[users] Mail from list detected as Spam

Hugo van der Kooij hvdkooij at vanderkooij.org
Thu Jan 25 22:42:03 CET 2007 

On Thu, 25 Jan 2007, Dag Wieers wrote:

> On Wed, 24 Jan 2007, Alan Hodgson wrote:
>
>> On Wednesday 24 January 2007 11:47, Dag Wieers <dag at wieers.com> wrote:
>>> You base your logic that a reverse name lookup with 'adsl' in the
>>> name is SPAM. I am telling you that this generalisation of the
>>> definition SPAM is wrong. The example is this list.
>>
>> No one is saying the mail is spam.
>
> Actually, it was the sole characteristic for tagging it spam if I read his
> mail correctly.
>
> I don't mind if you take it as part of the calculations (one of the many
> characteristics). Bug if you don't then I think the problem is the
> configuration and you'll need to live with the consequences really.

Well I've been bitten a bit by this myself. In general I let postgrey 
take care of the unknowns and it works pretty well. But every now and 
again I parse the mail log to see if some networks stand out to hit the 
greylisting defense a lot. The first network I decided to block was the 
abo.wanadoo.fr range.

I also tightened the check on NL and BE ISP's and there is where I ran 
into the same blacklist issue myself.

Considering the average infection rate on any network I tend to considere 
'Dynamic' (Cable, DSL or dialup) networks a high risk party and one that 
propably should not connect with SMTP to me in the first place.

The problem with spam is that one starts to take more drastic measurements 
to get rid of the tons of them and that may result into 'collateral 
damage' in some cases.

On the other hand I pretty much understand the point where one would 
expect a business connection to be free from such restriction. But it is 
getting hard to distinguish private users from small businesses sometimes.

For me I know I use some tight rules and I accept that some of the 
restictions may be too tight for some other people's comfort and messages 
may be blocked that one would like to have passed without interference. As 
long as it is below a 0.1% on average I can live with a > 99% spam 
detection and kill rate.

In this case I did have to use a whitelist entry on top of the broader 
blacklist entry to keep reading the mailinglist. If you considere the 
following list of top spam senders (according to my geolite enhanced 
parser):

[US] United States:                       1217
[KR] Korea, Republic of:                   389
[ES] Spain:                                380
[FR] France:                               343
[CN] China:                                250
[IT] Italy:                                242
[RO] Romania:                              235
[DE] Germany:                              230
[RU] Russian Federation:                   229
[BR] Brazil:                               225

Belgium is doing relatively well at is was not even on the list with < 20 
incidents per week.

Hugo.

-- 
 	hvdkooij at vanderkooij.org	http://hvdkooij.xs4all.nl/
 	    This message is using 100% recycled electrons.

More information about the users mailing list