Quote:
|
Originally Posted by Mike Harrison
Surely ISPs like NTL are in a unique position to block a lot of spam very easily, as they can see a bigger picture, i.e similar messages being sent to a large number of users in a relatively short timeframe.
How about this simple rule :
If an email contains more than a couple of external links, 'gibberish html' or any potentially executable attatchment, delay it for a couple of minutes.
If, during that delay period, the same IP sends a similar mail to more than a few other users, bounce or bin all similar (i.e matching above criteria) messages from that IP.
Any genuine emails that 'look like' spam will just incur a short delay, but there should be almost no false-positives.
Can anyone see anything other than ISP lethargy that would stop a simple scheme like this being feasable ?
|
AIUI, many of the most powerful server-side solutions out there use a scoring system, allowing the user to set the benchmark higher or lower depending on how tolerable false positives would be. Here's the test list for spamassassin:
http://spamassassin.apache.org/tests.html
In practice, it's possible to set a high score that'll block most (not all) spam, with an extremely low false positive rate.