Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - New User - One question
  FAQ FAQ  Forum Search   Register Register  Login Login

New User - One question
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
IKILLSPAM1 View Drop Down
Groupie
Groupie


Joined: 02 May 2007
Location: United States
Status: Offline
Points: 70 		Post Options Post Options   Thanks (0) Thanks(0)   Quote IKILLSPAM1 Quote  Post ReplyReply Direct Link To This Post Topic: New User - One question
    Posted: 02 May 2007 at 5:08pm

Hey people, I started this out by looking for a way to get good reporting on what emails I was blocking via blacklists etc.. And when that didnt work, I figured maybe a front end application which passed the email through while doing some basic filtering, would then provide me with good stats.. Its weird but somehow I came across your product and have been test driving it on a few domains I host. I must say Im impressed. The quarantine table alone gives me exactly the data I needed to report on. We've been trying to extract that data from our maillogs and its been a pain trying to get the developers going on it.

Anyways, how does the SFDB database work? We get ALOT of spam and block alot. Do I have to do anything to offer up IPs to be included in this DB or are you somehow pulling them from me?

Cant think of anything else right now.


THanks
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4106 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 02 May 2007 at 8:06pm
The evaluation version of SpamFilter only queries the SFDB database, we do not allow it to report any data to it. Only licensed copies of SpamFilter are able to update the SFDB. In short, it works as follows:

Everytime an IP sends a spam email to SpamFilter, SpamFilter will report that IP to our SFDB in realtime.

When we receive a certain number of reports from several different companies running SpamFilter within a short period of time, at that point the IP will be blacklisted. The IP is automatically removed from the SFDB within 24 hours as soon as the malicious activity reported has either stopped or fell below our thresholds.

Since we must receive multiple reports from multiple of our "sensors" throughout the internet in a short period of time, and all happens in realtime, the SFDB filter is extremely accurate in listing only IPs that are indeed sending spam.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
IKILLSPAM1 View Drop Down
Groupie
Groupie


Joined: 02 May 2007
Location: United States
Status: Offline
Points: 70 		Post Options Post Options   Thanks (0) Thanks(0)   Quote IKILLSPAM1 Quote  Post ReplyReply Direct Link To This Post Posted: 03 May 2007 at 10:51am

"Everytime an IP sends a spam email to SpamFilter, SpamFilter will report that IP to our SFDB in realtime."

So if I have it set SFDB checks for IPs blocked by all filters, does that mean if an email got blocked by SF due to it being on a dns blacklist I am using, then that IP also gets added to the SFDB? Wouldnt that be doubling the effort?

What about when I block an email because its in China? Does that IP get added to the SFDB?

Sorry if these sound like stupid questions, just want to be clear on it. Statisticly, the SFDB is blocking the most emails so thats a good thing :)
Back to Top
IKILLSPAM1 View Drop Down
Groupie
Groupie


Joined: 02 May 2007
Location: United States
Status: Offline
Points: 70 		Post Options Post Options   Thanks (0) Thanks(0)   Quote IKILLSPAM1 Quote  Post ReplyReply Direct Link To This Post Posted: 03 May 2007 at 10:54am

Also, you said it happens in realtime, so SF somehow over the internet, updates the SFDB? How exactly is that taking place? Sounds almost like you could have a copy of the email transaction if you wanted to.

Thanks again.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4106 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 03 May 2007 at 4:32pm
Actually we don't have, and neither want a copyu of the email! All SpamFilter reports is the IP being blocked, and the ID number of the filter that caused the blocking. That's all we need to make everything works. Yes, this happens in realtime, the counter you see on our website navigatoin bar is the current number of blocked IPs at that time.

Originally posted by IKILLSPAM1 IKILLSPAM1 wrote:


So if I have it set SFDB checks for IPs blocked by all filters, does that mean if an email got blocked by SF due to it being on a dns blacklist I am using, then that IP also gets added to the SFDB? Wouldnt that be doubling the effort

Not really. Different companies can be using different blacklists first of all. Furthermore, the SFDB is much more dynamic than blacklists. If the IP stops sending spam, it's removed from the SFDB within hours, not days.

Originally posted by IKILLSPAM1 IKILLSPAM1 wrote:

What about when I block an email because its in China? Does that IP get added to the SFDB?

No. You would just be adding one single report for that IP address. If other SpamFilter installations throughout the world also receive email from that IP, and their filters (not the SFDB, as it's not blacklisted there yet...) *also* tag the email as spam, then yes, the IP will get listed in the SFDB if there's enough reports we receive in a short period of time.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.211 seconds.

Copyright (c)2002-2025 LogSat Software LLC - Sales: sales@LogSat.com
Contact Us