On Tue, 17 Feb 2009 23:35:57 +0000, Ted MacNEIL <[email protected]> wrote:
>I'm impressed. >I'm not sure what your point is, but you've made it! >------Original Message------ >From: Ted Mac Neil >To: m...@yahoo What I meant to explain is that when we use a solution to filter mail in a company,the solution cannot rely on address of origin, because it is so easy to spoof and make believe you are from IBM or Cisco or GM or whatever. In this example ( if I remember what i did) the header shows US.IBM.COM And indeed this domain will let the mail go through the antispam list. And the spammers know that and use it extensively. So one of the method used is to calculate on the net how many similar mail content are travelling on the net. If the number is high ( thousands or millions ) then this is potentially spam, so a include/exclude list is being updated globally ( the daily or weekly provided subscribed list from the antispam solution vendor). But then as the solution could block mail by mistake, some adjustment needs to be done locally and this is where "massmail parms" come into account. You may adjust with the content filter ( a bit like websense) , and volume. For example here in France if 500 identical mails from IBM with the english word "discount" are coming in, then this has to be spam and we stop it. But then if there is no suspicious word it becomes slightly trickier. But then out of 4000 employees working in Insurance, Bank or whatever, it is not logical 500 of them receive the same mail from a computer company. I have been looking at different solutions in the past and not one is perfect. It is not a simple matter. Bruno Sugliani zxnetconsult(at)free(dot)fr http://zxnetconsult.free.fr ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
