| List: | Eventum General Discussion | « Previous MessageNext Message » | |
| From: | Jorey Bump | Date: | September 17 2008 6:53pm |
| Subject: | Re: Spam emails | ||
| View as plain text | |||
Andrew Coghlan wrote, at 09/17/2008 12:29 PM: > Having had an Eventum install running for public (i.e. external customers) > for some time now, I have found that configuring the mail server & Eventum > in the following way has prevented 99% of spam coming through. > > 3. Structure your mailboxes in a way that helps prevent spam; for > example, our main support address is support@stripped. This is where you > would send an email to when you initiate a support ticket. However, all > subsequent emails come from and are addressed to > issue_xxxx@stripped. It is easy to configure this in Eventum, and > it means you can have a catchall mailbox on a domain that doesn't have any > other inbound email (i.e. support.domain.com). This also means you can host > that email anywhere, and you don't necessarily have to get your IT guys to > specially configure your mail server (for some people that is a real pain). > This type of address is not likely to receive any spam mail as the various > algorithms that generate email addresses to send spam to generally don't > send to sub-domains. I don't run Eventum publicly, but I have many years experience running mail servers. While your comment about subdomains being somewhat shielded from spam can be true, using a true catchall (as opposed to an expression-based one like /issue_.*/) can instantly remove any protection once your address becomes public or is discovered on an exploited user's machine. Quite a lot of mail servers support plussed addresses (issue+xxxx@stripped) with little or no extra configuration. Why not use plussed addresses with an explicit account instead? I've often scratched my head over Eventum's example, since it requires extra mail server configuration. Wide-open catchalls are sure to wreak havoc as soon as someone performs a dictionary attack against your destination domain. It's best to avoid them. > In short, Bryan is right - you need to deal with spam outside of Eventum. > But there are some ways you can configure your system to help prevent it > getting sent to you in the first place. Absolutely. That's one of the reasons I like Eventum, because it doesn't try to solve problems outside of its domain.
| Thread | ||
|---|---|---|
| • Spam emails | Lwazi Mboni | 17 Sep |
| • Re: Spam emails | Bryan Alsdorf | 17 Sep |
| • RE: Spam emails | Andrew Coghlan | 17 Sep |
| • Re: Spam emails | Jorey Bump | 17 Sep |
© 1995-2008 MySQL AB, 2008-2009 Sun Microsystems, Inc.
Page generated in 0.152 sec. using MySQL 5.1.14-beta-log