[SAGE] SPAM Filtering policy?
rdump at river.com
Wed Jul 31 22:00:43 GMT 2002
At 15:02 -0400 on 31/07/2002, Lois Bennett wrote:
> Hi All,
> I have been asked to draft a SPAM filtering policy. Could you tell me
> what you do along those lines and what type of policy is in place
> especially in an academic environment? We are experimenting with
> using spamassassin to mark spam but we are currently delivering
> everything except virus laden mail. Virus infected mail is
> quarantined and the sender notified.
> Any suggestion will be appreciated.
UCAR does the following (or is in the process of implementing the
o All inbound mail arrives at anti-relay mail hubs thanks to translation
of MX records for outside consumption. This is easier than closing
every open relay on all the campuses.
o Executable (Windows) attachments are refused, or quarantined after
delivery to mail hubs.
o Virus laden email is refused, or quarantined after delivery accepted
on mail hubs. "You sent us a virus" responses are -not- sent, at
least for Klez and variants that forge sender addresses. (Personally,
I killfile domains that send such notices to tech at openbsd, etc. :-)
o Users can choose to turn on one of two anti-spam block lists for
their addresses if they want blocking at all (implemented similarly
to this: <http://www.river.com/ops/nospam/mailconf.html>). Default is
no blocking. Choices for blocking are "misconfigured hosts", meaning
open relays, proxies, etc., and "misconfigured hosts + spam-friendly
networks", meaning addition of RBL, SPEWS, etc.
Allowing users to turn on the blocking for themselves was the only way to
reconcile the differences between those who are adamantly opposed to losing
any legitimate mail, those who want some blocking, and those who would be
quite happy to throw out most of their mail if it means they'll no longer
get their usual 300 spams per day.
More information about the unisog