<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: A Question


    	- header-from address identical to header-to address
    	  (incidentally, I've had 2 cases where a 'vacation'
    	  message was seen as spam, because the remote user
    	  had pre-filled the To: line with his own address);
    Some system administrators might want to include an
    exception to this rule, i.e. only filter this when
    the domain-part is not 'local'
You missed my point: what I described is not a
*central* mail filter, but a *personalised* one.
Every user is free to add or remove things as
he/she sees fit.

    That way you won't miss crontab output (from root to root ;-)
I forgot to mention that the above filtering is
not applied to local addresses.

    	- empty from-address or to-address;
    As Richard pointed out this (empty To, From is obligatory)
    might filter perfectly legal mail (i.e. Bcc's or mail with
    only a Cc-recipient (silly but legal))
If there's only a Cc-recipient, my filter
takes that to be the To-recipient.
    
    	- space or tab in localpart;
    Aha, the space-rule could filter out legal mail coming from
    for example X.400 systems ;-).
Good! :-)
    RFC822 also doesn't object to spaces in the local part, 
    provided the string is quoted.
You're right. I'll look at that again to make
my filter 'quoted-string-proof'.
    
    	- localpart consisting of 8 digits;
    Students with their registration ID as local part ?
Never had any mail of them.
    
    	- localpart consisting of any of the names "everyone",
    	  "friend" or "user".
    	The combination of the central and 'personalised' filters
    	is quite effective: I've seen upto 80 messages per day
    	blocked or discarded this way.
    Personally I have my problems with header/content based
    filtering. Although probably effective in discarding spam
    there is also a fair chance that such filters mark perfectly
    valid mail as 'unwanted'.
Again: this header/content based filtering is
done by *my* personal filter. People here are
free to set up their own filter or to use no
filter at all.

    Besides logging the rejections one probably should filter
    them to a separate folder and at times inspect that folder
    for false positives.
I log the first few lines of every discarded
mail. In practice that gives enough indication
of whether or not it was a valid mail. If it
was, I can change my filter and ask the sender
to resend the message.
    
    When our users ask about spam-filters I always tell them
    that they should take the risk of not seeing valid mail
    into account
So do I.
    and in most cases after that no filters are installed ;-)
Not so here.
    
    And of course, spammers are not stupid
Wish they were... :-)

    once they know certain things are commonly filtered out,
    a new way of spreading their junk is used and everyone
    needs to update the filters, this might not scale in
    the long run.
Internetting is a constant battle against misuse.
That will never change, but in my view filtering
can scale, even on the long run.


	Piet




<<< Chronological >>> Author    Subject <<< Threads >>>