Hi there, On Mon, 14 Sep 2020, Eric Tykwinski wrote:
It really does amaze me how many people don’t know the reputations ...
The best way to find out about these things is to run a mail server, and most people don't do that.
... providers like DO, OVH, Hetzner, AWS and right now SendGrid…
It was only a couple of years ago that I implemented the ASN blocklist in my milter - more or less in desperation - but all those in your list were on it from the start. There's an exceptions list of course. It's difficult to get on that one (and if you're with OVH it's impossible. ;) You forgot to mention gmail, outlook and yahoo. At one time Redmond's offerings were among the best, but it seems to me they've gone rather downhill in the past few months. Google might make a big deal of how many million fraudulent messages they block every day, but they don't make much noise about how many they _send_ every day. And with the AI investments they claim to have made you'd think they could spot that a lawyer representing the United Nations who's offering to split a cache of negotiable bearer bonds with me 50-50 and wants me to reply by mail to a yahoo account, or call him in Nigeria, is unlikely to be kosher - especially when the same message was sent to thousands of recipients. But to sort of stray back on topic, if you want to even semi-automate blocklisting then ClamAV with a bunch of third-party signatures can do a fair job at the triage stage. Having said that, don't underestimate the task. If you've never run a mail server before, it will open your eyes to just how much of global Internet traffic is outright criminal. This morning I'm seeing messages via outlook.com to lots of people who I've never heard of, about just over seventeen grand sitting in a bank account that has obviously been forgotten. The recipients don't have mail accounts with us so the messages are going into the tarpit. You might think that somebody at Microsoft would want to know why so many messages sent by their customers were not being delivered, but nobody there will even notice. I'm quite convinced that nobody there cares. Many of the providers unashamedly welcome criminal customers. Protecting businesses from this has taken up most of my work life for the past couple of decades, and I'm still looking for a way to explain that better than "you've never been compromised". People very quickly get used to what's 'normal'. If it's normal that their systems aren't compromised then it can be really difficult to get through to them how much work it takes to keep things that way. All they'll see is their work, the results of all your work are more or less transparent. It's like having a reliable water supply. It makes little impression until it isn't there, when people may start to realize how important it was. Catch 22. The only way they'll see what you mean at first hand is if you fail to do the job properly. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
