|
For an average Email Service Provider in North
America, Europe and Australasia, today's incoming email traffic consists
of approximately 24% legitimate email and 76% spam.
[1]
The main problem for mail system administrators is how to filter out the
spam while not losing legitimate email, and how to keep mail queues
flowing without spam-filter processes slowing the queue. The main
problem for ISP executives is also how to do this cost-effectively.
2-Stage Filtering
Using the Spamhaus DNSBLs (SBL+XBL) you we can very safely reject the vast
majority of spam at SMTP connect time and before the mail server
accepts the message, and most of the remainder of what gets past by
checking the IPs of URLs (web sites) advertised in spam against the SBL
in a second stage.
Using the setup described below, our tests achieve a catch rate of
299 out of every 300 spams (99.6%) with zero false positives.
1st Stage
The first stage is the Spamhaus blocklists SBL and XBL on
our incoming mail relay(s). These will identify and reject more than
half of a normal mail relay's incoming mail traffic (in our research experience
approx 63% combined: SBL 12%, XBL 51%). [2]
Incoming mail from servers listed on SBL-XBL at this first stage should
be rejected at RCPT TO, terminating the SMTP transaction before the
message body is received.
This is cost effective - more than halving incoming mail bandwidth
and the subsequent mail queue - and is the safe way to handle message
filtering, because in the event a legitimate Sender is ever blocked in
error they are immediately notified by the reject notice of the reason
why their message could not be delivered as well as what to do and who
to contact about it. [3]
2nd Stage
 Over
87% of spam contains URLs of spammer web sites whose IPs are listed on
the SBL. [4] Therefore the second stage is
to scan the 37% of mail which gets past first stage IP filtering,
looking for URLs (web site addresses) in the message body and testing
their host IPs against the SBL.
This is done by installing an application capable of scanning message
bodies for URLs and checking them against the SBL.
We are using SpamAssassin to do the final filtering.
Spamhaus lists the IPs of spammers' web servers and DNS servers, in
addition to spam sources in the SBL for this purpose. Spammers may find
fresh sources not yet on our DNSBLs, but they have to advertise a web
site hosted somewhere.
The final small
amount of remaining spam is then caught with further filters within the
Merak mail server system, such
as DCC or Baysian content filters, to almost completely eliminate spam
before it reaches users' mailboxes.
|
