[Mimedefang] Powerful anti-spam rule that never discards valid e-mail
David F. Skoll
dfs at roaringpenguin.com
Sat Jan 11 19:58:01 EST 2003
Hi,
As part of the development of my commercial anti-spam solution CanIt
(http://www.canit.ca/), I discovered a powerful anti-spam rule that I'm
sharing with the MIMEDefang community.
Empirical evidence suggests about 35-45% of spammers use special software
to spam from home computers rather than relaying through legitimate MTA's.
More empirical evidence tells me that this special spamware ignores
temporary-failure codes, never retrying a failed message.
Therefore, CanIt allows you to return a temporary-failure code at the
MAIL FROM: phase for a sender you've never seen before. (It keeps a
database of all known MAIL FROM: senders, and tempfails new entries.)
If you have many people at your site, you can keep a database of MAIL
FROM: per RCPT TO:, and do the tempfail at the RCPT TO: phase. (Your
database may grow rather large in this case.)
If you're worried about legitimate mail being delayed, just give your
mail server another IP address and publish it as a secondary MX record.
Legitimate MTA's will immediately fall back to the "secondary" MX,
and will be accepted (the MAIL FROM: is already known, now.) Spamware
will never retry.
Try it. This simple rule is amazingly effective. I should probably
patent it, but I hate software patents, and I'm disclosing it now
to establish prior art in case someone else tries patenting it. :-)
--
David
More information about the MIMEDefang
mailing list