On Sunday, January 04, 2004 4:43 PM [GMT-5=EST], Roger Marquis <marquis@roble.com> wrote:
If UCE happens to contain a forged sender of roble.com, would you consider that even remotely useful in a filter?
Yes. Roble manages several email gateways for companies other than ourselves and we've found that rejecting invalid domains and senders is an indispensable component of spam filtering. Not only is it effective it is also 100% false-positive proof (so far).
But, it has to be done carefully. Our RHSBL (part of the AHBL) is based on this idea - but, we are extremely careful in what we block exactly. A single wrong block (aol.com for example) could have really bad side affects for anyone using the list. As such, the best way to use a domain style block is to try and only use it on the mainsleeze spammers for example, that spam from their (many) domains they own. We had to do this with topic's spammy domains in order to allow our users to keep getting messages from mailing lists hosted off of topica's main domain. Each type of blacklisting has to be carefully thought out, and implemented correctly. A combination of a DNSbl, a RHSbl, a whitelist, and something similar to spamassassin gives you the flexability to block alot of spam without needing to block everything outright. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The AHBL - http://www.ahbl.org