On Sat, Oct 10, 2015 at 06:41:02PM +0530, Suresh Ramasubramanian wrote:
ip block lists are a first and still quite useful line of defense. Spam assassin is a series of score based content filters that supplement Spamhaus and such. SURBL is a URL block list.
Beyond a point however filtering has grown enormously complex (and add issues such as dmarc and other authentication) so your constituents might be better off outsourcing their mail hosting to one of several large players in this field (none that are local to Asia / saarc though)
One possibility that appears to be overlooked in many places is the usage of domain BLs (such as Spamhaus DBL or SURBL) at the SMTP level (that is, pre-DATA and before the message is transmitted). Three checks can be done: MAIL FROM, HELO and rDNS of the sending IP if available. It maybe tremendously effective with snowshoe spammers, particularly those of the so-called hailstorm variety (each IP used for 5-10 minutes in total, with *tremendous* intensity, stopping exactly when BL data start covering them), presumably because correlations allow BL operators to find spam domains even before they are used, while this is basically impossible for IP addresses. Sadly, with some mail server products these checks are not possible. One of the biggest oversight by MTAs/appliance coders. furio