Hi Roberto, just something I was thinking about and thought I would toss out. Most organizations have a standard form for their email addresses IE: mailto:firstname.lastname@domain.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - firstname.lastname@domain.com , mailto:firstinitiallastname@domain.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - firstinitiallastname@domain.com , or something similiar but with a limited size mailto:limitedfirstinitiallastnametoamaxof8characters@domain.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - firstinitiallastnametoamaxof8characters@domain.com

When I watch our activity log I see tons of email coming from spammers with addresses that are non existant, generally they are not based on our corporate standard. This is often a technique used to harvest email addresses so I would think lots of companies see this traffic.

Would it be possible to add a filter to drop email addresses that do not conform to the corporate standard? It would be difficult to do if a company doesn't have a standard such as firstname.lastname@ or a set number of characters in the first part of the address, but I think most do.

This probably needs some more refining and thought.

Cheers,
Wayne

Hi Wayne,

Unfortunately a lot of email does not follow those conventions. Automatic emails are the most common. Bank notifications, newsletters, mailer-deamon errors often fall in this category. FIltering based on that would stop too much legitimate email to be useful...

Roberto F.
LogSat Software

Hi Roberto, I was referring to the recipients email address, not the sender. I agree lots of auto responders and list mailers use unique email addressses that would not conform, but the recipients email should generally conform to the inhouse corporate standard.

We see tons of email from spammers that don't conform to our corp standard...being able to drop incoming mail based on recipient address not conforming would be nice. For example,

our corp standard is mailto:firstname.lastname@domainname.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - firstname.lastname@domainname.com ie: mailto:billy.bob@redneck.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - billy.bob@redneck.com

Spammers will send to mailto:bbob@redneck.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - bbob@redneck.com and mailto:bob@redneck.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - bob@redneck.com and mailto:billybob@redneck.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - billybob@redneck.com  and mailto:billyb@redneck.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - billyb@redneck.com , all of which should be immediately dropped. In most cases these are attempts to harvest legit email addresses.

If Billy Bob has signed up to a mailing list, or gets info from his bank he should have provided his conforming email address, thus delivery should work.

Cheers,

Wayne

Hi Wayne,

Sorry, I misunderstood you. Even with the recipient standard there will be exceptions, however. mailto:webmaster@domain.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - webmaster@domain.com , postmaster@, root@, support@, sales@, etc.. We'd have to create (and admins then maintain) also a list of exceptions to that one rule... I'm afraid it'd be a bit more confusing and complex we'd like.

The best approach is in our opinion completely different. We released a beta version for the next major version of SpamFilter ISP which performs statistical DNA fingerprinting on incoming emails. This allows SpamFilter to adatp rather quickly and learn all variations of the word Viagra for example, almost in real time as spammers invent new ones. We'll be more focused on that aspect of filtering in the near future.

Roberto F.
LogSat Software