[imp] Various meaningful IMP default settings

Daniel Vollbrecht d.vollbrecht at scram.de
Mon Dec 22 16:37:00 UTC 2014 

Am 16.12.14 um 21:28 schrieb lst_hoe02 at kwsoft.de:
> People who are able take care of the real mail address are normaly aware
> that the mailaddress is as easy to spoof as the real name. Without
> digital signatures you can not really trust a mailaddress at all. You
> have to verify by content then or by sideband eg. call the sender by phone.

Fully agree, but it is no plausible argument when it comes to a reason 
for just hiding it away. Especially as every mail client is able to show 
the From: email address which I consider as industry standard.

> Nearly all Spams arriving by the big spam farms with throw-away domains
> are perfectly DKIM signed, so no, it is not a problem of "hacked"

How do you know what kind of spam I get? ;-)

> accounts. If you still got spam *without* DKIM signature you should use
> greylisting to keep away the dump spam-bots as they are the only ones

We deploy everything: grey-, black-, whitelisting, content filter etc. 
Fortunately, the ham/spam ratio is multiple dimensions of the ratio just 
a few years ago – same deployed mechanisms. Back then, there were 10k's 
of spam for one ham message, now it's just a few spams.

I still see around 40 % of non-DKIMed spam on the servers. If you have a 
solution to eliminate that, I would be glad to know.

And your explanation lacks a major point: If spammers can deploy a 
nontrivial mechanism like DKIM, then they easily can circumvent 
greylisting - just send it again after 300 seconds. The latter costs 
much less than having a proper DKIM setup, especially since they use bot 
nets and cheap virtual nodes at a large scale.

 > not using DKIM. And no, content based filtering is not a option for
 > people who actually care about email.

Do you just use greylisting and no further server side filtering? All 
just by mailbox individual learning algorithms?

I claim to actually care about email *and* use content filtering. I only 
had one false positive in many years which would have been a very grave 
issue if not read. Fortunately, it is easy to regularly have a look into 
the spam folder. Nothing gets deleted. Saves a lot of time and once a 
week (or month at the moment is sufficient) a quick look into 'spam' 
does the job.

And if you care about email, you should know that greylisting might also 
be fault-prone. Just have a look at the whitelist that comes with 
postgrey, there are lines like 'no retry, reported by' en masse. Even 
some reported fairly recent in 2011.

I'm open to hear about alternative solutions. :-)


Season's Greetings

Daniel

More information about the imp mailing list