- NZNOG - lists.nznog.org

Re: [nznog] IP / domain blocking for SPAM prevention
by david＠farrar.com 25 Sep '03

25 Sep '03

> david(a)farrar.com wrote: > > > I actually think it is highly unlikely that with the way > > spammers work they would try to tailor spam individually > > for each ISP to get past what they think are its > > filters. We are not big enough for that. They just > > throw out 100 million of them and hope say 10 million of > > them get through and are not too worried if it is 10.0 > > million or 10.05 million. > > Spammers do try to get past filtering, and use different > methods for AOL, Hotmail, etc. Some try to poison > auto-learning filters as well. Oh I agree they do - but at the scale of the ISPs with 10 million+ customers or products that are in wide use. I can't see a spammer adjusting anything just because they read on a website that Ihug with 80,000 customers uses Spam Assassin. DPF

3 2

Re: [nznog] IP / domain blocking for SPAM prevention
by Jamie Baddeley 25 Sep '03

25 Sep '03

Hi David, So are you saying that in your estimation, products like spam assassin are not in wide use? jamie >>> <david(a)farrar.com> 26/9/2003 2:00:38 PM >>> > david(a)farrar.com wrote: > > > I actually think it is highly unlikely that with the way > > spammers work they would try to tailor spam individually > > for each ISP to get past what they think are its > > filters. We are not big enough for that. They just > > throw out 100 million of them and hope say 10 million of > > them get through and are not too worried if it is 10.0 > > million or 10.05 million. > > Spammers do try to get past filtering, and use different > methods for AOL, Hotmail, etc. Some try to poison > auto-learning filters as well. Oh I agree they do - but at the scale of the ISPs with 10 million+ customers or products that are in wide use. I can't see a spammer adjusting anything just because they read on a website that Ihug with 80,000 customers uses Spam Assassin. DPF _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

1 0

Re: [nznog] IP / domain blocking for SPAM prevention
by david＠farrar.com 25 Sep '03

25 Sep '03

> On Fri, 2003-09-26 at 12:19, david(a)farrar.com wrote: > > > Probably an appropriate time for me to mention that one > > of the activities that the InternetNZ Spam Taskforce is > > looking at is an easy to access website where ISPs and > > others can list what spam technologies they use and have > > available (both at server level and for clients to use). > > So the spammers can see what systems that have to beat to > get their crap through, no thanks. > > I'd happily list on a page that said "These guys do > spam/anti virus filtering" so long as I didn't have to say > in detail what we did. People can give as much detail as they want. I would agree you would not want to list for example the exact filters in place (however noting that at http://www.mirror.ac.uk/sites/spamassassin.taint.org/spamassassin.org/tests… they do list the exact filters and SA works pretty damn well IMO), but detail such as "Use Brightmail", "Use Bayesian Filtering", "Use Spews blacklist" may be useful for consumer choice. Other details I would see as useful if whether the ISP actually filters or just labels so users can filter on the labels. Is the spam filter compulsory or opt-in. Does it cost extra. If they filter is there a spam recovery folder you can check for false positives etc. I actually think it is highly unlikely that with the way spammers work they would try to tailor spam individually for each ISP to get past what they think are its filters. We are not big enough for that. They just throw out 100 million of them and hope say 10 million of them get through and are not too worried if it is 10.0 million or 10.05 million. DPF

2 1

RE: [nznog] IP / domain blocking for SPAM prevention
by Michael Bordignon 25 Sep '03

25 Sep '03

> So the spammers can see what systems that have to beat to get > their crap through, no thanks. How are others supposed to learn then? trial and error? Michael

1 0

Re: [nznog] IP / domain blocking for SPAM prevention
by david＠farrar.com 25 Sep '03

25 Sep '03

> At 10:38 a.m. 26/09/2003, Claire wrote: > > Actually, at least one ISP in the NZ market already has a > 'Virtual Mail Server' ASP product out there, with Spam > and Content Control features coming in the next few > weeks. Probably an appropriate time for me to mention that one of the activities that the InternetNZ Spam Taskforce is looking at is an easy to access website where ISPs and others can list what spam technologies they use and have available (both at server level and for clients to use). Another aspect may be some sort of guide to commercial solutions. Want to avoid it being an "INZ says this is good or bad" but something where users can rate and review solutions so more people are aware of the limitations of Mail Marshall (as one example) or Mailwasher (great product, but bounce facility is inappropriate as it forges) as another example. Consumers Institute is also looking at doing a survey in the near future, and we may team up with them to do one combined survey. DPF

2 1

Xtra outage?
by Juha Saarinen 25 Sep '03

25 Sep '03

So what was the deal there? The Xtra network status page is indecipherable. No idea what "Period: inactive" means, but it looks like customers in 03, 06, 07 and 09 areas couldn't dial into Xtra. Did this affect other ISPs too? -- Juha Saarinen

3 6

FW: Your e-mail message was blocked
by Richard Parkinson 25 Sep '03

25 Sep '03

I tend to turn all this notification stuff off though, so MM doesn't harass the sender for a legitimate email :) -----Original Message----- From: Actionline(a)med.govt.nz [mailto:Actionline(a)med.govt.nz] Sent: Friday, 26 September 2003 11:42 a.m. To: Richard Parkinson Cc: Frank.March(a)med.govt.nz Subject: Your e-mail message was blocked MailMarshal (an automated content monitoring gateway) has stopped the following e-mail as it may contain Inappropriate Content. Message: B00013e871.00000001.mml From: Richard(a)sigel.co.nz To: Frank.March(a)med.govt.nz Subject: RE: [nznog] IP / domain blocking for SPAM prevention If you believe the above e-mail to be business related please contact Actionline(a)med.govt.nz to arrange for the message to be released to its intended recipients. The blocked e-mail will be automatically deleted after 30 days.

1 0

RE: [nznog] IP / domain blocking for SPAM prevention
by Richard Parkinson 25 Sep '03

25 Sep '03

If in saying "filters" you mean, delivers it to a folder along with hoards of other junk for some poor admin to check to ensure there is no legitimate mail in the pile... Yep. I don't find this a great task though. A quick sort by subject, or sender and you quickly wipe out all the crap, leaving a handful of legitimate emails to let through. This might be a painful task for larger sites such as Massey or an ISP. Cheers, Richard. -----Original Message----- From: Steve Withers [mailto:swithers(a)mmp.org.nz] Sent: Friday, 26 September 2003 10:39 a.m. To: NZ NOG Subject: [nznog] IP / domain blocking for SPAM prevention Further comments on IP and domain blocking for *personal* mail servers: Just checked my maillog from yesterday. 70% of rejected mail connects came from hotmail, yahoo, earthlink and aol. 30% came from the 61.* and 218.* Korean IP spaces 10% was rejected by ordb / relay denied / other blocked domains I have wondered if ISPs want to encourage customers to set up individually customisable mailservers on broadband connections - some sort of appliance - that acts as their mail server. Let the business and competent private users decide what they will and won't receive....with benefits to the ISP in terms of reduced bandwidth consumed as spam isn't deliverable to these people. Just lots of rejected connect attempts. This may even be a managed service an ISP could offer a customer / business. If payment is on data-volume, this could help reduce such charges - offsetting any service fee to some extent. Am I right in thinking Mailmarshall still allows the spam to be delivered? It just filters it. The method above prevents delivery. It would be impossible to do this at ISP level....but it may be a service line an ISP might like to offer a client who wants to define what they do and do not receive. -- Steve Withers <swithers(a)mmp.org.nz> _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

1 0

RE: [nznog] Argghhh.... [Fwd: Your e-mail message was blocked]
by Richard Parkinson 25 Sep '03

25 Sep '03

Happy with MailMarshal here :) Works fine if you put the effort into setting it up properly. -----Original Message----- From: Juha Saarinen [mailto:juha(a)saarinen.org] Sent: Friday, 26 September 2003 10:12 a.m. To: Frank March Cc: ActionLine; nznog(a)list.waikato.ac.nz; Jennifer Mortimer Subject: Re: [nznog] Argghhh.... [Fwd: Your e-mail message was blocked] Frank March wrote: > Although I seldom post to this list (and when I do it is arguably > off-topic on occasions), and most of the traffic is of marginal direct > interest to me, I do find this list useful as a gauge of the > temperature and general health of the Net in NZ which is immensely > valuable for my job. However, if the problem persists, and complaints > persist, I will remove myself from the list. I would regard this as > being a very unfortunate outcome. > > And, by the way, and anticipating a message later in the thread from > Juha, I dont ever recall his swearing at me (about me perhaps....) $&@)#*&$@!!! Did you delete the message??? ;-) No, seriously, use a Hotmail account for the list instead of your MED one. Mail Marshal is a blunderbuss approach for dealing with an admittedly difficult problem and I don't know anyone "protected" by it who is happy with it. There's an important issue here to consider as well: as a civil servant, you presumably need to be accessible to the public. Using a filtering system with a high false positive rate prevents that. Oh hi, Donald. Yes, yes, I know, it's OT for the list... -- Juha _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

1 0

Argghhh.... [Fwd: Your e-mail message was blocked]]
by Steve Withers 25 Sep '03

25 Sep '03

On Fri, 2003-09-26 at 09:39, Frank March wrote: > On average Mailmarshal as configured here seems to catch 50% of genuine spam > 'aimed' at me (but is getting better) and about 25% of the blocking messages > are false positives (despite recent problems with this list, I think this > might also be improving incrementally). Nevertheless, personally, I would > much rather have the spam. The record with virus filtering is, however, > exemplary. I had to stop using the junk filter in Outlook because it decided that ALL mail from my boss was spam. I still don't know why. I don't use any server-based spam detection. Because my mailserver is for our family only I do block entire IP ranges and about 450 domain names. We get perhaps 2 spam e-mails through each day between the 4 of us. However...I block all mail from hotmail, yahoo, aol and a few others. That killed a HUGE amount of dross. Senders get a reject message explaining that their domains are the source of too much spam and would they mind resending from a responsible ISP. This also means I often don't see e-mail from people on mailing lists who use these "junk" domains....though this depends on how the list server is configured. -- Steve Withers swithers(a)mmp.org.nz -- Steve Withers <swithers(a)mmp.org.nz>

1 0