[ale] OT: SPAM is winning

Jeff Lightner jlightner at water.com
Mon Jul 2 16:32:56 EDT 2007 

I saw this message this morning as well.  You're not spamming us
yourself are you Bob?  :-)

-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Bob
To: ale at ale.org
Toxen
Sent: Sunday, July 01, 2007 3:48 PM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] OT: SPAM is winning

The Enterprise-grade commercial spam filter I developed is doing an
excellent job of blocking almost all spam.  One of its key features
is spoofed email detection, where we determine that the From address
is bogus.  If it is, we reject it as spam.  This works even if there is
no content to search because the spam is in an image attachment.

One of the spoof filters is the use of Sender Policy Framework (SPF),
a way that one can determine with certainty if email claiming to be
from a domain, such as aol.com, really did come from that domain.  Our
spam filter is listed on SPF's http://www.openspf.org/Implementations
page.  Note that you should add the appropriate DNS records to your
domain so that recipients using SPF can determine if someone is spoofing
claiming to send others email from your domain.

There also is a feature that detects email claiming to be bounced email
that did not originate from our site.  This works against spammers who
deliver spam in what claims to be bounced email.  It also blocks email
where a spammer sends email to a third party claiming to be from our
domain.

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security
consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux
Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since
1990.

On Sat, Jun 30, 2007 at 07:32:50PM -0400, Scott Castaline wrote:
> I have suddenly started receiving an increase of SPAM. I thought I had

> finally got the situation under control, but now I'm receiving what 
> looks like scanned in images as the message and the attachments are 
> PDFs. To make it worse they seem to be cloning legitament email 
> addresses, so I'll initially think they are legit, never mind my 
> filters. Some of the email addresses are ones from people that I know 
> but when I dig through the header in a text editor it definitely is
not 
> coming from who it says it is. Anybody else getting this? Anyone know
of 
> a way around this?
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list