Planet Geek!: Spam fighting and whitelisting. What's the correct path?

Jan. 17th, 2007 05:28 pm
penk: (Default)
[personal profile] penk

Well, it's hit that point. With the astronomical increase in spam lately, it's getting quite obvious the problem will not abate on it's own. The open-ended 'we trust each other' process of mail delivery is now in it's death throes, it's time to look at other solutions.



According to my spam report, my personal inbox is getting 450-650 caught spams a day. Unfortunately, that is only my Stage One filter. I also use Thunderbird as my email client, which has excellent spam filters of it's own, and that catches another 100-150 messages there. I have monitors showing me the total mail I receive daily, and it's in the 1500 messages range, of which 500 or so are mailing list messages. That means one out of every 100 messages I receive is legit. And lately, the filters have occasionally gotten things wrong. Mail intended for me is marked as spam, and I never hear about it.



In 12 hours of operation on our only mail server, here is an account of the volume we move:

Grand Totals
------------
messages

   4801   received
   5413   delivered
    173   forwarded
     79   deferred  (434  deferrals)
    230   bounced
    484   rejected (8%)
      0   reject warnings
      0   held
      0   discarded (0%)

  45428k  bytes received
  49843k  bytes delivered
   1416   senders
   1092   sending hosts/domains
    334   recipients
    148   recipient hosts/domains



In the past, it was okay to occasionally go through your spam box and see if there's anything legitimate in there. That is simply not possible in todays climate. It may take an hour to go through a days worth of spam, and is mind numbingly tedious. There's a good chance you'll miss something just because it -looks- like spam.



So what are the options? This is where I'm asking for help. I'm speaking not only for myself, but also for the greater Homeport community. I maintain user accounts for 20-30 people, and they're all under the same attack as I am, maybe to somewhat of a lesser degree, but it's still hurting.



I'll note for the record that we are currently running Amavisd, with Spamassassin, all through Postfix. Amavis is happily removing -all- virii from our mail, so that is not an issue. SA with some filter tweaking is doing an admirable job considering the masssive load it is contending with.



  • Option A - A commercial filtering service

    There are several vendors that offer commercial filtering. Many of them are simple 'mail accounts' that you can POP your mail off of, letting them handle the filtering. Others will forward a specific mail address in and out of their system. Are there services that will filter an entire domain? I'd be willing to pay for a service that maintains its filters, rulesets and RBLs in a respectable fashion.
  • Option B - Fiddling my own configuration

    I've been doing this for quite a while. It's tedious, it's time consuming, and it's never 'quite right'. It'll work perhaps for a few, but how do you really know if it's working correctly? I'm probably going to do one major wash-through to enable the various Postfix standard rules, but in reality, unless someone wants to take over being Spam Master for Homeport's servers, this is not a task I'm keen on doing much longer.
  • Option C - Massively restrict received email

    I like the idea of using some form of sender authentication. I'd be willing to say "If you PGP sign your message, I will accept it". This is something that's available to most mail users, and is easy to enable. It makes tracking easier, and I can rank accepted mail by if I've accepted their PGP key onto my keyring. The drawback to this is that not everyone I communicate with will have PGP set up, and while it will help with authenticating known users (everyone I bludgeon into using PGP), I still run the risk of missing important mail from people I have not corresponded with.
  • Option D - Whitelisting

    This is probably the easiest to implement, but gets the most grief as a poor solution. I know the list of people who I correspond with regularly, I know they are not spammers. There is a slight risk a spammer may forge their email address in a From line, and therefore get through my filters, but in reality, I have seen NO spam of this type ever in my mailbox. Ever.
  • Option E - Give up on email altogether

    No, not give up in this whole concept. But give up trying to run my own server. Gmail and Yahoo both have excellent mail clients, and they are available to remote clients. Why fight this anymore? Everyone should just get their own accounts on gmail, and be done with it.


So that's where I am. I invite folks to chime in with ideas or suggestions on where to go from here. I know this discussion is happening all over the net right now, but wading through that is tedious and rarely productive. I also invite the members of the Homeport community to chime in with their suggestions, observations, or thoughts on how the systems are running now, and where things should go.



Cloned from: Planet Geek!

Category: Geekitude

Full article & comments: Link (Comment ticker: )
  • Add Memory
  • Share This Entry

Profile

penk: (Default)
penk
Planet Geek!

October 2022

S M T W T F S
      1
2345678
9101112131415
16171819202122
2324 2526272829
3031     

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Apr. 7th, 2026 08:12 pm
Powered by Dreamwidth Studios