: > 550 > > | > 5.7.1 > > | > | Unable to relay for [EMAIL PROTECTED] > > | > | > > | > | <[EMAIL PROTECTED]>: host posti.a-klinikka.fi[193.64.139.107] > said: > > | 550 > > | > | 5.7.1 Unable to relay for [EMAIL PROTECTED] > > | > | > > | > | > > | > > > | > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=5 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=5 Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
