[SAGE] SPAM Filtering policy?

Richard Johnson rdump at river.com
Wed Jul 31 22:00:43 GMT 2002

At 15:02 -0400 on 31/07/2002, Lois Bennett wrote:
> Hi All,
> I have been asked to draft a SPAM filtering policy. Could you tell me
> what you do along those lines and what type of policy is in place
> especially in an academic environment?  We are experimenting with
> using spamassassin to mark spam but we are currently delivering
> everything except virus laden mail.  Virus infected mail is
> quarantined and the sender notified.
> Any suggestion will be appreciated.

UCAR does the following (or is in the process of implementing the
following :-).

 o  All inbound mail arrives at anti-relay mail hubs thanks to translation
    of MX records for outside consumption.  This is easier than closing
    every open relay on all the campuses.

 o  Executable (Windows) attachments are refused, or quarantined after
    delivery to mail hubs.

 o  Virus laden email is refused, or quarantined after delivery accepted
    on mail hubs.  "You sent us a virus" responses are -not- sent, at
    least for Klez and variants that forge sender addresses.  (Personally,
    I killfile domains that send such notices to tech at openbsd, etc. :-)

 o  Users can choose to turn on one of two anti-spam block lists for
    their addresses if they want blocking at all (implemented similarly
    to this: <http://www.river.com/ops/nospam/mailconf.html>).  Default is
    no blocking.  Choices for blocking are "misconfigured hosts", meaning
    open relays, proxies, etc., and "misconfigured hosts + spam-friendly
    networks", meaning addition of RBL, SPEWS, etc.

Allowing users to turn on the blocking for themselves was the only way to
reconcile the differences between those who are adamantly opposed to losing
any legitimate mail, those who want some blocking, and those who would be
quite happy to throw out most of their mail if it means they'll no longer
get their usual 300 spams per day.


More information about the unisog mailing list