Automatic white-listing from *outgoing* email

Arik Baratz arikb@vidius.co.il
Wed Jan 1 18:13:22 UTC 2003


> -----Original Message-----
> From: Vernon Schryver [mailto:vjs@calcite.rhyolite.com]
[snip]
> The input addresses of mailing lists often differ from their output
> addresses.  For example, how would an automatic whitelisting mechanism
> know from a message to dcc@rhyolite.com that it should whitelist
> dcc-admin@rhyolite.com?

The To: header can be examined.

> > Assuming that what is considered 'outgoing' is non-malicious in
> > the spam-war context.
> That assumption is fine for small mail systems where all of the users
> are well known, but it is difficult at a large ISPs.  At least one
> large organization is (or was) using the DCC only on outgoing mail to
> detect and throttle its own spamming users.

A valid point. OTOH, organizational users would IMHO appreciate this feature because it will make sure that no inter-organizational (i.e. from person A at org X to person B in org Y) would cause a false-positive.

> Filtering by the DCC is not perfect.  What if a user responds to spam?
> Responses to spam are amazingly common.  Because the blacklist at
> http://www.rhyolite.com/anti-spam/spammers.html is indexed by search
> engines, I receive strange messages.  Most such messages are requests
> that I remove unsubscribe them, but yesterday someone asked about
> software to copy DVDs to CDs.  For every user that thinks a blacklist
> is a way to contact spammer, there must be many more who 
> contact spammers
> directly.

Well, I see your point all too well. I agree that in an environment where you deal with many unknown users it is a big problem. I come from an organizational background, where people are (generally) smart enough to hit the Delete key straight away.

> All that asside, if automatic white-listing would work for 
> you or others,
> then please feel free to implement it.  One way to build it would
> be to modify the local mail user agent to add pairs of lines to the
> whiteclnt file.  The first line would be a comment starting with
> '#' with the date of the addition and the second would be meat.  Then
> run a weekly or cron script that would delete entries older 
> than 90 days.
> The same script could search system logs for entries concerning mail
> from white-listed sources and refresh the dates.

Since my organization use Exchange/Outlook, I'd need to write it at the MTA (rather than MUA) level. Now all I need is time.

Arik Baratz
System Engineer

Office:
13 Hasadna St.		Tel:   +972 (9)  743-9250 ext. 114
Raa'nana 43661		Fax:   +972 (9)  743-9251
ISRAEL			Cell:  +972 (55) 987-617

This email may contain confidential information. You may not deliver this message to anyone without my consent.

If this message is not intended for you, Please destroy this message and kindly notify me by replying this mail.

Anything in this message that do not relate to the official business of Vidius is my own responsibility.





More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.