[rt-users] Spam control

Robert Grasso Robert.Grasso at cedrat.com
Fri Aug 13 11:42:08 EDT 2004


>
>
> I don't know your special situation, but from my own experience I can say
> that challenge-response systems create even more spam for completely
> unrelated users when their address has been used as the sender address in
> spam. When I get this kind of backscatter spam, I usually block the
> challenge sender.
> Please consider using other facilities such as RBLs for spam reduction
> first.
>
> Wouldn't it be much better, since you know who your customers are, to
> whitelist them and return a mail rejection message in the SMTP dialog when
> an unlisted sender tries to send mail to your RT mail address? That
> approach only creates backscatter when the mail is getting in via an open
> relay host, and it's that host's responsibility to fix it...

I set up TMDA one year ago; 6 months before (nearly), I was discovering and
installing RT V2. There was no tool allowing to cleanup or archive any kind
of ticket (dead tickets, tickets from the past year ...). And on our
business addresses, we use to receive hundreds of spams per day. RT V2 and
its lacking of archiving tools led me to set up a rather harsh solution, in
the same time that I was learning to deal with spam, generally. (BTW, RBLs
are only one part of the solution against spam; could they be sufficient,
everybody would be happy, and spam would not exist any more)

As I can only spend a few time administering RT, it's only a few months ago
that, browsing the mailing lists, I discovered contributed cleanup tools - I
downloaded them and ... some day I will test them. Meanwhile, without spam,
the database went beyond 1GB and is slowly growing ... just guess its size
if it had been badly protected ...

Maybe RT V3 integrates cleanup and archiving tools ? which could change my
anti-spam policy. I will discover it ... soon, as soon as I read the doc ;-)

Anyway, our customers base is still evolving, so I cannot state : "our
allowed customers are in this whitelist, we will reject anybody else". Just
think about new employees (with brand-new addresses) hired by an old
customer. And as we are a small company, we cannot plan to setup a system
such as a web portal were customers can manage an account, register allowed
people which will be able to contact us. It's not possible - not soon,
anyway.

I understand what you say. I may change my anti-spam policy, but if I do, as
spam is the problem that we know, it will be with great care - only with
great care.

Best regards
Robert





More information about the rt-users mailing list