On 24.08.2010 22:37, Duaine Hechler wrote:
Because I have a business and don't want to take the chance of deleting something I may want to get, I have been using the IP address as well as a few keywords to build my own spam control - so far blocking about 99%.
I've tried googling many ways and not getting anything I'm looking for.
However, is there any tell tale signs in the email headers to look for ?
Any website that tells how to block spam using info from the headers ?
Any such Website would make the spam problem even worse. You should only block spam directly on the first server that receives mails for a domain. If you reject the mail later you bounce the mail to the sender address. Unfortunately, in case of spam the sender address is almost always falsified, so you bounce the mail to the innocent third party. This case of spam is called backscatter. In other words, your own server turns into a source of spam and will soon be blacklisted. So, if you do not control the mx of your domain, please do not reject the mail. For the mx of the domain there are a lot of measures to cut spam down. If you use Postfix (the default MTA on opensuse systems) you can use header_checks to reject mails that match certain expressions. Unfortunately, spam is changing so fast that it is too much trouble to update the header_checks every day. Usually a spam wave lasts for 4-12 hours, so when you have analyzed the recent spam and updated the header_checks, the spam run is already over and the spams don't get caught any more. Even worse is the danger of false positives. You reject innocent mails that match your quickly written rule. Since you don't read the mail you can't even check if the mail was actually a spam or not. That is the reason why it is much safer to add your own patterns to spamassassin. That way you can safely add/reduce points of the score. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org