There's just no way to filter e-mail what with all the creative geniuses out there mis-spelling penis!
Surely there's a way to blacklist the entire world and then allow exceptions...like with a firewall.
Thanks for your thoughts...

OK, Assuming you are hosting your email with FutureQuest...

To blacklist the entire world you could use the SpamAssassin filter and set the required score for spam down to zero. Then whitelist the addresses that you wish to receive email from. Of course, if you don't already know what those addresses are, this is a problem.

OK, that's my thoughts at the moment...

Best new user name of the week. :yeah:

Pakistan managed to blackhole YouTube for the entire world ... fortunately it's easier to do things the other way around.

You might consider a challenge-response system. That way, any actual people you may have forgotten about (they could have more than one email address, making it hard to anticipate in advance) can ring the metaphorical doorbell and ask to be let inside -- while the spammers pile up in the yard. :wink:

Randall

I have got to do something as well and I have been thinking along the lines of an alias stack, except in reverse... instead of one e-mail addresses redirecting to a bunch of accounts, I would like to set it up so that a bunch of e-mail addresses redirect to one account.

Sheila, the instructions for blacklist/ whitelist suggest that including an e-mail address makes it more LIKELY to be counted as spam, or not. That is, the instructions don't indicate that including an e-mail address in black/ white list will ABSOLUTELY bypass SpamAssassin. I had first thought of your idea, but I need absolutes here.

The advantage of the "stack forwarder" is that it would bypass the SpamAssassin filter and any uncertainties thereof. I am not ready to turn off catch-all alias as it is immensely useful to be able to give novelty e-mail addresses that I can track. I don't want to give my primary e-mail address out to everyone (it's already getting enough spam) and it's just silly to set up several alternate accounts, which will ultimately fill up with untraceable spam.

Sheila, the instructions for blacklist/ whitelist suggest that including an e-mail address makes it more LIKELY to be counted as spam, or not. That is, the instructions don't indicate that including an e-mail address in black/ white list will ABSOLUTELY bypass SpamAssassin. I had first thought of your idea, but I need absolutes here.



SA adds a negative 100 for a whitelisted address and a positive 100 for a blacklisted address. Neither is 100% guaranteed to allow or block but that should get you pretty close...

# Whitelist FROM - If the email address in the From field of an incoming email matches an address or glob-style pattern which you have entered in this list, then 100 points will be subtracted from its "Score Total". Drastically lowering the email's score in this manner helps prevent it from being tagged as spam. To ensure that email from certain family, friends or businesses is received, you should whitelist them here.

# Whitelist TO - If the email address in the To or Cc fields of an incoming email match an address or glob-style pattern which you have entered in this list, then 100 points will be subtracted from its "Score Total". Drastically lowering the email's score in this manner helps prevent it from being tagged as spam. This may be useful if you are using Global SpamAssassin filters, but have a certain users that do not want their email tagged by SpamAssassin. Also useful for whitelisting mail sent to mailing lists, which is often sent to a list address.

-Bob

Best new user name of the week. :yeah:

Pakistan managed to blackhole YouTube for the entire world ... fortunately it's easier to do things the other way around.

You might consider a challenge-response system. That way, any actual people you may have forgotten about (they could have more than one email address, making it hard to anticipate in advance) can ring the metaphorical doorbell and ask to be let inside -- while the spammers pile up in the yard. :wink:

Randall

We really discourage the idea of challenge/response these days. It's along the lines of bouncing spam. In a typical challenge-response setup, one would be sending "challenges" to many spam emails, and the return addresses on those do not belong to spammers, they belong to innocent third-parties.

Sheila, the instructions for blacklist/ whitelist suggest that including an e-mail address makes it more LIKELY to be counted as spam, or not. That is, the instructions don't indicate that including an e-mail address in black/ white list will ABSOLUTELY bypass SpamAssassin. I had first thought of your idea, but I need absolutes here.

To add a bit more to what Bob said...
No, we can't guarantee that a whitelisted addy would get through. However, the whitelisting adds -100 to the score of the email. If the require spam score is at 5 (the default) then the email would need to earn 105 "spammy" points to reach the required spam score. I've never seen an example of a non-spam message that scored that high on the spam-scale.

I am getting a ton of e-mail from fakeaccount@mydomain.com (where mydomain.com is my actual domain name). Can I set up a blacklist for *@mydomain.com senders and then individually whitelist sender accounts, e.g. me@mydomain.com, john@mydomain.com, etc., or would the two cancel out?

is fakeaccount@mydomain.com an actual e-mail address or alias, or is fakeaccount@mydomain.com falling under your catchall.

We really discourage the idea of challenge/response these days. It's along the lines of bouncing spam. It would work better if incoming mail has already passed through an effective content-based spam filter.

Our setup with Reflexion Networks includes a c/r option which we aren't using. Their content filter works so much better than SpamAssassin that I'd expect a minimal chance of false challenges, but I can't really test that assumption -- c/r doesn't suit our particular email needs.

Randall

Happety, it's a catch-all.

Happety, it's a catch-all.

Matt,
Obviously, I don't know your situation and how your mail has been handled previously, so this is general based on how I personally have mine setup.
I mentioned my "system" in the first post of this thread. (http://www.aota.net/forums/showthread.php?t=23526)
I am a huge fan of e-mail aliases and a huge, what's the word, unfan of catch-all addresses. Knowing your domain name is easy, then a spammer simply enters whatever they want in front and it's mail you're going to get. Aliases, though not always the easiest to manage, offer complete control over e-mail.

This is easier said than done after the fact as you probably have tons of addresses already floating around that you want to keep. I would find the addresses being used that you want to keep and make aliases out of them, also setting up global spam assasin settings, then shutting off catch-all.

The somewhat new command line e-mail setup has made things so much easier. As soon as I need a new alias, I simply telnet into my account, which I can easily do from any computer or my phone. Type in vaddalias newalias realladdy@me.com and done! 10 seconds. Start getting spam on one of them, same thing, vdelalias and no more spam.