[NTLUG:Discuss] Spam question
Paul Ingendorf
pauldy at wantek.net
Tue Jan 21 22:58:28 CST 2003
Something I have found quite effective is to simply block the ip that sent the
message. If I find an address block that is creating a problem I block the
entire range. Currently I have about 10-20 blocked messages a day from ips
that I have blacklisted. There will always be ways to get aorund even the most
sophisticated content filters. It takes a lot more enginuity to get around a
blocked ip. There is also the hope that one day every ip on the internet will
be blocked except the ones who take preventing spam seriously. One thing that
will block 25-30% of your spam e-mails is to add a rule to reject from those
domains. For some reason people love to spoof those addresses when sending
spam. I'm not sure why but they do it all the time.
Quoting Wayne Dahl <w.dahl4 at verizon.net>:
> Ok guys, here's a good question for the group. I'm sure you've all
> gotten spam that you've written filters for, but it seems the latest
> batch of junk is written specifically to bypass filters. For example,
> if you write a filter to delete messages containing the word fizgig,
> inevitably, someone wanting to bypass your filters will write the
> email
> in html with something like this crap in it....fiz<-!---12354->gig and
> the filter merrily passes it by.
>
> So...what have you guys done to kill this garbage when there is
> nothing
> else in the email to key on?
>
> Wayne
>
>
>
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
>
--
-->> mailto:pauldy at wantek.net
-->> http://www.wantek.net/
Running ....... Cos anything else would be a waste...
`:::\' ....... ......
::: * `::. ::\'
::: .:: .:.::. .:: .:: `::. :\'
::: :: :: :: :: :: :::.
::: .::. .:: ::. `::::. .:\' ::.
:::.....................::\' .::::..
More information about the Discuss
mailing list