Blog
Welcome to the Trioro Blog.
In this blog we will provide ideas, information, and commentary on the ever changing world of internet technology, its impact on businesses like yours, and what is most important to get right - if you want to win.

Sunday, November 05, 2006

Mailenable Spam Filtering - Catch-all Exclusion

We use mailenable as our base email system with some plugins that help to catch the spam that is destined for our users. We use the bayesian filtering to flag emails that look like the most current spam techniques coming at us. For the honeypot addresses, I can use catch-all addresses on some of our domains that have obviously made their way onto many, many email lists for sale.

The catch-all addresses were initially catching the mail destined for employees that have long since departed the company. This provides a remarkably good source of spam email for sampling into the bayesian tools. To prevent them from being stopped by our existing spam filters, I created an exclusion list in the spam filters that allowed mail for these past employees to pass freely into the catch-all account. Recently this technique had become less effective as spammers had started to modify or alltogether ignore the specific addresses of the previous employees. Addresses would be modifed from myname@mydomain.com to mynamemyname@mydomain.com which would then get caught by the spam filters. We would also see messages coming in for iJustSentAnEmail@mydomain.com. All of these would then get stuck in the spam filters and would need to be verified by an admin to ensure that they weren't false positives.

I decided that I needed a filter in Mailenable that would stop these messages from even going to our spam tools. This would make the spam tools do less work and it would also stop these random addresses from getting caught in the spam traps. A few hours with google and forums had left me with a better knowledge of the parameters available to me in the Mailenable filter advanced scripting language. After much tweaking, I finally decided on the most consistent approach to catching and diverting the catch-all emails.

In the email headers, Mailenable happens to mention the fact that the email was caught by a catch-all and not specifically directed to a user. Because this header closely follows the email address that was used, it is possible to make this exclusion script specific to certain domains if necessary.

Here is the filter advanced criteria script:

FilterResult=0
If CriteriaMet([ME_HEADERS_CONTAIN],"*mydomain.com> with MailEnable Catch-All Filter*") Then
FilterResult=1
End If


I then set the action to "Stop Processing Filters" and put the filter at the top of the Mailenable filter list. Now those emails will go directly into the mailbox and will contribute towards my bayesian spam detection pool.

posted by Marc Baron @ 2:14 PM 0 comments links to this post

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

Previous Posts