Archive for January, 2015

Spam filtering techniques

January 30th, 2015 No comments

The most significant things I’ve done to decrease spam and phishing attempts

  • and RBLs
  • vendor RBL (barracuda)
  • blocked entire subnets of countries we don’t do business with
  • email rate control
  • attachment filters
  • virus filter
  • heuristics
  • subject line filters for cryptowall attempts and multi ip distributed campaigns
  • block some foreign countries if their reverse DNS resolves back to their country TLD (ex: cn = china), however I don’t block if reverse DNS rules don’t exist or are incorrect
  • block TLDs in header and body that are heavily abused (list below)

Heavily abused TLDs

Categories: Uncategorized Tags: