Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

Fighting email spam and anti-UBE pointers


[ Usenet FAQs | Web FAQs | Documents | RFC Index | Business Photos and Profiles ]
Archive-name: mail/anti-ube-pointer
Posting-Frequency: 2 times a month
Maintainer: Jari Aalto A T cante net

See reader questions & answers on this topic! - Help others by sharing your knowledge
Announcement: "Bounces, Challenge-response systems, MTA, Bayesian tools (article pointer)"

    Availability

        FAQ archive is at http://www.faqs.org/faqs/

        This message is an excerpt from bigger from Procmail Module
	Library project's README.html document titled "Procmail
	strategies against spam." available at
	http://pm-lib.sourceforge.net/

	The key points discussed in the document:

	- Auto-replying or bouncing is considered a bad tactic
	- MTA rejects can be abused and system administrators should
	  check their setup at least in regard to viruses.
	- Challenge-Response system is based on false assumption that sender's
	  address can be used for authentication. It cannot and thus any C-R
	  system will contribute nothing else by amplifying the spam problem.

          See picture http://pm-lib.sourceforge.net/pic/cr-system-joe-job.png

	What should be done then?

	- Bayesian tools are non-intrusive, harm no third parties 
	  (in contrast to C-R), are easy to use and provide a good shelter.
	- Battery of bayesian tools give even better shield due to
	  each program using a slightly different algorithm.

	Many clarifying pictures are included:

	- How address harvesting works 
	- How viruses should not be treated (at MTA level)
	- Challenge-Response based authentication (overview)
	- Challenge-Response system causing "Joe-Job"
	- How MTA level UBE prevention works
	- Procmail with battery of statistical tools

	Table of contents:

	1.0 Thoughts about increasing spam annoyance
	    1.1 Bouncing messages do no good
	    1.2 Rule based systems are not the solution
	    1.3 Challenge-Response systems make matters worse
	       1.3.1 Challenge-Response is not a doorbell but a  
		     gun shooting decoys
	       1.3.2 Questioning Challenge-Response systems implementations
	       1.3.3 Summary - What are the effects of Challenge-Response 
		     systems
	    1.4 Spam appearing in your yard - a story

	2.0 A  lightweight UBE block system with pure procmail
	    2.1 Suitable for accounts which ...
	    2.2 Where to put "pure procmail" UBE checks?
	    2.3 Using Procmail Module Library to fight spam

	3.0 A heavyweight UBE blocking system
	    3.1 Advice for Debian Exim 4 mail system administrator
	    3.2 Advice for the normal account
	    3.3 Configuring  Bayesian programs
	    3.4 A heavyweight spam catch setup using procmail

    Some terminology

        ._UBE_ = Unsolicited Bulk Email
        ._UCE_ = (subset of UBE) Unsolicited Commercial Email

        _Spam_ = Spam describes a particular kind of Usenet posting (and
        canned spiced ham), but is now often used to describe many kinds of
        inappropriate activities, including some email-related events. It
        is technically incorrect to use "spam" to describe email abuse,
        although attempting to correct the practice would amount to tilting
        at windmills.

        _Spam_ = definition by Erik Beckjord. "Some people decide that Spam
        is anything you decide you want to ban if you can't handle the
        intellectual load on a list." Remember, not to be confused with
        real spam, which is unwanted bulk mail.

        People are nowadays seeking a cure which will stop
        or handle UBE. That can be easily done with procmail (under your
        control) and with sendmail (by your sysadm). In order to select the
        right strategy against UBE messages, you should read this section
        and then decide how you will be using your procmail to deal with it.


User Contributions:

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA


[ Usenet FAQs | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
<jari.aalto AT poboxes.com> (Jari Aalto+mail.procmail)





Last Update March 27 2014 @ 02:11 PM