[ale] OT: SPAM is winning

Bob Toxen transam at verysecurelinux.com
Sun Jul 1 15:48:25 EDT 2007

The Enterprise-grade commercial spam filter I developed is doing an
excellent job of blocking almost all spam.  One of its key features
is spoofed email detection, where we determine that the From address
is bogus.  If it is, we reject it as spam.  This works even if there is
no content to search because the spam is in an image attachment.

One of the spoof filters is the use of Sender Policy Framework (SPF),
a way that one can determine with certainty if email claiming to be
from a domain, such as aol.com, really did come from that domain.  Our
spam filter is listed on SPF's http://www.openspf.org/Implementations
page.  Note that you should add the appropriate DNS records to your
domain so that recipients using SPF can determine if someone is spoofing
claiming to send others email from your domain.

There also is a feature that detects email claiming to be bounced email
that did not originate from our site.  This works against spammers who
deliver spam in what claims to be bounced email.  It also blocks email
where a spammer sends email to a third party claiming to be from our

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

On Sat, Jun 30, 2007 at 07:32:50PM -0400, Scott Castaline wrote:
> I have suddenly started receiving an increase of SPAM. I thought I had 
> finally got the situation under control, but now I'm receiving what 
> looks like scanned in images as the message and the attachments are 
> PDFs. To make it worse they seem to be cloning legitament email 
> addresses, so I'll initially think they are legit, never mind my 
> filters. Some of the email addresses are ones from people that I know 
> but when I dig through the header in a text editor it definitely is not 
> coming from who it says it is. Anybody else getting this? Anyone know of 
> a way around this?
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list