I've always thought that we need a test in declude that would use something like invuribl that would get links from the content and then query a whois and determine if the referenced domain(s) in the spamvertised link was a newly registered domain. We could then hold every email with a domain registered say in the last week. That would take care of a HUGE portion of spam. Also, I'd like to be able to hold emails when a spamvertised link has a certain
_____ From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 30, 2014 1:11 PM To: community@mailsbestfriend.com Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts? SPAM Tests