On Sat, 24 May 2008, Andrew Lentvorski wrote:
Paul G. Allen wrote:
Adding addresses to the black list permanently blocks such addresses.
Stop right there. You have an implicit assumption of "user with clue".
Those of us who run business email systems have no such user.
hehehe thats funny a user with a clue! thankfully i was not drinking my
starbucks when i saw that :D
I dont assume anyone has a clue but telling all these clueless users to "drop
all your spam into the spam folder, and everynight it gets specially deleted and
it reduces your spam" then a nightly cron job that
1. makes a list of all the from addresses
2. removes any whitelist addresses from the list
3. blacklists any address in both the grey list and this list
4. grey lists this list
5. removes greylisted addresses after 180 days
6. deletes all email in this special spam folder
works well. BTW #2 works well to help reduce stupidity remember any address that
gets this treatment passed all other tests
why do they need to know the mechanics of it? this is an argument that gets made
all over, "you will be a better driver if you know how the car works" when in
fact you only need to know how some parts of the car work to be a great driver.
2) This is a variant of the "backscatter spam" problem. The problem
occurs when you get forged return addresses. Since you can't count on the
return address, these systems can be used to DDoS an intermediate party.
This is the same reason why sanely configured mail systems no longer send
"Unable to deliver" messages in return.
ASK is the last thing the e-mail sees. All other methods used in my
previous e-mail are implemented first. All the other methods will
effectively eliminate 90% of the spam that your system sees, significantly
reducing backscatter.
It doesn't matter. A forged return address can pass all of your checks.
Remember, the spammers aren't just creating their own email systems. They
also hijack systems and then send through real, normal, properly configured
email systems.
nothing is going to work 100% and at this point in the internet I see no way of
fixing it ever, no one wants a body saying who can send email and who cant,
because any mechanics of that will be used wrongly.
all any system can do is reduce the amount of spam that gets by. this method
works well, along with other methods.
Never had an ASK challenge or response tagged as spam.
Every single challenge email I have ever seen now gets marked as SPAM. This
caused me a *huge* nightmare with three different companies that I was caught
in between.
then your system is broken. but your not saying "i cant fix my system" your
saying "this type of system cant work" those are different
Richard Reynolds
[EMAIL PROTECTED]
--
KPLUG-List@kernel-panic.org
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
