<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#330033"><br></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><span class=""><br>
<div>On 2016-09-17 18:21, Rick Hornsby
wrote:<br>
</div>
</span><blockquote type="cite"><div><div class="h5">
<div style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br></div>
<div style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">What
are you guys doing for your email as far as spam and phishing
filtering? Are you doing something yourself server side? Client
side? I've found over and over again in the past (and when it is
turned on by default and I don't realize it) that the filtering
in email clients sucks, and so I always turn it off. </div></div></div></blockquote></div></blockquote><div><br></div><div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,51);display:inline">I used to run a fairly sophisticated email rig, and with sufficient time and effort, I had zero false positives, and no spam getting through. It used a concept of using the least amount of CPU and resources to block the most amount of spam. Postfix did a lot at the front door, by incorporating a fairly reliable consolidated block list, and with tweaking and tuning, would actually turn away connections from known spam relays. If it got past the first turn-away, the next check was a validation that the sender and recipient were valid (again, easy checks in postfix, although validaing the sender is not 100%), next the connection would go through greylisting. If we had seen the sender relay before and they passed, they got a free pass (resets with each success, is good for the next 30 days I think). Greylisting sends them a fake error, asking them to retry in a minutes. Most spammers don't retry, so this cuts back some of the spam. Legitimate senders relays will queue the message and do the retry. (And once they do, they're good for at least the next 30 days so no extra delays as long as they send a message once every 30 days). For mail that gets past these checks, I used MailScanner to manage the filtering which included a bunch of public and custom rules, which included running it thorugh ClamAV, SpamAssassin for rules scoring, and other plugins like DCC (Distributed Checksum Clearinghouse), Fuzzy OCR (which would actually convert images in attachments to text, and run the text through spam filter rules), and so on. ClamAv checked for an updated database every other hour, that way I was pretty quick on new signatures. Other rules would pull in dynamically, which sometimes did cause problems. </div></div><div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,51);display:inline"><br></div></div><div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,51);display:inline">The idea was that things like DCC and FuzzyOCR are rather CPU intensive, so put them at the end of the chain, where only messages that have already not been determined as spam have to run these checks. Sitting through a Barracuda "Spam Firewall" (I hated that name, by the way) presentation, I learned that they do pretty much exactly what I was doing, except they managed the updates on a subscription model.</div></div><div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,51);display:inline"><br></div></div><div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,51);display:inline">This ran great for a long time, but as I go to google the validity of some of these, it seems that most people don't do any of this stuff anymore. </div></div><div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,51);display:inline"><br></div></div><div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,51);display:inline">I suppose, like anything else, you get out of it what you put into it. But, email is not considered the value add that it was 10 years ago, with texting, free gmail with decent enough spam filtering for eveyrone, and so on... </div></div><div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,51);display:inline"><br></div></div><div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,51);display:inline">Angelo</div></div></div></div></div>