Am 27. Mai 2018 08:07:37 MESZ schrieb Luca Bertoncello via Exim-users
<[email protected]>:
>Of course I do that!
>But unfortunately I already get tons of spam...
>A couple of years ago was better, but now I get many spam per day
>again... :(
Spam and spam fighting is a evolutionary development. Things worked years ago
very well against >90% of real (!) spam are more and more useless while newer
spammer strategies emerge which require newer ways. On the other hand - the
amount of "self driven" Internet MTAs of many entities / companies was higher
years ago - so i.e. reverse DNS or rfc-conformity was not a usable "hard"
criteria at that time and white mail / ham from a lot of mailers with somekind
"buggy" behaviour was to accept. Today it is possible to "expect more" from a
source MTA.
Typical working anti spam solutions (without false positives and a very high
recognition rate use multiple stages of different solutions and strategies and
more dynamic criteria.
There is no real "one reciept for all" howto, but some things are typically
involved by successfull anti-spam solutions today:
- checking "conformity" to typical RFCs
- DKIM, SPF, DMARC (be aware of lists)
- multiple DNS blocking lists
- DCC
- razor
- spamassassin rulesets
- greylisting strategies
- virus filters
- phishing url filters
- bayesian analysis
...
Exim allows to store and work with variables. Such could be used to "count" and
"weight" multiple aspects of a Email before to decide about a bounce (bit
similiar to spamassassin). I.e. requsting a list of DNSBL and "count" each
record by weight is helpful today (instead of just block if in a list...).
Run a "anti-spam" MX with a really high recognition rate of real spam (not
legal list mail or newsletters) without (!) producing "false positives" was and
is a time consuming job - offen to much for a small company mail system. The
current Definition of "false positives" (what really IS spam and has to be
blocked) is a important part which has to match expectations of the "Users"
("white" Senders as Recievers)
But it costs traffic, hardware and energy too, so that many free mail providers
not want or are not able to go so far with their service.
I'm not a fan of "spam folders" for business users as they do not really save
time, because they have to check that folder regularly to avoid lost business
email.
I usually avoid Spamfilter "training" by users too as this leads to mis-usage
which could result in false positives.
All in one solutions like (standard) Spamassassin could help very wide in
"smaller" systems / for "season" admins, but are just a basic barrier in
practice.
I know that many admins of smaller mailers block on a list of TLD, domains or a
geotarget base as a "quickanddirty spam filter", but the result is not a
Internet email service anymore (as it doesnt work for potential / real white
and proper email Senders) and it will lead to bounces false positives.
This would not be acceptable for i.e. business users which rely on and "just"
expect a reliable email service.
For me, such ugly "hacks" of mailer admins are one reason why many Users today
tend to see Email as a "unreliable, outdated messaging" solution.
hth a bit,
niels.
--
Niels Dettenbach
Syndicat IT & Internet
http://www.Syndicat.com
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
