Blacklist cache
Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6014
Printed Date: 02 June 2025 at 12:46pm
Topic: Blacklist cache
Posted By: WebGuyz
Subject: Blacklist cache
Date Posted: 29 March 2007 at 7:17pm
|
Seems to me that the sneaky spammers are getting around getting caught in the blacklist cache by rotating their spam amongst all the PC's in their botnet. Since it takes a long time to go through thousands of PC's (and their unique IP's) that some herders have, a lot of attempts expire and the spam keeps pounding away. Gone are the days when a dictionary attack came from a single IP and it was easy to detect and the blacklist cache effectively stopped it. I know greylisting has been discussed before and rejected with the blacklist cache being the response to the greylisting request. And I even wholeheartedly agreed with the decision. But with the change in tactics the question of greylisting needs to be brought up again. Anyone feel the same or is it just me beating that same old dead horse. ------------- http://www.webguyz.net |
Replies:
Posted By: Web123
Date Posted: 30 March 2007 at 12:28am
|
Would love to be able to offer Greylisting as option for my customers /Kim |
Think it would be one "great filter" among others is SFPosted By: mbrusl
Date Posted: 30 March 2007 at 2:39pm
|
I myself are already greylisting IPs. Even though its not the same as doing it thru SF, I use the firewall to accomplish the same thing. If anyone want to know what the IPs are, feel free to visit my site at www.spacequad.com |
Posted By: LogSat
Date Posted: 30 March 2007 at 4:40pm
|
Once SpamFilter Enterprise is released officially within the next few days, we'll start working on two new filters which we hope will address the issue of spammers using "zombie" machines. As WebGuyz pointed out, often times the same spam is sent from a multitude of different machines. We're in the initial stages of developing a huge database, similar to the SFDB, that will contain samples of both content and images, that will be used to help i the fight of these new types of attacks.
------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: WebGuyz
Date Posted: 30 March 2007 at 5:11pm
|
Is this kind of like 'dna fingerprinting' I see other spam filters adverstising? Sound like it might be really great, but rather complex. In the SmarterMail forums (thats the mail server package I use) they are raving about greylisting really cutting down on spam, but of course, I do all my spam filtering thru SFI and can't really tell how good a job it does.
------------- http://www.webguyz.net |
Posted By: caratking
Date Posted: 01 April 2007 at 9:15am
That sounds exciting, DNA for every SPAM message and SPAM image. |
LogSat wrote:Posted By: WebGuyz
Date Posted: 14 April 2007 at 4:30pm
|
Roberto, As I was sitting there writing yet another filter today for some persistent spam I realized that majority of the spam fighting we do is reactive, we deal with it after it hits the mailbox by writing filters or using Surbl lists, etc. Even the new db system your talking about has to spend cpu cycles and other resources reading the spam in and then figuring out if its spam or not. Greylisting works on the assumption all mail is spam unless the same attempt is made a second or third time, and the belief that most spam is fire and forget coming from a large population of zombies PC's in a botnet that does not retry a failed message send. It builds a whitelist of good ip's and never again fails messages coming from that combo of ip/sender/recipient. I feel that this feature would be more desireable in the short term to help fight these spammer turds. Anyone else feel as strongly as I do?
------------- http://www.webguyz.net |
