Spam filtering



  • My ISP runs received mail through a spam filter utilizing a variety of blacklists, whitelists, content analysis and header analysis, with various positive (likely to be spam) and negative (likely to not be spam) scores for each rule; anything over a specified threshold gets diverted into a spam folder. Once a day, they send out an email to tell me they've detected spam mail, so that I can go check for false positives if I choose to do so.

    Today, one "spam" message in particular caught my attention. Their spam filter caught their own notification message. You'd think they'd whitelist themselves, or something.

    Filed under: Discurse thinks this topic is similar to "Finding XSS is fun"


  • SockDev

    That's far too obvious.

    Also: spam to let you know you have spam. Tasty tautology.


  • mod

    @HardwareGeek said:

    Filed under: Discurse thinks this topic is similar to "Finding XSS is fun"

    Yeah, Discourse seems to think it must always find similar topics. I've never seen it with an empty similar list when creating a new topic.



  • What would you whitelist, and how would you prevent people from spoofing that?



  • @chubertdev said:

    What would you whitelist, and how would you prevent people from spoofing that?

    I would whitelist the from address and use DKIM to prevent spoofing.



  • I would whitelist the from address and blackhole anything via SMTP with that from address.


    Filed under: we need a new tag cloud to attack



  • @Arantor said:

    spam to let you know you have spam

    Technically, no. I have an established relationship with my ISP, so it's not really spam. Plus, I'm pretty sure there's an option to disable it, if it bothered me.

    @TwelveBaud said:

    I would whitelist the from address and blackhole anything via SMTP with that from address.

    I don't think that would work with the system configured as-is. The mail goes through a few relays via ESMTP within the ISP before being dumped in my inbox. It looks like spam checking is the last step in the chain, for both the spam notification and regular mail:

    Received: from foo.mx.example.com (...) by bar.spam.example.com (...) with ESMTP id ...

    So the spam checker would always see it arriving by (E)SMTP, whether spoofed or not. DKIM might work, but I don't really know anything about it.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.