[clug] spamsum usage in the real world
Kim Holburn
kim at holburn.net
Wed Nov 15 03:30:22 GMT 2006
If you think greylisting is good (and it is at the moment) then it
won't last long.
The Spammers Strike Back
http://www.eweek.com/article2/0,1895,2051949,00.asp
> Opinion: The recent surge in spam volume is due to the
> assertiveness of botnets and an increase in the sophistication of
> their spamming efforts.
>
> Everybody's seen it by now. Spam is up like gangbusters in the last
> few months. And not just in volume; a lot more of it is getting
> through filtering mechanisms that had previously been pretty
> reliable. It's an aggravating and depressing situation.
>
> A number of factors have contributed to the situation, and what
> they all have in common, unfortunately, is that spammers are
> getting much more sophisticated.
>
> Botnets have gotten so sophisticated that they're almost impossible
> to shut down. This surge of spam is, perhaps, a show of strength,
> as well as the botmasters exercising the fruits of their efforts
> developing an underground network.
>
> How big is the surge? Postini, the largest hosted secure e-mail
> provider out there, handling over 1 billion messages a day, ought
> to know, and know in real time. The company says spam volume is up
> 120 percent over the last year, but 59 percent in the last two
> months. That's in line with numbers I've heard bandied about
> elsewhere, and it's a huge rate of increase.
>
> Another factor is what security vendor Borderware calls "anti-anti-
> spam spam," meaning spam that attempts to defeat anti-spam
> measures. Spammers have learned all sorts of tricks.
>
> For instance, if a recipient rejects the message, they are
> attempting to resend the message like a real mail server will.
> Spammers historically have had naive mail transfer programs that
> send a message and then move on, ignoring any errors.
>
> Many anti-spam systems rely on this characteristic to employ a
> technique called graylisting. They reject the message once from any
> sender they do not recognize and accept it on resubmission,
> whitelisting the sender at the same time. This all assumes that a
> spammer won't retransmit. Graylisting seems headed for the ash heap
> of anti-spam history.
http://www.eweek.com/article2/0,1895,2051950,00.asp
On 2006/Nov/15, at 1:51 PM, Cody W. Appleby wrote:
>
> Only problem with this is that customers expect email to be
> delivered in around
> 30 seconds,
> Greylisting drags this out to around 10-15 mins at most, I implemented
> greylisting and the amount of phone calls and emails I got abusing
> me for it
> because there email is taking slightly longer that usual out weighs
> the
> benefits.
>
> It did however cut Bandwidth and Spam numbers about 65%!!
>
> Cheers,
> Cody.
>
> On Wed, 15 Nov 2006 13:04:20 +1100, tmc at vandradlabs.com.au (Tomasz
> Ciolek) wrote:
>> ahem...
>>
>> on filtering, I have found greyloisting to work quite well. sometimes
>> you get oddities with mic-configured systems, but other than that my
>> spam load dropped off by 90% or so...
>>
>> Tomasz
>>
>> On Wed, Nov 15, 2006 at 10:30:43AM +1100, Michael James wrote:
>>> On Tuesday 14 November 2006 6:52 pm, Nemo wrote:
>>>
>>>> Currently we're just running spamassassin (via spamd/spamc) over
>>>> all
>>>> messages (many customers, we don't want to teach them how to train
>>>> a bayesian filter), but this is a chunky performance hit.
>>>
>>> If you have enough customers using IMAP
>>> could they be educated to use this?
>>>
>>> Each user gets a SPAM folder for the auto-detected SPAM.
>>> You ask them to dump any missed spam in there too,
>>> and to remove any false positives.
>>>
>>> A cron job runs spamassassin or dspam in learning mode,
>>> assuming all read messages in the spam folder are actually spam.
>>> Search the other mail folders for the
>>> spamassassin over-threshhold header,
>>> and learn it as ham.
>>>
>>> michaelj
>>>
>>> --
>>> There is no perl one line hack
>>> that a page of java won't do more elegantly.
>>> --
>>> linux mailing list
>>> linux at lists.samba.org
>>> https://lists.samba.org/mailman/listinfo/linux
>>
>> --
>> Tomasz M. Ciolek
>> *********************************************************************
>> **********
>> tmc at vandradlabs dot com dot au
>> *********************************************************************
>> **********
>> GPG Key ID: 0x41C4C2F0
>> GPG Key Fingerprint: 3883 B308 8256 2246 D3ED A1FF 3A1D 0EAD
>> 41C4 C2F0
>> Key available on good key-servers
>> *********************************************************************
>> **********
>> --
>> linux mailing list
>> linux at lists.samba.org
>> https://lists.samba.org/mailman/listinfo/linux
>
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
--
Kim Holburn
IT Network & Security Consultant
Ph: +61 2 61258620 M: +61 417820641 F: +61 2 6230 6121
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
Cacert Root Cert: http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.
Use ISO 8601 dates [YYYY-MM-DD] http://www.saqqara.demon.co.uk/
datefmt.htm
Democracy imposed from without is the severest form of tyranny.
-- Lloyd Biggle, Jr. Analog, Apr 1961
More information about the linux
mailing list