-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For quite a while now, spammers have been using my domain on their spam in such a way that I get bounce messages as a result. Filtering mailer-daemon messages is not too hard.
In February, I was getting a couple hundred a day. In March, it climbed closer to 1,000 per day. Around April 18, I started getting nearly 10,000 per day. I have the mailer-daemon messages under control; again, it's not too hard. The problem I'm having is that along with the increase in those auto-responses, I'm getting OTHER automatic responses as well: mailing lists, vacation messages, help desks, etc. You can see the trend in a pretty graph I made here: http://www.toehold.com/~kyle/email200404/unwanted.png My question is: can I reliably identify those messages better? TMDA seems to do a good job of identifying mailing list messages (subscribe, post, etc.) and not replying to them. I blacklisted returns.groups.yahoo.com and others. I can keep doing that. The email that I hold without challenge is what SpamAssassin scores high either by its heuristics or with Bayes. I notice that I did NOT see a big increase in those, so I'm pretty sure the increase in messages that I challenge is a result of innocuous-looking auto-responses. It could be an increase in extra subtle spam, but I doubt it. In some cases, an auto-responder will auto-confirm its initial response. I know I can take the confirmation address out of the Reply-To: to "fix" that, but I've been just blacklisting them as they come up. I'd like to detect and hold more auto-responses. So far, all I've done is gape at the numbers. When I start to pick apart the individual messages, I may see trends I can use. I'm wondering, though, if someone else has already had and solved this problem. Is there a good way to detect some of these otherwise normal-looking auto-responses? It's nice that TMDA blocks them for me, but it would be even nicer if I could avoid challenging them. - -- Kyle Hasselbacher Disclaimer: May cause drowsiness. [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAlmzb10sofiqUxIQRAo1OAKDTw0wbVVI2Jd2YyzQBwWrXelP8lgCfVJ11 zK/dfvGP00dsWmZ3+5Le5pE= =UHxS -----END PGP SIGNATURE----- _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
