ACME Labs mail filtering tutorial

Tom Anderson tanderso at oac-design.com
Fri May 27 21:45:11 CEST 2005 

----- Original Message ----- 
From: "Jef Poskanzer" <jef at mail.acme.com>
> Sounds good.  But as I said in my paper, the DNS-RBL concept sounds
> good too.  In practice, it's not so good.  For instance, you give
> the rfc-ignorant lists as examples of "good" DNS-RBLs.  I have
> personal experience to the contrary.  They listed acme.com based
> on criteria contrary to their stated goals, and they were extremely
> pissy about removing the listings.  There are many other examples.
> All DNS-RBLs end up this way in the end.  There are no exceptions.
> It's inherent in the way they are set up, ceding control of your
> mail system to a third party with no check on corruption.  Do not
> use DNS-RBLs.

I'm actually rather glad they give you a hard time if you're not adhering to 
internet standards.  You failed to mention what criteria they listed you for 
though.  Saying that "All DNS-RBLs end up this way" is simply unsupportable, 
especially based on only a single experience noted.  My experience getting 
delisted from Spamhaus presented no frustrations at all.

Also, whether or not you decide to use them doesn't change the fact that 
others do.  You will still have to get yourself delisted if you end up on 
one.

>>>I would also add to your procmail section setting up a phony account that
>>>has anything sent to it delivered to bogofilter as spam.
>>
>>Yup, honeypots are a good idea too.
>
> I agree, however mine have been showing a big drop in traffic over the
> past half year or so.  I just added a short note about this here:
> http://www.acme.com/mail_filtering/bayesian.html#spamtraps

This is probably because most spam is sent via zombies these days.  And the 
zombies rely more on harvesting Outlook address books than they do 
harvesting random websites or trying random users at a domain.  A modern day 
honeypot should probably be in all of your contacts' address books, 
especially the ones who are computer ignorant.  Since most people have their 
email client set up to automatically add addresses they respond to into 
their address books, you could simply send them an email from the honeypot 
address saying "I'm testing my server... please help me by hitting REPLY, 
and let me know you got this.  Thanks.  P.S. Don't use this address for real 
email correspondance."  To reinforce the "not to be used" instruction, you 
can call your honeypot DoNotUse at yourserver.com or something similar.

Tom

More information about the Bogofilter mailing list