[imp] Various meaningful IMP default settings
Daniel Vollbrecht
d.vollbrecht at scram.de
Mon Dec 22 16:37:00 UTC 2014
Am 16.12.14 um 21:28 schrieb lst_hoe02 at kwsoft.de:
> People who are able take care of the real mail address are normaly aware
> that the mailaddress is as easy to spoof as the real name. Without
> digital signatures you can not really trust a mailaddress at all. You
> have to verify by content then or by sideband eg. call the sender by phone.
Fully agree, but it is no plausible argument when it comes to a reason
for just hiding it away. Especially as every mail client is able to show
the From: email address which I consider as industry standard.
> Nearly all Spams arriving by the big spam farms with throw-away domains
> are perfectly DKIM signed, so no, it is not a problem of "hacked"
How do you know what kind of spam I get? ;-)
> accounts. If you still got spam *without* DKIM signature you should use
> greylisting to keep away the dump spam-bots as they are the only ones
We deploy everything: grey-, black-, whitelisting, content filter etc.
Fortunately, the ham/spam ratio is multiple dimensions of the ratio just
a few years ago – same deployed mechanisms. Back then, there were 10k's
of spam for one ham message, now it's just a few spams.
I still see around 40 % of non-DKIMed spam on the servers. If you have a
solution to eliminate that, I would be glad to know.
And your explanation lacks a major point: If spammers can deploy a
nontrivial mechanism like DKIM, then they easily can circumvent
greylisting - just send it again after 300 seconds. The latter costs
much less than having a proper DKIM setup, especially since they use bot
nets and cheap virtual nodes at a large scale.
> not using DKIM. And no, content based filtering is not a option for
> people who actually care about email.
Do you just use greylisting and no further server side filtering? All
just by mailbox individual learning algorithms?
I claim to actually care about email *and* use content filtering. I only
had one false positive in many years which would have been a very grave
issue if not read. Fortunately, it is easy to regularly have a look into
the spam folder. Nothing gets deleted. Saves a lot of time and once a
week (or month at the moment is sufficient) a quick look into 'spam'
does the job.
And if you care about email, you should know that greylisting might also
be fault-prone. Just have a look at the whitelist that comes with
postgrey, there are lines like 'no retry, reported by' en masse. Even
some reported fairly recent in 2011.
I'm open to hear about alternative solutions. :-)
Season's Greetings
Daniel
More information about the imp
mailing list