New spam Detection Methods Working Well

admin — Thu, 28 Feb 2008 17:34:14 +0000

We now have what I think is the fastest spam bot detection on the planet. Our blacklist are now listing over a million spam bots that have tried to spam us in the last 4 days. We only keep 4 days of data because if we get something wrong or someone fixes their virus problem then their listing will expire in 4 days.

Found a new way to detect spam

admin — Sun, 09 Sep 2007 16:36:21 +0000

Made an interesting observation on Friday that spam bots don’t do a QUIT at the end of an SMTP session. Real email servers are polite and after the message is sent they send a QUIT commant to tell the receiving server to close the connection. Spam bots however don’t send the quit command because the message is sent and sending the quit just takes up time and bandwidth.

The new version of Exim now allows me to test to see if a QUIT has been sent or not and lets me feed my blacklist if certain conditions are met. We don’t blacklist just on the lack of quit but it’s really accurate in itself. If it is combined with any other spam indicating sin then it can be blacklisted. As a result of this our blacklist has increased in size dramatically and a virus infected computer can be detected the first time it touches our system. I think that we are catching nearly 100% of all spam bot attempts on the first try.

Junk Email Filter Blog

New spam Detection Methods Working Well

Found a new way to detect spam