[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
I've always thought that we need a test in declude that would use something like invuribl that would get links from the content and then query a whois and determine if the referenced domain(s) in the spamvertised link was a newly registered domain. We could then hold every email with a domain registered say in the last week. That would take care of a HUGE portion of spam. Also, I'd like to be able to hold emails when a spamvertised link has a certain _ From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 30, 2014 1:11 PM To: community@mailsbestfriend.com Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts? SPAM Tests
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
Hello everyone. I wanted to chime in here. We (MBF) actually have a utility for implementing exactly what Scott is proposing if anyone is interested in trying it. We call it The Gauntlet. Also, the following link has some additional information about how a program such as this works: http://www.lifeatwarp9.com/2012/06/gauntlet-a-solution-to-pre-tested-spam/. Please let me know if you have any questions about it. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 30, 2014 1:11 PM To: community@mailsbestfriend.com Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts? SPAM Tests
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
I have some clients that would enjoy a challenge/response sort of sender verification, if we're imagining new features. :) - Michael Cummins From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Thursday, October 30, 2014 3:18 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Hello everyone. I wanted to chime in here. We (MBF) actually have a utility for implementing exactly what Scott is proposing if anyone is interested in trying it. We call it The Gauntlet. Also, the following link has some additional information about how a program such as this works: http://www.lifeatwarp9.com/2012/06/gauntlet-a-solution-to-pre-tested-spam/. Please let me know if you have any questions about it. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com <mailto:linda.pagi...@mailsbestfriend.com> Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com> Office: 703.988.3605 x7016 From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 30, 2014 1:11 PM To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts?
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
I like Scotts idea of temporarily holding certain emails (based on weight) for subsequent retest. From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 30, 2014 1:11 PM To: community@mailsbestfriend.com Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts? SPAM Tests
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
This could be interesting for sure. I am using iMail but I assume it would be the same. J. Carl Wagar EntreNet Communications Inc <http://www.entrenet.com> www.entrenet.com <http://www.thehostingservice.com> www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: <mailto:jcwa...@entrenet.com> jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Andy Schmidt Sent: Thursday, October 30, 2014 6:45 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns I like Scotts idea of temporarily holding certain emails (based on weight) for subsequent retest. From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 30, 2014 1:11 PM To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts?
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
What's your email address these days Linda? I am interested. J. Carl Wagar EntreNet Communications Inc <http://www.entrenet.com> www.entrenet.com <http://www.thehostingservice.com> www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: <mailto:jcwa...@entrenet.com> jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Thursday, October 30, 2014 3:18 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Hello everyone. I wanted to chime in here. We (MBF) actually have a utility for implementing exactly what Scott is proposing if anyone is interested in trying it. We call it The Gauntlet. Also, the following link has some additional information about how a program such as this works: http://www.lifeatwarp9.com/2012/06/gauntlet-a-solution-to-pre-tested-spam/. Please let me know if you have any questions about it. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com <mailto:linda.pagi...@mailsbestfriend.com> Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com> Office: 703.988.3605 x7016 From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 30, 2014 1:11 PM To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts?
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
Carl, my email address is linda.pagi...@mailsbestfriend.com. Thanks for the kind words, Chris! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Thursday, October 30, 2014 6:49 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns What's your email address these days Linda? I am interested. J. Carl Wagar EntreNet Communications Inc <http://www.entrenet.com> www.entrenet.com <http://www.thehostingservice.com> www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: <mailto:jcwa...@entrenet.com> jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Thursday, October 30, 2014 3:18 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Hello everyone. I wanted to chime in here. We (MBF) actually have a utility for implementing exactly what Scott is proposing if anyone is interested in trying it. We call it The Gauntlet. Also, the following link has some additional information about how a program such as this works: http://www.lifeatwarp9.com/2012/06/gauntlet-a-solution-to-pre-tested-spam/. Please let me know if you have any questions about it. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 30, 2014 1:11 PM To: community@mailsbestfriend.com Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts? SPAM Tests
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
Linda and David are great. Worth every penny, always. I'd be interested in The Gauntlet, but my customers wouldn't tolerate that kind of delay at all. Sadly. - Michael Cummins From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Thursday, October 30, 2014 11:05 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Carl, my email address is linda.pagi...@mailsbestfriend.com <mailto:linda.pagi...@mailsbestfriend.com> . Thanks for the kind words, Chris! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com <mailto:linda.pagi...@mailsbestfriend.com> Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com> Office: 703.988.3605 x7016 From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Thursday, October 30, 2014 6:49 PM To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns What's your email address these days Linda? I am interested. J. Carl Wagar EntreNet Communications Inc <http://www.entrenet.com> www.entrenet.com <http://www.thehostingservice.com> www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: <mailto:jcwa...@entrenet.com> jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Thursday, October 30, 2014 3:18 PM To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Hello everyone. I wanted to chime in here. We (MBF) actually have a utility for implementing exactly what Scott is proposing if anyone is interested in trying it. We call it The Gauntlet. Also, the following link has some additional information about how a program such as this works: http://www.lifeatwarp9.com/2012/06/gauntlet-a-solution-to-pre-tested-spam/. Please let me know if you have any questions about it. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com <mailto:linda.pagi...@mailsbestfriend.com> Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com> Office: 703.988.3605 x7016 From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 30, 2014 1:11 PM To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts?
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
Thanks for the kind words, Mike. Yes, unfortunately, that is the only complaint we have had about the Gauntlet. the delay. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Michael Cummins Sent: Thursday, October 30, 2014 10:18 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Linda and David are great. Worth every penny, always. I'd be interested in The Gauntlet, but my customers wouldn't tolerate that kind of delay at all. Sadly. - Michael Cummins From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Thursday, October 30, 2014 11:05 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Carl, my email address is linda.pagi...@mailsbestfriend.com. Thanks for the kind words, Chris! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Thursday, October 30, 2014 6:49 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns What's your email address these days Linda? I am interested. J. Carl Wagar EntreNet Communications Inc <http://www.entrenet.com> www.entrenet.com <http://www.thehostingservice.com> www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: <mailto:jcwa...@entrenet.com> jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Thursday, October 30, 2014 3:18 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Hello everyone. I wanted to chime in here. We (MBF) actually have a utility for implementing exactly what Scott is proposing if anyone is interested in trying it. We call it The Gauntlet. Also, the following link has some additional information about how a program such as this works: http://www.lifeatwarp9.com/2012/06/gauntlet-a-solution-to-pre-tested-spam/. Please let me know if you have any questions about it. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 30, 2014 1:11 PM To: community@mailsbestfriend.com Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts? SPAM Tests
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
Good News Everyone! We have a working prototype of this called the Gauntlet. Right now it holds the message for a x period of time determined by the administrator, and will re-run the message though message sniffer. We should have a version 2.0 sometime next week that will re-run the tests through Declude as suggested. Details and installation instructions here http://mailsbestfriend.com/downloads/docs/Gauntlet_1.0_Instructions.pdf Unfortunately this utility only works with SmarterMail, If you are running IMail or pre-tested spam continues to be a problem for you please contact us as we have a few other options for you to consider. David Barker Mail’s Best Friend Email : david.bar...@mailsbestfriend.com Web : www.mailsbestfriend.com Office: 866.919.2075 On 10/30/2014 2:11 PM, Scott Fosseen - Prairie Lakes AEA wrote: Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts? SPAM Tests # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to -- David Barker Mail’s Best Friend Email : david.bar...@mailsbestfriend.com Web : www.mailsbestfriend.com Office: 866.919.2075 Mobile : 978.518.6461
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
True but the complaints were very few and were only in the beginning of our testing, we have improved the Gauntlet filter to target messages that look like pre-tested spam, to reduce delaying good email. Yes it does delay some good mail but the overall trade-off has been worth it. We have been running the proto-type on 2 servers with over 1000 domains for 30 days + and only had a handful of complaints when we started. Also remember whitelisted email in SM or Declude is not delayed by the Gauntlet. As we know Greylisting also delays messages, and is not a solution for everyone, but it certainly is a solution for many mail admins. Bottom line is the delay and targeting of messages for the Gauntlet can be controlled. David we have improved the filter so it only delays suspect messages and not all messages On 10/31/2014 12:25 AM, Linda Pagillo wrote: Thanks for the kind words, Mike. Yes, unfortunately, that is the only complaint we have had about the Gauntlet... the delay. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF *From:*community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] *On Behalf Of *Michael Cummins *Sent:* Thursday, October 30, 2014 10:18 PM *To:* community@mailsbestfriend.com *Subject:* [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Linda and David are great. Worth every penny, always. I'd be interested in The Gauntlet, but my customers wouldn't tolerate that kind of delay at all. Sadly. - Michael Cummins *From:*community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> [mailto:community@mailsbestfriend.com] *On Behalf Of *Linda Pagillo *Sent:* Thursday, October 30, 2014 11:05 PM *To:* community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> *Subject:* [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Carl, my email address is linda.pagi...@mailsbestfriend.com <mailto:linda.pagi...@mailsbestfriend.com>. Thanks for the kind words, Chris! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com <mailto:linda.pagi...@mailsbestfriend.com> Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com> Office: 703.988.3605 x7016 MBF *From:*community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> [mailto:community@mailsbestfriend.com] *On Behalf Of *Carl Wagar *Sent:* Thursday, October 30, 2014 6:49 PM *To:* community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> *Subject:* [MBF] Re: Thoughts on how to deal with the current SPAM campaigns What's your email address these days Linda? I am interested... J. Carl Wagar EntreNet Communications Inc www.entrenet.com <http://www.entrenet.com> www.thehostingservice.com <http://www.thehostingservice.com> 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com <mailto:jcwa...@entrenet.com>, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 *From:*community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> [mailto:community@mailsbestfriend.com] *On Behalf Of *Linda Pagillo *Sent:* Thursday, October 30, 2014 3:18 PM *To:* community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> *Subject:* [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Hello everyone. I wanted to chime in here. We (MBF) actually have a utility for implementing exactly what Scott is proposing if anyone is interested in trying it. We call it The Gauntlet. Also, the following link has some additional information about how a program such as this works: http://www.lifeatwarp9.com/2012/06/gauntlet-a-solution-to-pre-tested-spam/. Please let me know if you have any questions about it. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com <mailto:linda.pagi...@mailsbestfriend.com> Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com> Office: 703.988.3605 x7016 MBF *From:*community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> [mailto:community@mailsbestfriend.com] *On Behalf Of *Scott Fosseen - Prairie Lakes AEA *Sent:* Thursday, October 30, 2014 1:11 PM *To:* community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> *Subject:* [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. T
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
Seems like a tool like autowhite.exe would be a good solution for mitigating the delay. Autowhite.exe would know if the recipient has previously sent email to the sender and this condition could be used to skip the hold (though I've not used autowhite.exe on SmarterMail). TESTSFAILEDENDCONTAINSAUTOWHITE1 John T, does autowhite.exe work with SmarterMail and do you still sell licenses for autowhite.exe? I too would appreciate Gauntlet for iMail. - Chris *Midtown Micro, Inc.* Programming & Web Hosting Office: (916) 442-2447 Fax: (916) 669-9473 Technical Support: supp...@midtownmicro.com <mailto:supp...@midtownmicro.com> Calendar: http://www.midtownmicro.com/calendar/chris(Updated Daily) vCard: http://www.midtownmicro.com/vcard/chris Web: http://www.midtownmicro.com On 10/30/2014 10:20 PM, David Barker wrote: True but the complaints were very few and were only in the beginning of our testing, we have improved the Gauntlet filter to target messages that look like pre-tested spam, to reduce delaying good email. Yes it does delay some good mail but the overall trade-off has been worth it. We have been running the proto-type on 2 servers with over 1000 domains for 30 days + and only had a handful of complaints when we started. Also remember whitelisted email in SM or Declude is not delayed by the Gauntlet. As we know Greylisting also delays messages, and is not a solution for everyone, but it certainly is a solution for many mail admins. Bottom line is the delay and targeting of messages for the Gauntlet can be controlled. David we have improved the filter so it only delays suspect messages and not all messages On 10/31/2014 12:25 AM, Linda Pagillo wrote: Thanks for the kind words, Mike. Yes, unfortunately, that is the only complaint we have had about the Gauntlet... the delay. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF *From:*community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] *On Behalf Of *Michael Cummins *Sent:* Thursday, October 30, 2014 10:18 PM *To:* community@mailsbestfriend.com *Subject:* [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Linda and David are great. Worth every penny, always. I'd be interested in The Gauntlet, but my customers wouldn't tolerate that kind of delay at all. Sadly. - Michael Cummins *From:*community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> [mailto:community@mailsbestfriend.com] *On Behalf Of *Linda Pagillo *Sent:* Thursday, October 30, 2014 11:05 PM *To:* community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> *Subject:* [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Carl, my email address is linda.pagi...@mailsbestfriend.com <mailto:linda.pagi...@mailsbestfriend.com>. Thanks for the kind words, Chris! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com <mailto:linda.pagi...@mailsbestfriend.com> Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com> Office: 703.988.3605 x7016 MBF *From:*community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> [mailto:community@mailsbestfriend.com] *On Behalf Of *Carl Wagar *Sent:* Thursday, October 30, 2014 6:49 PM *To:* community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> *Subject:* [MBF] Re: Thoughts on how to deal with the current SPAM campaigns What's your email address these days Linda? I am interested... J. Carl Wagar EntreNet Communications Inc www.entrenet.com <http://www.entrenet.com> www.thehostingservice.com <http://www.thehostingservice.com> 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com <mailto:jcwa...@entrenet.com>, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 *From:*community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> [mailto:community@mailsbestfriend.com] *On Behalf Of *Linda Pagillo *Sent:* Thursday, October 30, 2014 3:18 PM *To:* community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> *Subject:* [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Hello everyone. I wanted to chime in here. We (MBF) actually have a utility for implementing exactly what Scott is proposing if anyone is interested in trying it. We call it The Gauntlet. Also, the following link has some additional information about how a program such as this works: http://www.lifeatwarp9.com/2012/06/gauntlet-a-solution-to-pre-tested-spam/. Please let me know if you have any questions about it. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com <mailto:linda.pagi...@mailsbestfriend.com> Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com> Office: 703.988.3605 x70
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
Just a follow-up. I have been running the Gauntlet filter without Gauntlet installed to check the effectiveness. Out of 32K+ messages today I have deleted around 5300 messages. The Gauntlet filter triggered 184 times. I was hoping it to be a little more aggressive selecting messages. One of the reasons that I can see is that if a message fails the Sniffer test, it will not trigger the Gauntlet filter. What I found was that most of the SPAM messages I had reported today were caught by sniffer, but still under the threshold of being deleted. I decided to increase the weight of Sniffer so it is closer to the delete threshold I have set. I am going to keep an eye on the Gauntlet filter, but so far on my system I don’t see it making much of a difference. From: Linda Pagillo Sent: Thursday, October 30, 2014 2:17 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Hello everyone. I wanted to chime in here. We (MBF) actually have a utility for implementing exactly what Scott is proposing if anyone is interested in trying it. We call it The Gauntlet. Also, the following link has some additional information about how a program such as this works: http://www.lifeatwarp9.com/2012/06/gauntlet-a-solution-to-pre-tested-spam/. Please let me know if you have any questions about it. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 30, 2014 1:11 PM To: community@mailsbestfriend.com Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts?
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
No, sorry Challenge/Response is just bad. Period. I can still remember the lengthy heated discussions back in the day with Len and Sandy and Scott and others. -Original Message- From: "Michael Cummins" Sent: Thursday, October 30, 2014 12:55pm To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns I have some clients that would enjoy a challenge/response sort of sender verification, if we're imagining new features. :) - Michael Cummins From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Thursday, October 30, 2014 3:18 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Hello everyone. I wanted to chime in here. We (MBF) actually have a utility for implementing exactly what Scott is proposing if anyone is interested in trying it. We call it The Gauntlet. Also, the following link has some additional information about how a program such as this works: http://www.lifeatwarp9.com/2012/06/gauntlet-a-solution-to-pre-tested-spam/. Please let me know if you have any questions about it. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com <mailto:linda.pagi...@mailsbestfriend.com> Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com> Office: 703.988.3605 x7016 From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 30, 2014 1:11 PM To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts? # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
Hello Chris, thanks for the shoutout. Yes, I still sell AutoWhite for Declude and yes it will work with Smartermail but though a manual registry trick. It is not suitable for ISPs or enviornments with a large number of mailboxes or with a lot of turnover in mailboxes. -Original Message- From: "Christopher Jaime" Sent: Friday, October 31, 2014 12:55pm To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Seems like a tool like autowhite.exe would be a good solution for mitigating the delay. Autowhite.exe would know if the recipient has previously sent email to the sender and this condition could be used to skip the hold (though I've not used autowhite.exe on SmarterMail). TESTSFAILEDENDCONTAINSAUTOWHITE1 John T, does autowhite.exe work with SmarterMail and do you still sell licenses for autowhite.exe? I too would appreciate Gauntlet for iMail. - Chris *Midtown Micro, Inc.* Programming & Web Hosting Office: (916) 442-2447 Fax: (916) 669-9473 Technical Support: supp...@midtownmicro.com <mailto:supp...@midtownmicro.com> Calendar: http://www.midtownmicro.com/calendar/chris(Updated Daily) vCard: http://www.midtownmicro.com/vcard/chris Web: http://www.midtownmicro.com On 10/30/2014 10:20 PM, David Barker wrote: > True but the complaints were very few and were only in the beginning > of our testing, we have improved the Gauntlet filter to target > messages that look like pre-tested spam, to reduce delaying good > email. Yes it does delay some good mail but the overall trade-off has > been worth it. We have been running the proto-type on 2 servers with > over 1000 domains for 30 days + and only had a handful of complaints > when we started. Also remember whitelisted email in SM or Declude is > not delayed by the Gauntlet. As we know Greylisting also delays > messages, and is not a solution for everyone, but it certainly is a > solution for many mail admins. > > Bottom line is the delay and targeting of messages for the Gauntlet > can be controlled. > > David > > we have improved the filter so it only delays suspect messages and > not all messages > On 10/31/2014 12:25 AM, Linda Pagillo wrote: >> >> Thanks for the kind words, Mike. Yes, unfortunately, that is the only >> complaint we have had about the Gauntlet... the delay. >> >> Linda Pagillo >> Mail's Best Friend >> Email: linda.pagi...@mailsbestfriend.com >> Web: www.mailsbestfriend.com >> Office: 703.988.3605 x7016 >> >> MBF >> >> *From:*community@mailsbestfriend.com >> [mailto:community@mailsbestfriend.com] *On Behalf Of *Michael Cummins >> *Sent:* Thursday, October 30, 2014 10:18 PM >> *To:* community@mailsbestfriend.com >> *Subject:* [MBF] Re: Thoughts on how to deal with the current SPAM >> campaigns >> >> Linda and David are great. Worth every penny, always. >> >> I'd be interested in The Gauntlet, but my customers wouldn't tolerate >> that kind of delay at all. Sadly. >> >> - Michael Cummins >> >> *From:*community@mailsbestfriend.com >> <mailto:community@mailsbestfriend.com> >> [mailto:community@mailsbestfriend.com] *On Behalf Of *Linda Pagillo >> *Sent:* Thursday, October 30, 2014 11:05 PM >> *To:* community@mailsbestfriend.com >> <mailto:community@mailsbestfriend.com> >> *Subject:* [MBF] Re: Thoughts on how to deal with the current SPAM >> campaigns >> >> Carl, my email address is linda.pagi...@mailsbestfriend.com >> <mailto:linda.pagi...@mailsbestfriend.com>. Thanks for the kind >> words, Chris! >> >> Linda Pagillo >> Mail's Best Friend >> Email: linda.pagi...@mailsbestfriend.com >> <mailto:linda.pagi...@mailsbestfriend.com> >> Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com> >> Office: 703.988.3605 x7016 >> >> MBF >> >> *From:*community@mailsbestfriend.com >> <mailto:community@mailsbestfriend.com> >> [mailto:community@mailsbestfriend.com] *On Behalf Of *Carl Wagar >> *Sent:* Thursday, October 30, 2014 6:49 PM >> *To:* community@mailsbestfriend.com >> <mailto:community@mailsbestfriend.com> >> *Subject:* [MBF] Re: Thoughts on how to deal with the current SPAM >> campaigns >> >> What's your email address these days Linda? >> >> I am interested... >> >> J. Carl Wagar >> >> EntreNet Communications Inc >> www.entrenet.com <http://www.entrenet.com> www.thehostingservice.com >> <http://www.thehostingservice.com> >> >> 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
Top 10 reasons why challenge/response (C/R) is bad: [1] You end up being a spammer (the majority of spam sent to you will result in confirmation requests being sent to innocent victims) [2] Spammers now send pretend confirmation requests, presumably to make people less likely to respond to C/R requests [3] Many people respond to C/R requests that they never initiated (sometimes intentionally, sometimes not). Some people who are fed up with bogus C/R requests respond to all of 'em, knowing that the spam will start getting through to people hiding behind C/R. [4] C/R companies have been known to send out spam and harvest addresses of people sending to their customers, and apparently sell those addresses to spammers [5] The C/R system is patented, so most anti-spam programs using C/R have legal liabilities waiting to be ironed out. The C/R program you buy today may go under tomorrow. [6] Confirmations sent to mailing lists won't work [7] Confirmations sent to others using C/R won't work. If everybody had C/R, nobody could send E-mail to anybody! [8] People who offer a free service end up losing money (by spending time investigating and responding to C/R systems, dealing with spam received as a result, etc.) and sometimes get fed up with C/R systems and eventually stop offering free advice (never knowing how many people won't get their E-mails), harming everybody. [9] Legitimate E-mail from automated services won't be seen (such as when ordering products online) [10] Due to #1-#9, most C/R challenges are treated as spam -- if the challenge never gets through, the response will never get through. David On 11/3/2014 7:06 PM, John Tolmachoff wrote: No, sorry Challenge/Response is just bad. Period. I can still remember the lengthy heated discussions back in the day with Len and Sandy and Scott and others. -Original Message- From: "Michael Cummins" Sent: Thursday, October 30, 2014 12:55pm To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns I have some clients that would enjoy a challenge/response sort of sender verification, if we're imagining new features. :) - Michael Cummins From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Thursday, October 30, 2014 3:18 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Hello everyone. I wanted to chime in here. We (MBF) actually have a utility for implementing exactly what Scott is proposing if anyone is interested in trying it. We call it The Gauntlet. Also, the following link has some additional information about how a program such as this works: http://www.lifeatwarp9.com/2012/06/gauntlet-a-solution-to-pre-tested-spam/. Please let me know if you have any questions about it. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com <mailto:linda.pagi...@mailsbestfriend.com> Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com> Office: 703.988.3605 x7016 From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 30, 2014 1:11 PM To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts? # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to -- David Barker Mail’s Best Friend Email : david.bar...@mailsbestfriend.com Web : www.
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
Right now if Sniffer is identifying the message as spam there is no reason for it to be held in the Gauntlet. The main purpose of the Guantlet is for messages that are suspect but have not triggered enough score for spam. We can make the Gauntlet more aggressive, but would rather err on the side of caution. Are you getting spam leakage (messages that are spam ending up in your inbox) ? On 11/3/2014 6:41 PM, Scott Fosseen - Prairie Lakes AEA wrote: Just a follow-up. I have been running the Gauntlet filter without Gauntlet installed to check the effectiveness. Out of 32K+ messages today I have deleted around 5300 messages. The Gauntlet filter triggered 184 times. I was hoping it to be a little more aggressive selecting messages. One of the reasons that I can see is that if a message fails the Sniffer test, it will not trigger the Gauntlet filter. What I found was that most of the SPAM messages I had reported today were caught by sniffer, but still under the threshold of being deleted. I decided to increase the weight of Sniffer so it is closer to the delete threshold I have set. I am going to keep an eye on the Gauntlet filter, but so far on my system I don’t see it making much of a difference. *From:* Linda Pagillo <mailto:linda.pagi...@mailsbestfriend.com> *Sent:* Thursday, October 30, 2014 2:17 PM *To:* community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> *Subject:* [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Hello everyone. I wanted to chime in here. We (MBF) actually have a utility for implementing exactly what Scott is proposing if anyone is interested in trying it. We call it The Gauntlet. Also, the following link has some additional information about how a program such as this works: http://www.lifeatwarp9.com/2012/06/gauntlet-a-solution-to-pre-tested-spam/. Please let me know if you have any questions about it. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF *From:*community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] *On Behalf Of *Scott Fosseen - Prairie Lakes AEA *Sent:* Thursday, October 30, 2014 1:11 PM *To:* community@mailsbestfriend.com *Subject:* [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts? SPAM Tests -- David Barker Mail’s Best Friend Email : david.bar...@mailsbestfriend.com Web : www.mailsbestfriend.com Office: 866.919.2075 Mobile : 978.518.6461
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
That all being said, I have some clients that have been using Sendio Appliances (it uses C/R) for years and to them the thing walks on water and makes cotton candy, too. For the right price, it would be an instant sell to many of my customers who primarily use mobile devices. The Sendio appliance isn't cheap, I hear (from them). Hence the line of questioning. If it makes my customers happy and they're eager to pay for it, then hey. My opinion doesn't necessarily need to override theirs. :) Michael Cummins -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker Sent: Monday, November 03, 2014 9:35 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Top 10 reasons why challenge/response (C/R) is bad: [1] You end up being a spammer (the majority of spam sent to you will result in confirmation requests being sent to innocent victims) [2] Spammers now send pretend confirmation requests, presumably to make people less likely to respond to C/R requests [3] Many people respond to C/R requests that they never initiated (sometimes intentionally, sometimes not). Some people who are fed up with bogus C/R requests respond to all of 'em, knowing that the spam will start getting through to people hiding behind C/R. [4] C/R companies have been known to send out spam and harvest addresses of people sending to their customers, and apparently sell those addresses to spammers [5] The C/R system is patented, so most anti-spam programs using C/R have legal liabilities waiting to be ironed out. The C/R program you buy today may go under tomorrow. [6] Confirmations sent to mailing lists won't work [7] Confirmations sent to others using C/R won't work. If everybody had C/R, nobody could send E-mail to anybody! [8] People who offer a free service end up losing money (by spending time investigating and responding to C/R systems, dealing with spam received as a result, etc.) and sometimes get fed up with C/R systems and eventually stop offering free advice (never knowing how many people won't get their E-mails), harming everybody. [9] Legitimate E-mail from automated services won't be seen (such as when ordering products online) [10] Due to #1-#9, most C/R challenges are treated as spam -- if the challenge never gets through, the response will never get through. David On 11/3/2014 7:06 PM, John Tolmachoff wrote: > No, sorry Challenge/Response is just bad. Period. > > I can still remember the lengthy heated discussions back in the day with Len > and Sandy and Scott and others. > > > > -Original Message- > From: "Michael Cummins" > Sent: Thursday, October 30, 2014 12:55pm > To: community@mailsbestfriend.com > Subject: [MBF] Re: Thoughts on how to deal with the current SPAM > campaigns > > I have some clients that would enjoy a challenge/response sort of > sender verification, if we're imagining new features. :) > > > > - Michael Cummins > > > > > > From: community@mailsbestfriend.com > [mailto:community@mailsbestfriend.com] > On Behalf Of Linda Pagillo > Sent: Thursday, October 30, 2014 3:18 PM > To: community@mailsbestfriend.com > Subject: [MBF] Re: Thoughts on how to deal with the current SPAM > campaigns > > > > Hello everyone. I wanted to chime in here. We (MBF) actually have a > utility for implementing exactly what Scott is proposing if anyone is > interested in trying it. We call it The Gauntlet. Also, the following > link has some additional information about how a program such as this works: > http://www.lifeatwarp9.com/2012/06/gauntlet-a-solution-to-pre-tested-spam/. > Please let me know if you have any questions about it. > > > > Linda Pagillo > Mail's Best Friend > Email: linda.pagi...@mailsbestfriend.com > <mailto:linda.pagi...@mailsbestfriend.com> > Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com> > Office: 703.988.3605 x7016 > > > > > > > > From: community@mailsbestfriend.com > <mailto:community@mailsbestfriend.com> > [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - > Prairie Lakes AEA > Sent: Thursday, October 30, 2014 1:11 PM > To: community@mailsbestfriend.com > <mailto:community@mailsbestfriend.com> > Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns > > > > Here is a thought I have that may be effective on these zero-day SPAM > campaigns. It does have a big drawback, but the users may be OK with > it if it stops the SPAM. > > > > Here is my idea. I am going to say this is from my standpoint of > using SmarterMail. > > > >
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
Dito! -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Michael Cummins Sent: Tuesday, November 04, 2014 8:29 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns That all being said, I have some clients that have been using Sendio Appliances (it uses C/R) for years and to them the thing walks on water and makes cotton candy, too. For the right price, it would be an instant sell to many of my customers who primarily use mobile devices. The Sendio appliance isn't cheap, I hear (from them). Hence the line of questioning. If it makes my customers happy and they're eager to pay for it, then hey. My opinion doesn't necessarily need to override theirs. :) Michael Cummins # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
Ideally, one would "stagger" a few techniques - with C/R at the tail-end to keep back-scatter at a minimum. - Sniffer and all other tests during SMTP connection. Leave it up to the sending mail sever to notify its OWN users, it becoming the source of any back-scatter. - Gray-Listing doubtful emails (responding with 4xx to see if they will retry, at which point those will be done) - Gauntlet delay 30 minute those that didn't react appropriately to 4xx - Re-scan emails to see if they can be classified as spam by now (from BLs, URIBLs, content scanners, etc.) - For any remaining emails that still remain doubtful - offer C/R as final validation Of course, a C/R system should have a good size cache of recently challenged sender email addresses. NONE should get more than one C/R request, possibly listing a series of emails that are currently queued (from gray-listing, gauntlet, etc.). One approval will risk the assumption that this email address currently not being joe-jobbed and release ALL emails. -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Michael Cummins Sent: Tuesday, November 04, 2014 8:29 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns That all being said, I have some clients that have been using Sendio Appliances (it uses C/R) for years and to them the thing walks on water and makes cotton candy, too. For the right price, it would be an instant sell to many of my customers who primarily use mobile devices. The Sendio appliance isn't cheap, I hear (from them). Hence the line of questioning. If it makes my customers happy and they're eager to pay for it, then hey. My opinion doesn't necessarily need to override theirs. :) Michael Cummins # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
You could be right Michael. They don't know what they are missing ;) On 11/4/2014 8:32 AM, Andy Schmidt wrote: Dito! -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Michael Cummins Sent: Tuesday, November 04, 2014 8:29 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns That all being said, I have some clients that have been using Sendio Appliances (it uses C/R) for years and to them the thing walks on water and makes cotton candy, too. For the right price, it would be an instant sell to many of my customers who primarily use mobile devices. The Sendio appliance isn't cheap, I hear (from them). Hence the line of questioning. If it makes my customers happy and they're eager to pay for it, then hey. My opinion doesn't necessarily need to override theirs. :) Michael Cummins # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to -- David Barker Mail’s Best Friend Email : david.bar...@mailsbestfriend.com Web : www.mailsbestfriend.com Office: 866.919.2075 Mobile : 978.518.6461 # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
