Archive

Archive for January, 2015

Spam filtering techniques

January 30th, 2015 No comments

The most significant things I’ve done to decrease spam and phishing attempts

  • bl.spamcop.net and zen.spamhaus.org RBLs
  • vendor RBL (barracuda)
  • blocked entire subnets of countries we don’t do business with
  • email rate control
  • attachment filters
  • virus filter
  • heuristics
  • subject line filters for cryptowall attempts and multi ip distributed campaigns
  • block some foreign countries if their reverse DNS resolves back to their country TLD (ex: cn = china), however I don’t block if reverse DNS rules don’t exist or are incorrect
  • block TLDs in header and body that are heavily abused (list below)

Heavily abused TLDs
.asia
.br
.click
.cn
.fr
.it
.link
.rocks
.ru
.tw
.ua
.ve
.xxx
.xyz

Categories: Uncategorized Tags: