Re: [tlug] TLUG spam?

[Jonathan Byrne <jq@example.com>]

On Sat, Sep 04, 2004 at 12:58:43AM +0900, Brett Robson wrote:

>There is no silver bullet, and AI certainly isn't one. Any system based 
>on content is only going to have a short run before it's rules are 
>defeated; how many ways can v1agra be mis-spelt?

My gig these days is lead spam analyst at one of the major
email security companies (yeah, that's really a job title :-), and while
I can't go into much detail about our techniques, my answer to that
question is "Not more ways than a regex can handle" :-)

>carrying the ad which are extremely difficult to detect. Plus content 
>filtering is very CPU intensive.

We throw lots of hardware at the problem and filter content like
crazy.  Yes, it's quite CPU-intensive :-)

>Anything that stops thousands of emails from a single source is 
>definitely not expensive in bandwidth.

If you run a ton of mail the problem isn't the bandwidth, but the time.
We use no external RBLs, not even ones which I really trust. Partly, it's
a matter of accountability.  We are answerable to our customers for
whatever we block by IP address, so we want to maintain complete control
over that.  The other part is performance; even if we did a zone transfer
and ran local copies of any RBLs that we wanted to use, it would still slow
down our processing.

Jonathan
-- 
gpg --keyserver pgp.mit.edu --recv-keys ACC46EF9
I say we dust off and slashdot the entire site from orbit.
It's the only way to be sure.

Attachment: signature.asc
Description: Digital signature