spam filters

Bill Sconce sconce at in-spec-inc.com
Sun May 16 17:43:01 EDT 2004 

On Fri, 14 May 2004 21:09:51 -0400
Neal Richardson <nsr at ptcnh.net> wrote:

> I am looking for recommendations for spam filtering. The current
> situation is this. Our current ISP told us that spam is our problem not
> theirs (this I believe to be fair except they are hosting our email). We
> are looking for some sort of a gateway/filtering system to try and stop
> the hemorrhaging. 
> 
> Any ideas would be greatly appreciated.
> 
> -Neal



I have tried half a dozen automated approaches, and every one has had
unacceptable drawbacks.  Spam is an ugly problem, and the more automated
and easier the "solution" appears to be the more obnoxious the side
effects threaten to be.  (The mirror 'bot "Answer this automated mail
and my 'bot will believe you're not a spammer" technology being the
worst.)

That said, SpamAssassin is pretty good.

OTOH, my honest answer is that only after I 'fessed up to myself that
there's no free lunch have we been able to be in control of the spam
mess.  A set of filtering rules, plus a little bit of personal time,
yields almost no false positives.  Essentially the leverage of this
approach turned out to be that it doesn't take very long to manually
trash every one (or almost every one) of the messages in a "black
spam" mailbox.  We just couldn't seem to get out of manual intervention
of one kind or another, and "training" the automated assistants turned
out to be a more irritating kind of time sink than just meeting the
problem head on.

So my personal recommendation, based upon unsatisfying experience,
is to be chary of cost vs. benefit of "automated" answers.

There are two other approaches which we might want to watch, though.

1.  Thunderbird.  The "training" interface is presented in a streamlined
way - perhaps that makes it better.  Any field experience from the group?

2.  SPF.  This seems to be promoted as something we should really want -
tightening the loose SMTP rules which permit spammers to pretend to
be sending from arbitrary addresses (including yours).  If it works
the kind of spam which it stops never needs to clutter your bandwidth,
MTA, or inbox - it cannot be sent at all.

I've been meaning to ask the group about SPF.  As a non-sysadmin I can
only wonder if it's a real prospect.  It sounds great that domain
administrators and MTAs could gang up and strangle the spammers - a lot
easier than filtering and/or manual reviewing.  But I haven't heard
a thing about it locally, including from my ISP (who I think would
have to be involved if it's to become successful).  Any comments from
the group?

-Bill

to forge

More information about the gnhlug-discuss mailing list