Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'An AppleScript rule to check Mail against blackhole lists' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
An AppleScript rule to check Mail against blackhole lists
Authored by: bluehz on May 27, '03 11:00:24AM

The only problem I see with this hint is those "blacklist" services and open relay lists. They are not always accurate and impossible to get your up removed from. A good example. I have my own mailserver running on our LAN, its on a cable connection (yeah I know...) and the because so many people on these cable services have poorly configured mailserver, don't know what they are doing or in general ar just idiots (sorry - venting) - those blacklists and open relay lists include WHOLE BLOCKS of IP's owned by cable companies. So because of the ills of many, I am blacklisted. This is clearly evident when you try to send something to someone on Earthlink - they use the blacklist services and will return mail undelivered if you try to send to someone on Earthling. If you must use spam control - I recommend taking a whitelisting strategy over blacklisting. I recommend setting up TMDA - its a radical approach to spam control - but very effective. TMDA uses whitelisting and tagged messages. From the TMDA site:

* TMDA's Whitelist-centric Strategy   ``Deny everything that is not explicitly allowed''
* Traditional Blacklist-centric Strategy   ``Allow everything that is not explicitly denied''

http://tmda.net



[ Reply to This | # ]
An AppleScript rule to check Mail against blackhole lists
Authored by: msk on May 27, '03 03:53:24PM

The posted AppleScript instructions are for a whitelist based system. After you run the email through the whitelist you got to do something with the stuff that does not match the whitelist. You either trash it, look it up in a black list, or send a challenge response (the latter can be implemented directly in OS X Mail or Eudora just using the filters).

However, whitelists are of limited value, spammers already sort email addresses by domain and use related email addresses as the from address to bypass whitelists--ineffective if your domain is yahoo or aol but if everyone in your domain is on your whitelist you need a fancier whitelist system then just depending on the from address. You need a system that parses the headers, remembers what servers and message-ids each friend generates.

Also, a system like TMDA requires admin access to the server and not every server has the software available to implement TMDA.



[ Reply to This | # ]
An AppleScript rule to check Mail against blackhole lists
Authored by: DaveCC on May 27, '03 09:42:08PM

(Long Post/Rant)
I am the author of the script and I figured at some point there would be some criticism of RBL's. I feel that spam has gotten to be such a problem that a single individual cannot hope to manage a large influx of spam into his/her e-mailbox without some outside help. Using a RBL just gives you the knowledge base of what might be spam that is the aggregation of thousands of other individual's spam screening efforts.

The RBL's are just another tool in your arsenel against the big time suck that dealing with spam has become, it is however an imperfect answer/tool. It is true that some RBL's are a bit overzealous and list some IP's as spammer IP's that don't deserve such a label. However I feel given the neverending assault of spam against my humble e-mail address (which I've had for 6 years and I'm rather attached to it), I am willing to run the risk of missing a few e-mails from strangers to be able to access my e-mail box the way I want to. Those who really need to contact me (ie. those who I want to contact me) will always be able to do so e-mail or not. For the rest, they just better not look like spammers.

If you are concerned about the accuracy or aggressiveness of a particular RBL, you can just elect not to use them and use a less comprehensive RBL. There are lots of them out there.

I structure a multi-tiered solution to screen spam with filter rules like this, in this filter order:

1) If the sender is in my address book, I stop processing all filter rules. Apple's mail application makes it really easy to add senders to your address book and makes this filter very responsive/flexible and easy to keep up to date.
2) If the sender is one of various organizations I want e-mail to get through from (ie. my work/company, @apple.com, etc), I stop processing all rules and/or route e-mails to the appropriate sub folder.

These two are effectively a whitelist that leaves known prior e-mail contacts and trusted sender domains in my In box.

3) The defuault Junk filter catches about 80% of my spam. It uses some sort of adaptive pattern recognition, but sometimes can't respond well to new/novel forms of spam (and those crafty spammers are always tweaking how they do things to get through filters. Hmmmm....if I really opted in then why do you always have to try to engineer your stuff to get past filters? Wouldn't I have placed your domain into rule 2? Dammed Spammers : )
4) I place SpamHolio here after the default Junk filter. This keeps the RBL checks limited to those that might have snuck in under the Junk filter's radar thus saving time and the RBL server's resources. I think by rough estimate, SpamHolio is catching 50-57% of spams missed by the Junk filter for me.
5) Any additional anti-spam filtering rules. (ie. I also look for all variations of subscribe/unsubscribe/opt in/opt out in the message body and junk it if it matches).

This seems to work well for me. The RBL isn't my only spam solution, just another tool in the chain. Looking at my mail traffic in the past 3 months, I have had recieved approximately 150 legitimate e-mail items, my Spam Filters (SpamEaterPro running on a old PC checking my POP account every 5 minutes against rules and RBL's and block lists, then Apple's Mail app's Junk filter) have blocked over 7,700 pieces of spam with about 300 pieces getting through. Out of these blocked spams, the RBL's blocked these numbers of spam items for me:
SpamCop: 3,100, SPEWS: 579, list.dsbl.org: 35, multihop.dsbl.org: 92, ipwhois.rfc-ignorant.org: 27.

Now that I can get some RBL lookup capability in Mail, I can perhaps think of not being dependent on my old PC to help continually clean out my POP account. I could set up SpamAssasin to do this, but it is a rather involved process and my Mac is a laptop and not always on, so I'll keep SpamEaterPro up and running for now.

Given those numbers, am I so off base using a RBL? Or do you think I have the time to sort through over 3,600 pieces of spam that might have gotten through the filters in the last 3 months?

Dave Chen

---
I'm much calmer now that I don't use WinBlow$ anymore.



[ Reply to This | # ]