turetzsr Posted October 27, 2004 Share Posted October 27, 2004 ...Rats! My employer's e-mail admins implemented server-based spam filtering and it's working so well that my spams are down now from about 50-100 or so a day down to 10 or so a day! :angry: <grr> ("Angry" because now I don't get to submit spam to SpamCop as much) ...However, I noticed spam from some dynamic IP addresses was still slipping through, so I wrote up a Help Request: Numerous spam are making it to my Inbox that have Internet Header "From:" entries with IP addresses that resolve to domain names with the pattern <1st-digit>-<2nd-digit>-<3rd-digit>-<4th-digit>.dynamic.tfn.net.tw, such as 61-31-138-126.dynamic.tfn.net.tw for IP 61.31.138.126. Can the filtering be modified to block e-mail from such sources?I received this response from one of the admins:We are investigating whether or not it is possible to block the spam you documented in your request. Blocking, if it is done at all, must be done so as to block the entire domain. That is, any email address in the domain. To do that we must determine if any valid email is coming from that source. If so, then we cannot block it. I've passed your request along to the server team in <some city> who maintain spam filtering. As soon as I hear back from them I'll let you know. then the following:They tell me that they do not want to block that entire domain. As for the advanced spam filtering, that works from a list of known spammers which is provided from outside of Unisys (I'm not sure who provides it) and cannot be modified manually. The problem obviously is that the spammers change their addresses as soon as identified and the cycle never ends.to which I repliedNot surprising that they do not want to block the entire domain because, as I wrote, a lot of spam comes from valid domains with compromised machines, especially dynamic IPs. If we (<our company>) are really serious about blocking spam, I would think we would be using IP-based rules, not domain-based rules. See, for example, https://www.umn.edu/dirtools/etc/blockreasons.html (search for "dynamic") and http://oregonstate.edu/net/services/mail/spam/ (search for "dialup"). ...Are there other strong arguments I might have sent along? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.