On 8/22/2020 3:35 PM, Kenneth Porter wrote:
--On Saturday, August 22, 2020 11:15 AM -0400 Jered Floyd
<je...@convivian.com> wrote:
Like most ISPs, they have a feedback loop to remove malicious users. I
assume it is too slow, so a SendGrid account ID RBL would provide
meaningful value.
Would not Pyzor accomplish the same thing? Submit the SendGrid spam to
Pyzor to quickly get it blacklisted.
(1) Pyzor requires resource-expensive content filtering - whereas the
sendgrid list can do the filtering at the SMTP-envelope level - BEFORE
the message is even downloaded - for some systems with millions of users
- that is a HUGE advantage.
(2) being filterable at the SMTP-Envelope level opens up possibilities
for things like MTA plugins or feature additions - that enable this
filtering at the MTA level - for MTAs that do NOT try to do any content
filtering of the message. That creates more options for deployment where
many will hopefully be able to make use of this, who don't have Pyzor
(for whatever reasons)
(3) The strategy you described is SOMETIMES easily defeated with certain
variations in the messages, where each message is sufficiently different
to NOT be blockable by Pyzor. That is a HUGE loophole in Pyzor
technology. This Sendgrid ID list doesn't have that problem.
(4) Also, a spammer who sends out many different types of spams - can
potentially stay off of Pyzor's radar - but yet ALL of those spams under
that Sendgrid ID - will be collectively noticed in our engine. And,
likewise, Pyzor's methods could create a game of whack-a-mole. The
spammer will just keep coming out with new types of spam - that all get
past Pyzor while Pyzor tries to catch up - then Pyzor catches up - then
the spammer just reformats the content. Rinse. Repeat. Meanwhile, ALL of
those LATER spams are ALREADY blocked by our Sendgrid list BEFORE the
next types of spams are sent - ALL OF THEM. (you could argue that we
might get into a game of whack-a-mole too with those Sendgrid IDs - but
we're FAR less vulnerable to that - it will happen MUCH LESS often!)
(5) for these reasons and others - I strongly suspect that our Sendgrid
list is going to have a MUCH faster turnaround time on listing the
initial spams from a new sendgrid ID - and, as mentioned, their later
spams will then ALREADY be caught by this Sendgrid list - while Pyzor is
bogged down in that silly whack-a-mole game.
Don't get me wrong - Pyzor and other such checksum content filters - are
wonderful and have their place - but thinking that they remove the need
for this Sendgrid list - is absolutely not even close to true.
--
Rob McEwen
https://www.invaluement.com
+1 (478) 475-9032
