Re: [SAGE] ISP class egress anti-spam filtering

[James Keating <jamesk@okeating.net>]

Brad Knowles wrote:
>>  A free open source  relatively easy to deploy tool named spamassassin
>>  came along a number of years ago and launched a revolution in ingress
>>  spam filtering technologies, and we now have many, many wonderful tools
>>  at our disposal that help reduce the flood of bad coming into our
>>  networks.
> 
> SpamAssassin is one tool.  It's a hammer.
> 
> When all you have is a hammer, everything looks like a nail.
> 
> 
> I believe that there are other things out there that are not nails, and 
> we should not be abusing the one tool we've found so far to treat them 
> as nails.

   I agree, don't hit a screw with a hammer.  But the point of "egress 
filtering" (I'm just going to call it outbound spam scanning for us 
simpletons) would be to stop spam, exactly what SpamAssassin was built 
for.  So why not leverage the tools that many admins are already 
intimately familiar with?

   The real problem then is implementation and since the system is 
customer facing, we need it to provide usable information to them in 
"real time".  I would setup the outbound mail server(s) with 
SpamAssassin scanning mail during the SMTP session.  This would then 
allow the system to "actively" reject mail and provide the sender with 
immediate feedback.

   So if an individual was sending valid mail and SpamAssassin thought 
it was spam, the user would get an error in their application saying 
"550: Your message can't be sent because it looks like spam.  Please 
visit http://www.isp.com/whyismymailspam.html.".  The "threshold" and 
active rule set would need some tweaking, but besides that I don't think 
it would be hard (albeit not trivial) to implement.

James