A highly effective strategy that we use in our filtering scheme is to create
a filter for the mailing address or phone number (especially those) of spam
message... This often captures many spam that do not get captured via
databases... and this technique is also specific enough to avoid legitimate
mailings in most cases.
Working with Declude, I'm getting about 40% of my spam relief from Declude
and the rest from filters like those described above (& below).
Of course, the downside of filters is the inherent maintenance, but I
believe that Declude brings that maintenance load under control... We'll see
long term, but so far this combination is working very well for us.
My $.02
_M
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Scott Perry
Sent: Friday, January 05, 2001 10:15 PM
To: [EMAIL PROTECTED]
Subject: Re: [IMail Forum] Email Spoofs And Spam.
> Lately our users have been receiving a lot of spam through our
> mail server that seem to be untraceable.
No E-mail is completely untraceable -- at the very least, you can find the
computer that sent it to you.
> There is no "From:" entry in the message headers
The "From:" header is *not* the E-mail address of the sender. It's the
E-mail address the sender *claims* to be. And a spammer doesn't really want
people knowing who he is. Don't bother with the From: header.
> and in many cases no "To:" entries as well.
Same as with the "From:" header; it's whatever the sender wants you to think
the "To:" address was. In the case of spam, it's often another recipient of
the spam (an innocent victim).
> Does anyone know how I can use the message filters to stop these
> messages from being received?
You will need to find something common to all the spam. If there are many
different subjects/bodies, you'll have your work cut out for you. Just be
careful to make sure not to use words/terms that will appear in legitimate
E-mail, or those will get caught, too.
> Or any other methods I can use to filter this spam and
> email spoofs out?
Aside from filtering (or blocking the sender, if you know their IP address,
and it all comes from one/several source(s)), I think you would need to add
other software to handle it. We have our Declude software, and Len has
IMGate, both of which can help (mostly by using DNS lookups against
databases such as RBL and DUL that contain IP addresses of known/suspected
spammers).
--
-Scott
Declude: Anti-virus and Anti-spam solutions for IMail.
http://www.declude.com
--
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
