/ BLOG / Email is dead?! Long live email!

On recent episodes of LUGradio the Proctologist (Chris) has been saying that email as a whole, sucks. Granted as a whole email is fairly “broken”, but it and spam is not a new problem by any stretch of the imagination, so I can’t really see it going away any time soon.

During the most recent episode (Finding Emo, S05E19) both he and Adam were discussing SPF. This is basically a way of publishing a list valid email origins for a given domain name, via a TXT record for that domain. There are a few issues that they’ve brought up, and I’ll quickly outline the more memorable ones;

These are all perfectly valid points one way or another, with exception to the forwarding email issue. SRS is supposed to take care of this. I won’t disagree that by itself SPF sucks a bit, though.

However, if you take the approach of using SPF with a team of other methods to track and capture spam, then it can help a quite lot. The downside is (very obviously) that the more methods of detection you employ, the more likely it is that the time taken for processing mail will increase, along with processing, possible bandwidth requirements, etc.

I’ve been toying with enhancing my personal junk scanning techniques (for fun) to take more spam detection and rejection concepts into consideration. One solution that does seem to work well is a scoring system, very much like many of the commercial, enterprise, solutions trying to achieve. My current thought is along the lines of something like this;

This gives a 2 stage filter which should cover the significant bases; Origin reputation and content scanning. The only additional thing that would be nice, would be to integrate some anti-phishing detection in with content scanning.

Over time I can see this being an impressive setup, and exceptionally similiar to one vender we use at work. However, the one major drawback is that on small scales I doubt the benefits would outweigh cost of additional scanning. As awesome as it would be to setup (more so that it could be acheived with a server that runs entirely on open source and free software and services), I can’t see it producing any obvious, tangible benefits for myself at all, given how well SpamAssassin is trained on my personal systems. Just how far I’ll do with this, I don’t know yet.

So did LUGradio solely trigger this? Nope, surprisingly not. I was going to let this roll, but then I came across Karmasphere this evening, which appears to be at minimum partially, if not completely, the work of a gent (Shevek) from BBLUG.

Check it out if you’re not familiar with it, you might be interested if you run a number of mail servers, and you still use DNSBLs. Admittedly it’s not solely usable for mail related purposes, but it’s likely to be one of the larger uses (until comment spam kills akismet-like services).