Dspam
Dan Hollis
spamtrap71892316634 at ANIME.NET
Tue Feb 24 22:28:22 GMT 2004
On Tue, 24 Feb 2004, Michele Neylon :: Blacknight Solutions wrote:
> So you have three problems (in my rather simplistic view)
> - 1 Source IP - almost impossible to forge, but could be anywhere in the world
> - 2 Source address/domain/hostname - meaningless
> - 3 URLs in the text/body of the email -
> - 4 The *real* hostnames that 3 refers to
> 1 - is easy enough to track/block
> 2 - is meaningless
> 3 - awkward. Reverse IP lookups on each one???? Sounds painful
> 4 - unless you follow the URL in 3 you have no way of knowing what it is
Just because its not perfect doesnt mean its useless.
Its certainly better than a lot of the filtering techniques out there, and
should be a lot more effective.
Reverse lookups for #3? No. *forward* lookups. Eg
http://www.grblsndktqer.biz/ in the body of the spam resolves to an IP in
china. So you block it.
-Dan
More information about the MailScanner
mailing list