Sunday, September 5, 2004

Another Antispam Solution, or anti-spam solution

The amount of spam targeted to our servers is huge.

Sometimes, as much as 80% of e-mail that would be delivered to the servers is either spam or virus.

Dealing with that is part of my job, as the mail system admin. It's interesting, because it's challenging and results are fast and noticeable, if you apply the right techniques.

In our servers, we have some very old mail boxes that are in ALL spam lists. So we have a very worthy tool in our hands. We can use these accounts as tests for current tools and use them to train whatever other tool we'll be deploying.

In the last few days, I've been developing a new antispam solution that would be amazingly easy to manage and would give us dozens of possibilities on what to do with the information generated by the logs.

In a usual mail content scanning sollution, even if it's as powerful as DSPAM, you can't be sure wether you will have false positives, so you can't use that for black listing sources or whatever.

This technique I am now using, which I read is used in some RBL providers, requires people to maintain daily, but scales very well. The more you maintain, the bigger are the results. My bet is that what outstands in this particular case is that I've made it very quick to maintain. Just a few minutes every day, and it's alright.

Also, deploying it in other servers would be very easy, differently from DSPAM, which could be a pain for new sysadmins.

I won't discuss it further because there isn't anybody reading anyway. This is for historic record :-)