Back to Community Threads
Email Filtering - An Imposible quest?
Problem reported by Douglas Foster - Today at 8:28 PM
Submitted
D
I am more discouraged than ever before about the challenges of email filtering.   One DNS label can be up to 64 characters, which works out to 10^100 ("one google") possibilities!    One google underneath ".com", another google underneath ".net', another google underneath "@outlook.com", another google underneath "@gmail.com", etc.   Infrastructure providers like Sendgrid.net and Appriver.com provide more ways for attackers to catch us by surprise.  At some point the whole notion of a block list falls apart because there are more addresses to list than any list can hold.   Maybe someday the automated generation of DNS domains breaks DNS itself.

I might add that country blocking is not as useful as I hoped.   I just finished matching our inbound mail to the MaxMind database, and the results were shocking.   We are not a multi-national business, but we receive email from servers all over the world.   I never know when Outlook.com will decide to contact me from Japan, so can I block Japan if the 3 messages received so far were unimportant?

And there is the capacity planning problem:   What happens if your inbound message volume increases 10-fold this year?   Nothing good.   Who determines if that happens?   The spammers, not you. 

I am weary of pretending that it is sufficient to block attackers after the first attacks sneak through my filters.   I am weary of pretending that I can protect my organization by hoping that someone else will be the first victim and that I will be protected by subscribing to the right BRL or the right filtering company.

The only feasible way to prevent infection is to have a short list of trusted senders, and to quarantine or block every thing else.   But evaluating a big quarantine is a big labor cost, and my mind was breaking today as I was working through our collection of new quarantine items.

My thoughts about spam filtering are not about features right now.   I have built a good set of features (because I could not buy them), and I admit to pride of authorship for having doing so.  But today it is about feasibility.   I have started grappling with the idea that I am trying to do the impossible.  Some spam gets through my filters every day.  Fortunately, my user base is pretty savvy.  But sooner or later, the spammers will win and I will lose, because my security strategy for email is to trust agents that are not vetted as being trustworthy.  From a security viewpoint that security posture is indefensible, except that everybody does it.
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Send User Spam Feedback Options in SmarterMailSmarterMail > Antispam and Antivirus
Key Feature and Version Milestones in SmarterMailSmarterMail
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Message Archiving in SmarterMailSmarterMail > Installation and Configuration
Emails Deleted UnexpectedlySmarterMail > Troubleshooting