RE: Relay permissions error ...

  • From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 9 Oct 2003 07:26:35 -0700

Responding to 2 posts:

First, we will never stop 100% of spam. We do not have that much time or
that much money.

Second, fighting spam is like the old 80-20 rule. 20% of the effort to stop
80% and 80% of the effort to stop the last 20%, if possible.

Keywords can be effective at catching a good portion, but are labor
intensive and experience specific. You would not use the same absolute
specific keyword set for a client dealing in electronic parts as you would
for a client dealing in medical billing. And then what do you do if you have
both clients on one server?

In HTML messages, it is very complex to catch all spam. Not only do spammers
use comments, but also ASCII characters, numbers, HTML code to mean ASCII
characters, obscurity, white spacing, extra long lengths, poetry and other

In subject lines, they use foreign letters, spaces, purposeful misspelling,
use of numbers for letters, long subjects, customized subjects and more.

The software we use uses a range of tests, including DNS blacklists, DNS
validations, format of the headers and body, length of body, HTML code, HTML
comments, message routing, unneeded encoding, keywords, filters on the
different parts of the message (EHLO/HELO, MAILFROM, HEADERS, SUBJECT, BODY,
RVDNS, MX) (white and grey), sniffers, trackers, checks for Outlook
vulnerabilities as well as a few more. Every message passing through my
server (as well as those of other users of the software I use) is tested
against about 50 different tests. Every test is assigned a value. Actions on
only taken on total weight of the message, not on individual tests. (There
are a couple of tests that have a specific action tied to them.)

Everyday, I see spam that will not be caught by any keyword. I see spam
where the spammer does everything right and the only thing that it can get
caught by is the domain in the HTML code.

We have to realize something; the spammers' whole job is to spread their
venom. There was an article a while back that was an interview with a
successful spammer. She stated that she would send 5 million messages per
day, looking for a response of 1/100th of 1 percent. So if only one person
in ten thousand responds, that is 500 responses. At $29.95 each, that is a
lot of money.

If you are serious about looking for specific ways to fight spam, there are
lists for that. If you want specifics about how I do it and can I help you,
contact me directly off list. Even though spam is tied to e-mail, talking
about specific spam fighting techniques kind of goes beyond the purpose of
this list, IMO. If you want information about the software I use, I will
gladly let you know where you can find more information on it. However, it
is not a Exchange app and is tied to a specific e-mail platform, Imail.
However, this can be used to create a very effect gateway product. However,
I do not usually mention the software I use because most Exchange admins
only want to here about products that work with Exchange.

Rant on:

As far as the other post about a question in Outlook, the poster asked on an
Exchange list if something he does in Outlook Express can be done in
Outlook. I am sorry, but answering yes was an appropriate response,
especially since no one else responded, and the poster never asked anything
further. You have to realize, there are many people out there in IT that do
not know jack about stuff, then come on here asking a simple question and
want us to take our time to hold their hand and explain basics. Sorry, but
if you want to be in IT, you better do your homework. That is like me saying
I want to be a lawyer reading a "law for dummies" book and then going to
trial and asking the judge for help on what questions to ask.

And then you get the people that ask a basic question, and then ask again,
and again, and then complain that no one answered, when the information he
asked is readily available on I have seen people ask for
some, state they can not find the information anywhere. Well gee golly, I do
a search on Google and find a hundred references and lots of hits in the MS
knowledge base, or even in the archives. It is very frustrating for us to
take our time and explain something, and then a few days later have someone
else ask the same question. What, is our time not as valuable as yours that
you can not make the effort to research first, instead of just asking how do
you do this?

Of course, this leads to the general problem with our society, everyone
wants the easy path, and they do not want to take their responsibilities

Rant off!

John Tolmachoff MCSE CSSA
eServices For You

Other related posts: