1 |
Hi! |
2 |
|
3 |
To everybody in this thread who said "C/R is bad idea": |
4 |
|
5 |
While qconfirm and TMDA will work in most cases, I've read C/R critique |
6 |
here http://en.wikipedia.org/wiki/Challenge-response_spam_filtering and |
7 |
agree it's bad idea in general. I unlike tools like SpamAssassin because |
8 |
if there just a "X% chance" something is spam, then it's mean there always |
9 |
"Y% chance" I'll lose non-spam email. C/R systems have same issues, but |
10 |
it's harder to find out that fact. |
11 |
|
12 |
On Wed, Sep 24, 2008 at 05:40:50PM +0200, Matthias Bethke wrote: |
13 |
> What you can easily do, in order of personal (well, I don't run my own |
14 |
> mail server any more) preference: |
15 |
> - block dialup ranges |
16 |
> - use IP blacklists like SORBS |
17 |
> - use SpamAssassin, possibly with more blacklists like SURBL |
18 |
> - check DomainKeys and/or SPF headers for scoring |
19 |
> - use greylisting |
20 |
|
21 |
I'd like to start from most soft algorithm realized in |
22 |
http://www.datenklause.de/en/software/qgreylistrbl.html |
23 |
|
24 |
It's do greylisting, but not for everybody - it's do it only for hosts |
25 |
which are either blacklisted in RBL or looks like dialup IPs (using regex). |
26 |
This way even hosts blacklisted in RBL will be able to send me email, but |
27 |
only it they have real email queue. This is important for me, because we |
28 |
all fall into RBL, without being spammers, because of different reasons. |
29 |
|
30 |
I've tested this tool, and it pass just about 3 spam email in last 24 hours. |
31 |
It's not a problem for me to kill 3 spam emails per day if I've assurance: |
32 |
_all_ non-spam emails will be delivered to me. |
33 |
|
34 |
|
35 |
P.S. While I'd like this tool's algorithm, I don't really like it's |
36 |
realization - I think it should be much simpler and smaller. So I'll try |
37 |
to rewrite it in that way (also in Perl). And prepare ebuild for |
38 |
installing it. |
39 |
|
40 |
-- |
41 |
WBR, Alex. |