Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Blacklist cache
  FAQ FAQ  Forum Search   Register Register  Login Login

Blacklist cache

 Post Reply Post Reply
Author
WebGuyz View Drop Down
Senior Member
Senior Member


Joined: 09 May 2005
Location: United States
Status: Offline
Points: 348
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebGuyz Quote  Post ReplyReply Direct Link To This Post Topic: Blacklist cache
    Posted: 29 March 2007 at 7:17pm

Seems to me that the sneaky spammers are getting around getting caught in the blacklist cache by rotating their spam amongst all the PC's in their botnet. Since it takes a long time to go through thousands of PC's (and their unique IP's) that some herders have, a lot of attempts expire and the spam keeps pounding away. Gone are the days when a dictionary attack came from a single IP and it was easy to detect and the blacklist cache effectively stopped it.

I know greylisting has been discussed before and rejected with the blacklist cache being the response to the greylisting request. And I even wholeheartedly agreed with the decision.

But with the change in tactics the question of greylisting needs to be brought up again. Anyone feel the same or is it just me beating that same old dead horse.

http://www.webguyz.net
Back to Top
Web123 View Drop Down
Newbie
Newbie
Avatar

Joined: 26 January 2005
Location: Finland
Status: Offline
Points: 31
Post Options Post Options   Thanks (0) Thanks(0)   Quote Web123 Quote  Post ReplyReply Direct Link To This Post Posted: 30 March 2007 at 12:28am

Would love to be able to offer Greylisting as option for my customers Think it would be one "great filter" among others is SF

/Kim

Back to Top
mbrusl View Drop Down
Groupie
Groupie
Avatar

Joined: 05 December 2005
Location: Thunder Bay Ont
Status: Offline
Points: 61
Post Options Post Options   Thanks (0) Thanks(0)   Quote mbrusl Quote  Post ReplyReply Direct Link To This Post Posted: 30 March 2007 at 2:39pm
I myself are already greylisting IPs.  Even though its not the same as doing it thru SF, I use the firewall to accomplish the same thing.  If anyone want to know what the IPs are, feel free to visit my site at www.spacequad.com


Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4066
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 30 March 2007 at 4:40pm
Once SpamFilter Enterprise is released officially within the next few days, we'll start working on two new filters which we hope will address the issue of spammers using "zombie" machines. As WebGuyz pointed out, often times the same spam is sent from a multitude of different machines. We're in the initial stages of developing a huge database, similar to the SFDB, that will contain samples of both content and images, that will be used to help i the fight of these new types of attacks.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
WebGuyz View Drop Down
Senior Member
Senior Member


Joined: 09 May 2005
Location: United States
Status: Offline
Points: 348
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebGuyz Quote  Post ReplyReply Direct Link To This Post Posted: 30 March 2007 at 5:11pm

Is this kind of like 'dna fingerprinting' I see other spam filters adverstising?

Sound like it might be really great, but rather complex. In the SmarterMail forums (thats the mail server package I use) they are raving about greylisting really cutting down on spam, but of course, I do all my spam filtering thru SFI and can't really tell how good a job it does.

 

http://www.webguyz.net
Back to Top
caratking View Drop Down
Groupie
Groupie


Joined: 13 March 2006
Location: United States
Status: Offline
Points: 79
Post Options Post Options   Thanks (0) Thanks(0)   Quote caratking Quote  Post ReplyReply Direct Link To This Post Posted: 01 April 2007 at 9:15am
Originally posted by LogSat LogSat wrote:

We're in the initial stages of developing a huge database, similar to the SFDB, that will contain samples of both content and images, that will be used to help i the fight of these new types of attacks.


That sounds exciting, DNA for every SPAM message and SPAM image.
Back to Top
WebGuyz View Drop Down
Senior Member
Senior Member


Joined: 09 May 2005
Location: United States
Status: Offline
Points: 348
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebGuyz Quote  Post ReplyReply Direct Link To This Post Posted: 14 April 2007 at 4:30pm

Roberto,

   As I was sitting there writing yet another filter today for some persistent spam I realized that majority of the spam fighting we do is reactive, we deal with it after it hits the mailbox by writing filters or using Surbl lists, etc. Even the new db system your talking about has to spend cpu cycles and other resources reading the spam in and then figuring out if its spam or not.

  Greylisting works on the assumption all mail is spam unless the same attempt is made a second or third time, and the belief that most spam is fire and forget coming from a large population of zombies PC's in a botnet that does not retry a failed message send. It builds a whitelist of good ip's and never again fails messages coming from that combo of ip/sender/recipient.

  I feel that this feature would be more desireable in the short term to help fight these spammer turds.

  Anyone else feel as strongly as I do?

 

http://www.webguyz.net
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.094 seconds.