[users] Mail from list detected as Spam
Hugo van der Kooij
hvdkooij at vanderkooij.org
Thu Jan 25 22:42:03 CET 2007
On Thu, 25 Jan 2007, Dag Wieers wrote:
> On Wed, 24 Jan 2007, Alan Hodgson wrote:
>> On Wednesday 24 January 2007 11:47, Dag Wieers <dag at wieers.com> wrote:
>>> You base your logic that a reverse name lookup with 'adsl' in the
>>> name is SPAM. I am telling you that this generalisation of the
>>> definition SPAM is wrong. The example is this list.
>> No one is saying the mail is spam.
> Actually, it was the sole characteristic for tagging it spam if I read his
> mail correctly.
> I don't mind if you take it as part of the calculations (one of the many
> characteristics). Bug if you don't then I think the problem is the
> configuration and you'll need to live with the consequences really.
Well I've been bitten a bit by this myself. In general I let postgrey
take care of the unknowns and it works pretty well. But every now and
again I parse the mail log to see if some networks stand out to hit the
greylisting defense a lot. The first network I decided to block was the
I also tightened the check on NL and BE ISP's and there is where I ran
into the same blacklist issue myself.
Considering the average infection rate on any network I tend to considere
'Dynamic' (Cable, DSL or dialup) networks a high risk party and one that
propably should not connect with SMTP to me in the first place.
The problem with spam is that one starts to take more drastic measurements
to get rid of the tons of them and that may result into 'collateral
damage' in some cases.
On the other hand I pretty much understand the point where one would
expect a business connection to be free from such restriction. But it is
getting hard to distinguish private users from small businesses sometimes.
For me I know I use some tight rules and I accept that some of the
restictions may be too tight for some other people's comfort and messages
may be blocked that one would like to have passed without interference. As
long as it is below a 0.1% on average I can live with a > 99% spam
detection and kill rate.
In this case I did have to use a whitelist entry on top of the broader
blacklist entry to keep reading the mailinglist. If you considere the
following list of top spam senders (according to my geolite enhanced
[US] United States: 1217
[KR] Korea, Republic of: 389
[ES] Spain: 380
[FR] France: 343
[CN] China: 250
[IT] Italy: 242
[RO] Romania: 235
[DE] Germany: 230
[RU] Russian Federation: 229
[BR] Brazil: 225
Belgium is doing relatively well at is was not even on the list with < 20
incidents per week.
hvdkooij at vanderkooij.org http://hvdkooij.xs4all.nl/
This message is using 100% recycled electrons.
More information about the users