Spam filtering techniques
January 30th, 2015
No comments
The most significant things I’ve done to decrease spam and phishing attempts
- bl.spamcop.net and zen.spamhaus.org RBLs
- vendor RBL (barracuda)
- blocked entire subnets of countries we don’t do business with
- email rate control
- attachment filters
- virus filter
- heuristics
- subject line filters for cryptowall attempts and multi ip distributed campaigns
- block some foreign countries if their reverse DNS resolves back to their country TLD (ex: cn = china), however I don’t block if reverse DNS rules don’t exist or are incorrect
- block TLDs in header and body that are heavily abused (list below)
Heavily abused TLDs
.asia
.br
.click
.cn
.fr
.it
.link
.rocks
.ru
.tw
.ua
.ve
.xxx
.xyz
Categories: Uncategorized