If I understand that correctly, that is pretty arcane, especially if the domain is either spoofed or "joe-jobbed" which would put them in an innocent bystander category. Operating against the IP number, while not always perfect, is more perfect that using a domain name.
However, there is something else to consider too, and that is reporting the spamvertised web sites, which requires deobfuscating the URL encoding that some of the more clueless spammers do. I also have found that most of the open relay/open proxy block lists only actually offer a partial listing of actual relays. This is the reason that for a blocker to be effective, one must choose several from a long list of databases in order to do the job you want to do. Most of them allow access at no charge. some are self-updating, and others never update and consequently get stricter and stricter, which is not a good thing. Now, filtering rules, are something else again, and that is a good thing to spend effort on, to score the subject and content, and when a threshold is reached the mail is isolated. The open relay stuff is checked first, and if an IP appears on one of them then that mail is not even allowed a connection. For rules to apply, the email must be downloaded to apply the rules, and once downloaded, either dumped into dev/null (deleted) or routed to a spam folder. for periodic review to guard against false positives. I have been involved in anti-spamming for several years, and I recognize the yeoman's job you are doing to create a workable application, and hopefully will not require a heavy administrative burden for the user. The one good thing that can come from the occasional good email that has been blocked is the pressure the ISP's customer can directly apply to them to rigidly enforce their Terms of Service. The most effective tool for reducing the endless spew of spam will be when the ISP can no longer make a profit by either hosting it or allowing it to pass through their systems at the expense of losing their regular customers. My experience is that the smaller, regional service providers are the most responsive to spam complaints and are pretty quick about terminating accounts, whereas the larger providers are so swamped with complaints, they are, for the most part, unresponsive. Another problem is misconfigured mail servers that are operating as open relays, mostly off shore, that do not follow the RFC's which require them to report accurately the origin of email transiting their servers. The cause may be that so much software overseas is pirated, it is not kept up to date, but I am only guessing here. The result in those cases is that one can never trace all the way back to the origin the source of the spam. ====================================== Stop spam on your domain, use our gateway! For hosting solutions http://www.clickdoug.com ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 ====================================== If you are not satisfied with my service, my job isn't done! ----- Original Message ----- From: "Michael Dinowitz" <[EMAIL PROTECTED]> To: "CF-Community" <[EMAIL PROTECTED]> Sent: Thursday, June 12, 2003 5:41 PM Subject: Re: iMS CFUG Edition | As a side note, this is one of the reasons for banning a domain. When I get spam | from a domain I email both their postmaster and abuse accounts. When I get an | email like this, the domain gets flagged as needing a once over. If, after a | once over, I can't get any response from them (even a recorded message), then | it's banned. | This place happens to be a substance abuse center. I'll then go into the spam | message to see if they were sending it or if they have an open relay. If they | sent it, then they're spammers and are blocked. If it's a relay, I'll try to | hunt down their admin to report it. | | <[EMAIL PROTECTED]>: host posti.a-klinikka.fi[193.64.139.107] said: 550 5.7.1 | Unable to relay for [EMAIL PROTECTED] | | <[EMAIL PROTECTED]>: host posti.a-klinikka.fi[193.64.139.107] said: 550 | 5.7.1 Unable to relay for [EMAIL PROTECTED] | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=5 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=5 This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
