[Mimedefang] Greylisting++
David F. Skoll
dfs at roaringpenguin.com
Mon Jul 9 15:40:18 EDT 2007
Hi,
We've recently released a new version of our commercial antispam software
with a new greylisting algorithm that seems quite effective against the
latest crop of PDF spams.
If you want to buy it: <sales at roaringpenguin.com>
If you want to implement it yourself :-), read on.
We noticed that some spammers are using greylist-busting software that
retries every 10 minutes like clockwork. However, they mutate the message
and subject.
So our (post-DATA) greylister takes into account the 4-tuple
(sender-e-mail, recipient-e-mail, sender-ip, message-subject) for
greylisting purposes. Works really well! (Alas, not patentable
because there is prior mention of this technique elsewhere...)
Here's an example of the kind of thing we catch:
Date: 2007-07-07 16:41
Sender: zpe at mchsi.com
Recipient: xyzzy at roaringpenguin.com
Subject: Re: Invitation.bpxtp.pdf
Relay: 190.24.245.180
Date: 2007-07-07 16:30
Sender: zpe at mchsi.com
Recipient: xyzzy at roaringpenguin.com
Subject: Fwd: Invoice_ZETFTTQ.pdf
Relay: 190.24.245.180
Date: 2007-07-07 16:20
Sender: zpe at mchsi.com
Recipient: xyzzy at roaringpenguin.com
Subject: Re: log.pdf
Relay: 190.24.245.180
Regards,
David.
More information about the MIMEDefang
mailing list