Great Circle Associates List-Managers
(May 2002)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: large ISPs blocking mailing lists
From: Nick Simicich <njs @ scifi . squawk . com>
Date: Mon, 20 May 2002 21:18:42 -0400
To: list-managers @ greatcircle . com
In-reply-to: <200205201416.g4KEGQc18454@mailman.ucar.edu>
References: <200205161442.g4GEgre08152@mail.rev.net>

At 08:16 AM 2002-05-20 -0600, Greg Woods wrote:
> > 2) is arguably a violation of 2822 [which to my reading *requires* that
> > sites accept email addressed to 'postmaster'].
>
>Yes, and of course the spammers know this, and so my postmaster account
>gets *tons* of spam. I am probably going to be forced to filter it just
>because of the sheer volume. I can't find the legitimate messages inside
>of the 300 or so spams my postmaster account receives daily.

As far as mailing lists go, the same problem exists.  The bounces have to 
get through to the -owner addresses.  But you do not want to read the spam.

I use postfix, which allows me to set up different anti-spam rules for 
different userids.  Thus it is simple to set up a "restrictive" and a 
"permissive" set of spam protections and use different rules for each (in 
actual fact, I run 10 different levels for different classes of IDs and 
sometimes for individual ids).  As an example, my -owner addresses for my 
lists use restrictive permissions, but since majordomo2 uses address 
extensions for bounce detection, I use permissive anti-spam for the 
*-owner\+\S+\@ (those of you who read regexp get the idea) so that I get 
the bounces from even poorly setup sites.  The -request address and the 
list address (which are robots that can read spam without a problem) get 
permissive checks, but addresses or even versions of same that are read by 
humans get restrictive checks.  I have personal addresses which get even 
different checks, and so forth.

I have probably wimped, but someone who would normally get rejected by my 
site can subscribe - by using the web site to subscribe.  They can post, 
since the posting addresses will let someone post, who has confirmed, in 
almost all cases, even if they can't normally send mail to my system.

But, again, I am in the same dilemma.  I have set up the postmaster and 
abuse addresses to accept mail even from misconfigured sites -- they get 
the least restrictive checks, the only thing that ever filters them is 
occasional wild site filters --- I've had a couple of sites go nuts and 
loop bouncing mail - they get dropped into a short term special filter so 
that I can restrict them at the RFC821 interface, but they also get a 
specific reason --- this happens *very* rarely.

I then filter the mail (even from postmaster) through maildrop to try and 
reduce the spam I actually read in detail.  For the postmaster addresses in 
particular, I have found that checking the received line for reverse 
translation mismatches and helo mismatches and also checking the rfc822 
headers for mail sent openly to postmaster as opposed to bcc'd is really 
good at sorting the spam sent to postmaster from the real e-mail sent to 
postmaster.

These checks are surprisingly accurate.  I'll admit that without the 
country block for Korea and the rbl checks and the DNS checks, a ton of 
spam gets through to the postmaster addresses.  A custom perl script 
displays just enough of the mail to allow me to make the spam-nospam 
decision very quickly, and spam ends up at the appropriate site (bounced 
and reported) whereas nonspam (what little does get falsely dropped into 
this bucket) can be quickly pushed back into the mail mainstream, with a 
tag such that it won't get refiltered.

A long time ago, it became clear to me that mail had to be dealt with by 
the 90-10 rule.  90% of the mail had to be dealt with a keystroke (or less) 
while 10% was worthy of a gui.

Without maildrop (or procmail) to presort the mail, this whole task would 
be a lot harder.

Why is this appropriate to list-managers?  It is especially important that 
any system running a MLM have a contractible postmaster and abuse - and 
there has to be a way to read it and find the real complaints while 
skipping the fluff.

--
War is an ugly thing, but it is not the ugliest of things. The decayed and 
degraded state of moral and patriotic feeling which thinks that nothing is 
worth war is much worse. A man who has nothing for which he is willing to 
fight, nothing he cares about more than his own personal safety, is a 
miserable creature who has no chance of being free, unless made so by the 
exertions of better men than himself. -- John Stuart Mill
Nick Simicich - njs@scifi.squawk.com




References:
Indexed By Date Previous: Re: solicited vs. unsolicited mail
From: Nick Simicich <njs@scifi.squawk.com>
Next: Re: spamjinn.com for anti-span tools
From: kirk Bailey <idiot1@netzero.net>
Indexed By Thread Previous: Re: large ISPs blocking mailing lists
From: Greg Woods <woods@ucar.edu>
Next: Re: large ISPs blocking mailing lists
From: Sharon Tucci <Sharon@listhost.net>

Google
 
Search Internet Search www.greatcircle.com