more spam filtering ideas

[Tom Metro]

A description of spam filtering techniques used by an ISP that claims to 
  have "the most advanced Spam and Virus Filter on the Planet!"

http://www.junkemailfilter.com/spam/how_it_works.html


Of note is that he's using Exim, and claims that many of the techniques 
can only be implemented with Exim. (I'm not sure if that's true, as I 
haven't tried implementing these ideas in Postfix yet, but I had 
implemented some of the ideas he mentions in my custom SMTP proxy.)

There was one non-Exim specific technique listed that I hadn't seen 
mentioned elsewhere:

   A lot of spammers target the highest MX record instead of sending to
   the lowest one like they are supposed to. [...] So - my simple
   solution is that on my highest MX record I have a dummy server that
   returns a temporary error on EVERYTHING that connects to it.

I'm aware of that observation, but this was the first time I'd heard of 
someone taking advantage of it. Similar to graylisting, but with fewer 
side effects.


   This server is actually on the same computer as my lowest MX record
   so it is never really up when the main one isn't and in theory
   should never get a legitimate email.

Tough to implement if you've only got one static IP.


   Of the spam this rejects - it's 100% accurate.

Wonder if he has the logs to prove that? :-)

  -Tom


-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/