On Friday 06 February 2004 08:32, Ewan Davis wrote:
> Having recently upgraded to the latest (subscription) version of Spamnet I
> have been getting false positives effecting email sent only to me (which
> means that cloudmark must have extended its detection methods)
Apropos...
Spam is bad, and increasing.
Soon most people will be receiving only mail that gets through a spam filter.
Many of them, as usual, will not know this, many more will have no idea how to
whitelist their GP's Practice email address.
SpamAssassin is one of the leading spam blocking systems. I chose it. You may
therefore conclude that if it is not the best, it is near enough.
Mozilla has built in similar features.
The standard tests in SpamAssassin include these, I'll explain them simply
below:-
header FROM_ENDS_IN_NUMSFrom =~ /\d\d\@/
describe FROM_ENDS_IN_NUMSFrom: ends in numbers
header FROM_STARTS_WITH_NUMSFrom =~ /^\d\d/
describe FROM_STARTS_WITH_NUMSFrom: starts with nums
header FROM_HAS_MIXED_NUMSFrom =~ /\d+[a-z]+\d+\S*\@/i
describe FROM_HAS_MIXED_NUMSFrom: contains numbers mixed in with letters
# Faked addresses tend to come from big public sites. Stats show that
# 5 digits is enough to get a 1.0 s/o ratio; 4 is too low (probably due
# to folks called "[log in to unmask]" for example).
header ADDR_NUMS_AT_BIGSITEALL =~ /^(To|From|Cc|Reply-To):\s*describe
ADDR_NUMS_AT_BIGSITEUses an address with lots of numbers, at a big ISP
In other words, an email address which has a load of numbers in it is thought
by much of th eclever world to be a spammer.
So an increasing number of people outside the NHS Net will not get your NHS
emails...
Unless:-
you do as I do, and get an alias - CNAME - in the DNS for
homefieldsurgery.nhs.uk (pick your equivalent) which will work nicely...
we get into the SA set of rules one that recognises the NHS emails and rates
them les spammy.
But there is a problem with that, which is that it will leak, and the NHS will
then be Joe-Jobbed, IE spammers will forge the @nhs.uk domain as where their
penis extenders come from, which will be inconvenient to all.
Fortuantely, the Open Source community has generated an antidote to this -
SPF.
Sender Permitted From is a simple addition to the DNS of a TXT record that
contains a note of which mailservers mail from a domain will come from.
Therefore any other service receiving mail that purports to be from the NHS
can look up automagically the SPF entry on the DNS for the NHS, and simply
determine whether the IP address the mail is actually presented from is in
fact one of the NHS' mail senders.
AoL just set up SPF becuase they are forever being forged.
So, talk to your techies, and tell them SPF needs to be set up.
Here endeth the lesson
--
Adrian Midgley (Linux desktop)
GP, Exeter
http://www.defoam.net/
|