Spam Filter

Craig Daters craig at westpress.com
Thu Feb 26 11:07:31 UTC 2004 

Hello Barry,

I weighed this decision heavily before I implemented it on three test 
accounts (the most spammed accounts) and we surveyed our clientele 
beforehand. Everyone surveyed offered that they would not have a 
problem confirming their email in this manner.

Those employees who have this active on their accounts (not everyone 
does) submitted to me before hand, a list of individuals who should 
be on their whitelists from the get-go. Then these employees where 
educated on how to use this 'feature' (for lack of a better word) and 
monitor their 'quarantine' appropriately.

The nature of our business is such that our employees have an idea of 
when to expect email, and from whom. In fact, I have people in my 
office more asking if there are any problems with the mail server 
(because they are expecting an email, and it hasn't arrived yet) than 
any other problem. And this was a problem when I was using RBL's. To 
many false positives.

Anyway, if an employee using ASK subscribes to a mail list, they know 
to add it to their 'whitelist' before hand, so the scenerio you 
describe below should never happen. Should they forget, then I have 
set up a cron job to process their 'quarantine' each morning and send 
them a report where they will most likely catch their mistake and fix 
it.

We have been running this set up now for a couple of months, and I 
have yet to see any problems creep up. Spam on the three accounts 
this is set up on has gone to 0.

>On Wednesday 25 February 2004 05:33 pm, Craig Daters wrote:
>>  http://www.paganini.net/ask - Active Spam Killer. I added this as a
>>  final catch all for spam that does end up getting through (though
>>  this is rare) to the user. This is a challenge/respond system where
>>  senders that are not already on a whitelist must 'validate' simply by
>>  replying to a confirmation message. Works much like a mail list does,
>>  and end users can configure/manage everything through email once it
>>  is setup.
>
>You were doing fine up to this point.  This step, however, can cause more
>trouble than its worth.  If a user signs up for a mailing list which requires
>a confirmation e-mail (your challenge/response) then the server will get an
>email from the user requesting confirmation the it sent the email.  Normally,
>this gets sent to the bit bucket and the user goes along without knowledge
>that there's a problem.
>
>I have a site which does the confirmation thing.  I set it up so that odd-ball
>email is sent to me.  Frankly, I refuse to reply to the challenges.  I have
>enough to do without this added step.  If the user sends me email asking why
>s/he can't create an account or join my lists I will tell them (and reply to
>the irritating challenge so that my note gets through) but I will not set up
>my server to do it.
>
>Just my two cents.
>
>Barry

-- 
--

Craig Daters (craig at westpress.com)
Systems Administrator
West Press Printing
1663 West Grant Road
Tucson, Arizona 85745-1433

Tel: 520-624-4939
Fax: 520-624-2715

www.westpress.com

--

More information about the redhat-list mailing list