| The silent network: denying the spam and malware chatter using free tools: BSDCan, Ottawa, May 18th 2007 | ||
|---|---|---|
| Prev | Next | |
Some tools combine methods (eg spamassassin does header analysis and content scan).
All methods carry a risk of false positives or false negatives:
Header mismatches: Mostly reliable, but SPF and Sender ID screws up forwarding; also trips up roaming users.
Blacklists: Be sceptical about about how they're generated. Some extremely inclusive (whole /16s not uncommon), some out of date; some have been manipulated in personal vendettas
Greylisting: Delivery delay for initial message. Large pool of outgoing SMTP servers with random selection of retries could trip up. (Most of these sites are seeing sense)
Greytrapping: Vulnerable to spam generated “message undeliverable” backscatter to trap addresses