Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Spam

Domain Based Spam Prevention? 42

Posted by Cliff from the more-tools-for-the-spamfighting-toolbox dept.
aralin asks: "Recently I got this idea and wrote a little perl script to extract all the second (third in case of co.uk) level domains from my last month's collection of spam (some 4000 messages). I ran that against a nameserver to find the ones with NS record (valid domains) and made a list for my procmail filter. I get about 10 mails a day that escape to SpamAssassin for various reasons and since I began to check them against my list of domains I caught half of these. The idea is that if they want to sell something, or put a working web bug in my email, they need to provide a valid url with valid domain. If we filter domains from a URL in confirmed spam, then its almost certain any other email referencing such domain is spam as well. What I wanted to ask Slashdot is whether you know about some software project that already uses this form of spam detection as an addition to rule matching and Bayes filters?"
This discussion has been archived. No new comments can be posted.

Domain Based Spam Prevention? More

Domain Based Spam Prevention?

Comments Filter:

  • Easily Defeated (Score:5, Insightful)

    by Tom7 ( 102298 ) on Wednesday January 28, 2004 @10:09AM (#8112056) Homepage Journal
    Again the arms race problem: This might work for a while, but once the spammers see a certain level of blocking, they can adjust their spam to circumvent it.

    In this case they could start including (hidden, web-bug style) links to popular webmail sites, like hotmail. If you start blocking all messages with links to hotmail, you are probably going to miss some e-mail that you want!

  • How 'bout a mail rule (Score:3, Insightful)

    by Asprin ( 545477 ) <gsarnoldNO@SPAMyahoo.com> on Wednesday January 28, 2004 @10:13AM (#8112077) Homepage Journal

    Isn't this just like adding a mail client filtering rule to trash all emails with "mydomain.com" in the body?

    Now, having said that, I don't think any mail filter does this explicitly because of problems with legit web page links. All the spammer would need to do is redirect through a page on a hosting service like fortunecity.com or geocities.com.

    ...although now that I think about it - throwing fortuncity and geocities in your filter list may not be a bad idea either since so little actually goes on there ;) and the interesting stuff is always over their bandwidth limit by the time I get the link. :(

  • Joe-Job (Score:2, Insightful)

    by joostje ( 126457 ) on Wednesday January 28, 2004 @11:22AM (#8112729)
    If we filter domains from a URL in confirmed spam, then its almost certain any other email referencing such domain is spam as well.

    OK, the first spammer that wants to irritate you can thus easily block anyone from ever hearing about your website (by running a "joe-job" with your website's URL in it).

Slashdot Top Deals

The only possible interpretation of any research whatever in the `social sciences' is: some do, some don't. -- Ernest Rutherford

Close