| Thomas Delrue on 21 Oct 2016 08:36:20 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] spamassassin help: create a rule to score by sender TLD |
On 10/21/2016 10:36 AM, Keith C. Perry wrote: > This whole thread is why I tell new people coming into the IT field > that managing mail servers is around the most miserable thing we have > to do... Speaking of which, I've actually been wanting to run my own e-mail server for a while but haven't found any good resources on how to properly set it up. Does anyone have resources on that which they can share? > ...other than fight with the wonderful world of the MS drones :D That's not a big deal, 90% of the time they are applying updates anyway. So they just hang there in mid-air doing nothing (and that's if the update process is going as expected) > That said, Charlie said, > > "Furthermore, probably the easiest and most fruitful way to avoid > getting spam at all (before it hits any filters or daemons you set > up) is to just not post the raw email address anywhere on the web. > Have obfuscated JavaScript generate the string instead, or use > HTML/CSS's built-in right-to-left functionality to display it if you > absolutely positively need to display the raw address." > > THAT... I agree with the first bit: don't publish your e-mail address in a form that is understandable by machines (see caveat below). BUT I disagree with the second bit, you are breaking my Lynx... All joking aside, you ARE breaking my internet by doing this though. What's wrong with a 'contact us/me' form again? (But then again, anytime I hear a solution containing "use Javascript/CSS", I just think to myself: "instead of one problem, you now got two, mate") > To go a step further. Use role accounts, "throw-away" or "burnable" > accounts for services when ever you can. If anything *THIS* is the thing to do. When you get spammed on the role account, just drop the account and stop using the site where you used that site (they either got compromised or they sold your data). In this day and age of address books and password managers (What a time to be alive!), do you really want to use first.lastname@domain.tld instead of a random_characters@domain.tld when signing up for whatever the latest shiny bauble-site is which, for whatever dumb reason, requires your e-mail address (...and your phone number 'for verification', and access to your FB account, and your G+ account, and the name of your first-born pet, and when and where you graduated, etc, etc...) If anything, just generate random string e-mail address aliases; *never* use your real one (only give that to folks you really want to talk to) and then put filters on your mailbox which look for the X-Orig-To header to direct the flow. BTW, if you use GMail, use the '+suffix'-trick to create distinct addresses for each website you sign up for (or list your e-mail address on). So if you have: something@gmail.com then you use something+blah@gmail.com which will still be delivered to first.last@gmail.com but be tagged (or something) so you know it was sent to the +blah 'sub-alias'. > You have to treat spam as a security issue. Couldn't agree more. For some reason, people just don't learn, continue to click on links like "H0tt13 in your area l00k1ng for good sh4g, click here!!!!!!!" and then complain that they got infected (that's a top-quality pun, right there!). After all, there must be some morons clicking on these links or we wouldn't have spam, amirite? ...now where's my LART so I can go 'educate' some of my [l]users to not click these bloody things? > ----- Original Message ----- From: "Charlie Li" > <ml+PLUG@vishwin.info> To: "Philadelphia Linux User's Group > Discussion List" <plug@lists.phillylinux.org> Sent: Wednesday, > October 19, 2016 12:20:40 AM Subject: Re: [PLUG] spamassassin help: > create a rule to score by sender TLD > > On 18/10/16 13:42, ac wrote: >>> If you've done something similar, are there other problematic >>> domains that seem to generate a lot of spam and are unlikely to >>> house legitimate mail senders? I will stay away from the >>> country-based ones because we do get mail from foreign contacts. >>> It's more the new TLDs I'm worried about... .xyz is another one I >>> noticed and would probably score. >>> >> I would not do this in that way as there may be legit domains @ >> .xyz or .top and your users (if you are a hosting co) may/will >> complain about dropping legit email... >> > Indeed. I recently registered a .xyz myself and will be used for my > upcoming business. I know a few people who also use .xyz as their > personal domain for their website and of course email. >> best way to stop spam is still the dnsbl, like SpamCop.net & >> superblock.ascams.com & spamhaus/org etc etc >> > Exactly. > > Furthermore, probably the easiest and most fruitful way to avoid > getting spam at all (before it hits any filters or daemons you set > up) is to just not post the raw email address anywhere on the web. > Have obfuscated JavaScript generate the string instead, or use > HTML/CSS's built-in right-to-left functionality to display it if you > absolutely positively need to display the raw address. >
Attachment:
signature.asc
Description: OpenPGP digital signature
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug