Re: A Question
- Date: Tue, 17 Feb 1998 13:44:57 +0100
- header-from address identical to header-to address
(incidentally, I've had 2 cases where a 'vacation'
message was seen as spam, because the remote user
had pre-filled the To: line with his own address);
Some system administrators might want to include an
exception to this rule, i.e. only filter this when
the domain-part is not 'local'
You missed my point: what I described is not a
*central* mail filter, but a *personalised* one.
Every user is free to add or remove things as
he/she sees fit.
That way you won't miss crontab output (from root to root ;-)
I forgot to mention that the above filtering is
not applied to local addresses.
- empty from-address or to-address;
As Richard pointed out this (empty To, From is obligatory)
might filter perfectly legal mail (i.e. Bcc's or mail with
only a Cc-recipient (silly but legal))
If there's only a Cc-recipient, my filter
takes that to be the To-recipient.
- space or tab in localpart;
Aha, the space-rule could filter out legal mail coming from
for example X.400 systems ;-).
Good! :-)
RFC822 also doesn't object to spaces in the local part,
provided the string is quoted.
You're right. I'll look at that again to make
my filter 'quoted-string-proof'.
- localpart consisting of 8 digits;
Students with their registration ID as local part ?
Never had any mail of them.
- localpart consisting of any of the names "everyone",
"friend" or "user".
The combination of the central and 'personalised' filters
is quite effective: I've seen upto 80 messages per day
blocked or discarded this way.
Personally I have my problems with header/content based
filtering. Although probably effective in discarding spam
there is also a fair chance that such filters mark perfectly
valid mail as 'unwanted'.
Again: this header/content based filtering is
done by *my* personal filter. People here are
free to set up their own filter or to use no
filter at all.
Besides logging the rejections one probably should filter
them to a separate folder and at times inspect that folder
for false positives.
I log the first few lines of every discarded
mail. In practice that gives enough indication
of whether or not it was a valid mail. If it
was, I can change my filter and ask the sender
to resend the message.
When our users ask about spam-filters I always tell them
that they should take the risk of not seeing valid mail
into account
So do I.
and in most cases after that no filters are installed ;-)
Not so here.
And of course, spammers are not stupid
Wish they were... :-)
once they know certain things are commonly filtered out,
a new way of spreading their junk is used and everyone
needs to update the filters, this might not scale in
the long run.
Internetting is a constant battle against misuse.
That will never change, but in my view filtering
can scale, even on the long run.
Piet