Slashdot Mirror
Reviewing Anti-Spam Offerings
Joel Snyder writes "Just finished looking into the innards of 40+ anti-spam products at Network World. The biggest, ugliest, and most comprehensive look at this market that's ever been done. Conclusions: lots of great products to choose from at the top (a dozen or more); a few stinkers in the bunch; and it's basically impossible to review Spam Assassin, which is unfortunate."
It's such a fine product, how could any review of anti-spam products leave it out?
From deep within the article:
"Although these tests were conducted with the assistance of Borderware, we where careful to ensure results where fair and objective."
So, that would be why borderware's product got the #1 position?
I find that Mozilla's Thunderbird has excellent anti-spam control. That's just from my own "testing" though...
Mine isn't in the list.... http://www.mxlogic.com
I have said it before on here, but I use Mx-logic.com to filter e-mail before it even gets to my mail server (as their filtering is in-line). They run multiple concurrent virus scanners, and you can set all policies related to attachments, sizes, virus scanning, quarantines, SPAM (deny, accept, etc, for different "levels" of probability).
It's really efficient. I haven't gotten a virus in any attachments and maybe just 2-3 SPAM messages / month (down from 100+ / day). It also does cool stuff like remove the imbedded tracking images from SPAM HTML messages (should one get through), etc. No, I don't work for them. I used to quarantine messages and review it weekly (that were medium / high probability spam), now I trust their service so much I just deny receipt to my mail server of any Medium+ probability SPAM
We are one consciousness experiencing itself subjectively. Back to you with the weather, Bob!
Does great for Windows
I just upgraded my server to the latest version 3.0.1 of spamassassin and the difference is amazing. I haven't had one piece of spam get through to my inbox today. And from what I can tell, there are no false positives yet. Unless you think that Darcy really wants me to come over and check out her new webcam.
They say, "Although a few well-meaning souls volunteered to be the contacts for SpamAssassin, when it came time to test no one would step up to the plate and represent the product at a level that would make it competitive to the other enterprise-focused vendors."
I can only wonder what it was that they asked and who they asked. There are several companies that provide products based on SA, and the developers are very responsive.
I'll have to look in more depth later and see if any of the products they reviewed were SA-based.
Still, a review that does not cover common open source implementations such as DSPAM and SA is not a review that I would put much stake in.
I use yahoo mail, and I don't get much spam, even from the mailer I use to sign up for stuff on the web. Its actually sort of lonely to go weeks without recieving emails.
God spoke to me.
Using Thunderbird greatly cuts down on the amount of spam you see in the inbox. After using for only about a month, 90% of spam was automatically deposited in the "junk mail" folder. Surely this isn't as good as a paid spam-prevention service, but its free :)
It's nice to see a well thought out, in depth analysis of the anti-spam products on offer, along with explainations as to what various tests entailed. Whilst Spybot and Ad-aware are well known, even to the non-tech crowd, there doesn't seem to be any equivalent in the spam world.
It's just a shame that not all vendors took part so the test isn't totally comprehensive.
I'm not stressed. I'm just terribly, terribly alert.
Maybe it's just me and I'm one of the few lucky people in the world, but out of 5 regular email addresses that I use on a daily basis, I rarely if ever recieve spam, and during the workday, watching mailserver logs, the only people in my company getting silly amounts of spam (to me, one or two messages a day is just a minor annoyance) are people who click every popup and put their email addresses in every form available. If it wasn't for the built in spam filtering of Kerio Mail server, which is what we use here, it would probably be impossible for them to get any real work done, as out of 200 people, these 5 or so get more spam directed towards them than the rest of the company gets regular emails. Some common sense goes a long way in avoiding spam.
The mere appearance of SA, though, is impressive because those trade rags rarely include anything open source (partly due to marketing opportunity for commercial, paying companies).
Jerry http://www.syslog.org/
...is to treat your e-mail address like you treat other personal, abusable personal information.
Do what I do: create a Yahoo (or some other free e-mail) account and use that address for all questionable forms you fill out.
I've had the same address now for almost three years now and receive about five spams per week, at most.
There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
Funny how when you click the link to go to the article, the popup invites you to register for their spam^H^H^H^H newsletter. :)
What about built in spam blocking like that in yahoo, MSN, gmail mail as well in Outlook and other mail apps?
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
No eAcceleration/eAnthology/Stop-Sign? hmmm.
Take the 90-Day Challenge! http://rwmurker.bodybyvi.com/
DynaComm i:mail? www.futuresoft.com
I know what's on your hard dr
I am currently using BitDefender and Spamassassin. I might receive 3 messages I consider spam per week. I do browse my spam folder every few days and might notice 1 false positive out of ~250. Most of the time they are Netflix shipment notifications.
Sean Milheim
iDREUS Corporation
It doesn't include GFI Mail Essentials. I would like to have seen how that stood up to the competition.
On a side note I have started using SpamBayes-Experimental on my outlook box and it is working well so far.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
The buying guide is useful just for putting all the contenders together. But don't believe the claims until you test them. Barracuda, for example, touts the capability of millions of messages a day, but we are sending our second test unit back because it just can't handle a modest load of real world mail. Their 600, for example, claims it can process "25 million messages per day" but that assumes it is rejecting 95% of the mail -- that's nowhere in their fine print.
If you're going to review things for the enterprise, then you need to keep in mind the requirements of an enterprise. Very few large businesses are willing to trust a product that doesn't have some sort of obvious support structure behind it. If the reviewer could not find a solid support structure for it, then it isn't suitable as an enterprise spam solution.
This sig has been temporarily disconnected or is no longer in service
They tried to get it to work well enough to review, but couldn't. You can flame them for not spending more time on it, but not for not trying, because they did.
Easy. A Postfix server running Postgrey and Anvil. Before mail ever hits a mailbox most spam (and a lot of viruses too) are weeded out. It can protect against distributed dictionary attacks.
The world's burning. Moped Jesus spotted on I50. Details at 11.
This is a spam filtering service that I use, In 52 weeks 22,624 spam messages out of 93,714 have been blocked before entering my users inbox. The nice thing about this service for us is our IT dept is very under-staffed and makes it useful to have someone else worry about it. The do our anti-virus scanning as well and am proud to report that they have stopped all 5213 infected messages before even touching my server. Very worth while service if you are in a under-staffed situation like I am.
Ok, so first of all you'd need another server, the bandwidth, setup and install the software, maintain it with patches, virus dat updates, etc, bring it all into a convenient web-based front end that a policy administrator can use for himself and other users, maintain the hardware and software on this magical server, etc.... yeah, it's pretty easy.... if you're pyschotic.
If you block spam you'll never increase the size of your penis.
"We invited every anti-spam vendor in our online Buyer's Guide to participate"
And what is there "online Buyer's Guide"? - a pay for inclusion directory!
Between that and their #1 choice helping them with the review process - I have serious questions as to the value of this report
. Accurately simulating a bunch of different anti-spam systems all getting the same e-mail is a bit of a trick. If one of the major players is helping set the rules - its way to easy for them to stack the deck.
Though it's a small project, bspam is an excellent Bayesian filter for *nix... I tried bogofilter and some others but nothing jived with my qmail/procmail/pine setup as nicely as bspam.
The only thing I can see would be the possiblity of increasing your database size to accomodate twice as many strings.
RBL (list.dsbl.org : bl.spamcop.net : blackholes.mail-abuse.org : sbl-xbl.spamhaus.org : multihop.dsbl.org : cbl.abuseat.org) + greylistd == average 0 spam in inbox/day.
What I like best about this approach is that you reject most of the spam at SMTP-time without accepting it. If I could I'd add spam-assassin-on-SMTP to the end of the chain, but my server is tight on memory :-(
(Unfortunately there's a bug somewhere between the debian greylistd and python whereby the daemon shuts down on me all the time, but I've lodged a bug report and hope to get some help tracking it down.)
Belief is the currency of delusion.
A well-designed RBL blocks 95+% of spam and consumes less resources than all the other solutions. Plus it has the added benefit of stopping virus and worm propagation, phish e-mails and lots of other scenarios where unauthorized SMTP relays operate.
I see no reason to use client or server-side products that analyze the mail content, when this slows down mail service and reliability. RBLs, blocking mail based on the legitimacy of the source address has proven to be the most effective method of curtailing spam, and unlike all the other solutions, this one aversely affects spammers by not allowing them to consume your resources.
If you're in the business of making money off selling spam products, I can see your support of these various half-way solutions, but otherwise, the best way IMO is to employ RBLs at the server level and slowly work towards SMTP whitelisting. I contend this is an inevitability if the authorities don't start prosecuting spammers for their illegal computer tampering.
What, no Postini? Sure, it's not a product in the software sense, but we use it and it works great. They update their filters constantly and having the company act as an off-site mail spooler helps us in critical jams (e.g. power failures).
To get a junk mail filter for my real life mailbox that auto sorts into my real life recycle bin.
Where's SpamAssassin?
Although a few well-meaning souls volunteered to be the contacts for SpamAssassin, when our marketting department contacted them regarding advertising no one would step up to the plate and shell-out for print ads like the other enterprise-focused vendors.
The one product that I am familiar with is Barracuda, as we run that where I work. They claim that Barracuda doesn't support SSL for management, which is dead wrong. In fact it's very simple to _force_ the Barracuda to use SSL for this purpose.
It's only one point, but they make a fairly big deal out of it.
Spammers will Spam you if they can Guess or Get your Email Address so the trick is to make it hard for them to get it.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
I dunno what it uses, but I get over 40 e-mails a day usually (about 5-10 are *real* mail, the rest is intriguing offers from diverse companies offering ways for me to extend my growth? or buy 'erbs'). Of them 40 mails, Mail.app get's all the spam, and leaves all my mail alone. Never had a false positive, and after the first week or so, no false negatives either. So why don't everyone use Mail.app? Of course it would mean switching to the worlds best OS, and the worlds nicest computers, but I see no bad side here. Mind you, I do own some stock in a certain computer company with a propensity for fruit....... :)
The truth shall always be free: Boris Floricic is Tron.
From the Bspam website which was last updated 30 June 2004:
BSpam is inactive. Shortly after the last release of BSpam, I took a new job and moved across the country. When I moved, I closed my account with my existing ISP, started getting my mail via POP for easy portability, and started using POPFile. At that time I put BSpam development on the back burner, fully intending to return to it one day. Well, almost a year has passed, and I still find myself fully absorbed in other activities, so I am officially declaring BSpam inactive. I encourage you to look at other packages such as CRM114, bogofilter, or POPFile (which does its job pretty darn well).
FROM TFA:
The short answer is that no one submitted it, but of course there's more to it than that. This year we reached out to the SpamAssassin community and asked them to participate. Although a few well-meaning souls volunteered to be the contacts for SpamAssassin, when it came time to test no one would step up to the plate and represent the product at a level that would make it competitive to the other enterprise-focused vendors.
Interest in SpamAssassin is understandable. In the small-business market, the open source SpamAssassin dominates many anti-spam systems. When well tuned and integrated by a value-added reseller (VAR) that knows what it is doing, it turns out to be a very effective system. SpamAssassin users routinely report 100% spam reduction and 0% false positives (although these self-reported statistics are probably biased), and are generally overjoyed with the results.
Advertisement:
By itself, SpamAssassin is little more than the software implementation of an interesting idea: apply statistics, neural networks and Bayesian probabilities to the problem of classifying mail as spam or not. Train the engine by giving it desirable and undesirable mail, and it can tell you for each new message what pile it most resembles. It turns out to work astonishingly well, especially in small businesses where mail flow is very homogeneous. SpamAssassin's Bayesian engine even redefines the meaning of spam by letting you say, "This is the mail I want," and "This mail I don't want." SpamAssassin also mixes other tools into its scoring system, such as DNS-based blacklists and collaborative scoring, as well as more traditional keyword searches and formatting tests.
The key to SpamAssassin's success, though, is a smart VAR or IT person installing it. SpamAssassin requires a significant amount of integration work to make an enterprise-class installation succeed. Without a GUI, database, quarantine, anti-virus scanner, policy or per-user configuration, SpamAssassin is a great tool for those who want to build their own anti-spam system, but is in no way a solution by itself.
This doesn't mean that SpamAssassin wasn't well represented in our test. The important core of SpamAssassin, a Bayesian engine, was recognizable in at least one-third of the products we tested and might well have been hidden in the guts of more. The strategy of combining multiple tests to identify spam is in nearly all modern, anti-spam products, including SpamAssassin.
The difficulty in testing or recommending products that require heavy engine training, or ones based on trained neural networks, is that companies with many employees have very diverse mail flows, and the training will likely generate false positives or negatives across large numbers of users. For example, a multinational company might have many employees who don't read or speak Italian, and might train all their Italian mail as spam - something that would upset the Milan and Rome offices. Or imagine IDG, which owns many publications, all which have specialized vocabularies. No one set of training mail would work for the different communities.
Products that successfully include a Bayesian recognizer, such as SpamAssassin, do so by considering it as one factor in the larger cocktail of spam identification. By weighting the Bayesian verdict with other information, vendors have followed the trail that SpamAssassin blazed and made it enterprise-ready.
Actually, the #1 selling enterprise anti-spam device (the Barracuda line) is a SpamAssassing core device.
[RIAA] says its concern is artists. That's true, in just the sense that a cattle rancher is concerned about its cattle.
So Snyder takes a page from Network Computing's testing methodology almost verbatim and calls it the biggest, ugliest, and most comprehensive look at this market that's ever been done. Sheesh.
I happily run POPFile (http://popfile.sf.net/ http://www.getpopfile.org/). Perl-based, acts as a proxy. I can't run SA on some of my mail accounts (work, contractual jobs, etc). It's a basic word filter, and lets you see/change how words rate. It also explains its decision process to help you tweak it, for instance, any email with "penis" for my setup is 99.99999% spam.
I have a few mail accounts on yahoo.no, and only one of them has gotten spam, all of which has been caught by yahoo's filter.
People say I'm crazy, I got diamonds on the soles of my shoes...
And deleted it.
emt 377 emt 4
the quote about borderware is fake
www.mxwatch.com
Subject says all.
The way their testing was conducted, they probably had to overlook spam filters that are embedded in proprietary email services but if you are only interested in getting all your mail and none of the spam, google is doing a great job.
My gmail account has had 2 false positives out of 500 messages. Given the vulnerability to having your address fall into unknown hands that is inherent in Google's viral marketing technique for promoting the product, I would bet LOTS of other GMAIL users have the large number of spams coming in...even on new accounts where they have been careful who they gave the address too. I get about a dozen spam items a day but when one of the sh!theads sells his address list to the next spammer, I can get a burst. Bottom line: ZERO spams in my inbox...none...not any. The Bayesian stuff that spammers try to circumvent, the spoofed headers...so far none of it fools Google. And since it buffers the spam in its capacious 1Gb-per-account holdings, I have 30 days to check for false positives at my liesure.
Questions?
1. what vulnerability?
when you accept a google gmail invitation, no matter how many hands it has gone through, Google posts a notification of your new address to the original giver of the invite...who could be some spammer you never met....happened to me.
2. any pattern to the false positives?
not sure...only have two data points. Those two items were email alerts from newspaper subscriptions which tend to be crambed with ad text and ad links...in which case, gmail is clearly trying to do me a favor and I appreciate the effort.
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
> It's economy at work, you pinky commies
My fine capitalist customers pay to get email, not to get unwanted bulk advertising, much of it fraudulent, and a lot of it in fact coming from computers that have been made into zombies by worm writers breaking the law.
The world's burning. Moped Jesus spotted on I50. Details at 11.
At minimum, they should have taken the false positive rate, added it to the percent missed and ranked by that. Doing so sends BorderWare into the middle of the pack where it belongs, and more likely winners rise to the top. (Postini and MailFrontier). Pretty shoddy reporting when the end reader has to take your numbers and plug them into a spreadsheet to make any sense out of them.
They could have also weighted the two error rates, but deciding on weights would be pretty subjective. Some might think false positives should be weighted higher, while others might think the opposite. Ranking them without weights would have been an acceptable compromise.
I know one person who uses MailWasher Pro and swears by it.
But because of certain lame functionality, I refuse to recommend it to anyone.
The problem is that it sends fake bounce messages to the return addresses unless you configure it otherwise. That may have changed since I looked at it, but a quick look at their web page shows that they still do the fake bounces.
Fake bounce messages are incredibly lame since the vast majority of spam does not have the return address of the real source. On top of that, spammers don't pay attention to those even if they do come back.
All the fake bounces demonstrate is that the people behind MailWasher Pro don't have a clue what they are doing. Of course, if they are that clueless, you don't even feel like checking out their other products.
At first glance, I thought the title was, "Reviewing Anti-Spam OFFINGS" -- discussing the merits of different spam-related murders.
Oh, well. Maybe someday.
No one has an IT department willing to support it? Our university recently implemented SpamAssassin for the 20k+ email accounts. I'm sure there are corporations out there of our size that have a larger IT budget than us. Although Miami tends to lean towards open source more often than not (SquirrelMail, SpamAssassin, PHP, etc.). I'm glad they're spending money on enhancing existing projects than giving it to some company because they have a customer support line.
well played.
All of my RBLs that I have tried end up not doing me much. Usually I try to stack 2 or 3 of them on qmail. Do you have any recommendationson which RBL(s) I should be using? Thanks.
Grandparent does not RTFA. Posts an attack consisting of one lie + one rumor propogated by an anonymous coward as a social experiment: which he admits. Grandparent is modded up.
The AUTHOR of the article posts a defense...and is modded a troll.
great-o.Not only does it allow you to cut off spam, it gives you traceable addresses that can be used to see who leaked email to spammers. And it's perfect against phishing attempts.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
Anti-spam software?
IT is what it is.
My main ISP uses it, and I think it's the best spam filtering service I've ever used. So far, anyway.
Mainframe/UNIX Bit Twiddler and long time Windows/Linux Hobbyist.
The Theorem Theorem: If If, Then Then.
FYI, I believe several anti-spam service providers
refused to participate in this review due to
a perceived bias towards Postini by the reviewer(s).
eProvisia Spam Eradicator. If it's good enough for lcamtuf then it's good enough for me.
You can defy gravity... for a short time
I am seeing less the less than 1% false positive (I am seeing maybe 1 per 10,000 e-mails) however I see about a 97% spam caught rate.
How do I know this? I run another antispam product inline and after eSafe. It almost never finds anything that is spam. I also log every e-mail that passes that system (headers only) and almost never see any spam that neither catch.
I've done the numbers for upper management.
This report shows 87% for Aladdin. A lot of this all depends on the setup. These numbers alone mean little. eSafe is the only product that has had proactive blocking for some of these new exploits YEARS before they are publically known. That's due to the product having more than just AV signature checking.
I know this is only tangentially related, but as long as we're on the subject of spam, does reporting your spam thru SpamCop do any good? I've been doing that for a while (I have a script that handles it mostly automatically), and while I do get a sense of satisfaction from filing the complaints, I also wonder whether it actually helps.
As long as you have non-zero false positive rate, there is no point of using content filtering technie, because I end up have to fish the legitimate email from the "spam" folder (time consuming) or worst got deleted by someone/something else made the decision on my behalf without really understand what my decision is. Content filtering is doomed, everyone in the industry knows it. Time to find an alternative approach to address this problem. Disposable email on the other hand has much much better chance in this fight. Just need to make it easier to use, but it is 99.99999% effective and 0.00001% can be solved by replacing the disposable address. Hugh storage does NOT help in term of fighting spam, it just make you take even more time to sort out the spam. Time is money. If you enjoy throwing away money, stick with content filter. I know I don't.
I noticed that their only complaints about the Barracuda Spam Firewall were the use of a non encrypted web administration interface and it's early LDAP integration. Let's be real about this. What kind of moron does remote (ie. not within your network or over an encrypted VPN) administration with a web browser over the internet? If YOU do this kind of thing, look for another line of work. Whenever I do any remote admin, I do it over a secure connection only. This could be VPN, a point-to-point private link, within the network (from my office to the computer room) on a private VLAN or even over an SSH link with tunneling. So the protocol that a web admin interface uses shouldn't matter if it's not accesible to the public in any way.
As far as their LDAP complaint... it's a relatively new feature and hasn't been given time to have the edges smoothed. I can understand that complaint, but ther rest seem invalid to me. I use the Barracuda and it "just works".
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
Posting it out here as a root because it's applicable to 3/4 of the "why isn't listed?"
/., I'm talking actual users.
1. Solutions like PopFile or Thunderbird:
These require per-machine or per-user configuration beyond "point the program at the mail server and go." If you had 10,000 users, these solutions wouldn't work. I love PopFile, I love Thunderbird, but for any solution to be enterprise level, it needs to occur on the server.
2. Solutions like SpamAssassin:
The packages reviewed had graphical interfaces, installs and actual support teams.
Spam Assassin was invited, but the support was lacking. When they went to the community, the community let them down. This is far more often the case than a lot of us would admit. Usually there are about 10 to 15 useful people on any given projects mailing list or on any projects community site, and a legion of trolls, flamers and other morons who will just repeatedly post messages like "fix it yourself" rather than letting the people who are in the list to actually contribute usefully can respond.
Even in that case, if you're managing 12 servers, or 100 servers, or all of hotmail (these are enterprise scenarios), you want a nice UI, you want to be able to sync all those servers, you want to be able to check their status without going out to each of them, desktop notifications, etc.
The article went to great lengths to point out that many of the products use Spam Assassin internally, calling out several by names, and saying that is wasn't excluded because of this.
3. Graduate college and spend a couple weeks in commercial IT, and then see how much patience you have for RPM, APT, etc. and editing config files. Try talking a user who can't get their e-mail through configuring their client for pop file. I'm not talking people who read
When some VP who barely understands how to work a power switch can't get their e-mail, you don't want to be trying to talk them through typing a bunch of "garbage" into a configuration field.
4. Security also comes into play here.
PopFile is not an enterprise solution. Anyone with a web browser and access to your machine can pull up PopFile and view every e-mail it has ever processed. I know of very few executives or even common employees who would consider that to be a "good thing."
If your code is acting bloated, and is running rather slow, it's likely and predicted that some loops you will unroll.
Network World maintains an online Buyer's Guide, which allows any anti-spam vendor to submit its product information...we decided that any vendor who wasn't in the Buyer's Guide wasn't very serious about participating in a product test
"Buyer's guides" based on company submissions tend to not be very objective (i.e. the advertisers own them). A true scientific endeavor would involve finding out which products to use, regardless of how agressively they market themselves.
They should try the free anti-spam program SpamPal, it's brilliant!
The beta version is the fastest and most accurate:
http://www.spampal.org/beta.html
it rocks!
I use ASSP - its a transparent SMTP proxy that does RBLs, Bayesian, attachment scanning and most recently virus scanning (using clamav dbs).
Its simple to setup and works great.
ASSP
http://assp.sourceforge.net
You'd think that SA+ClamAV would be a pretty common configuration.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
The Unix factor: We spent more time tuning Unix, Sendmail and various Unix system utilities than we did tuning products from vendors that ran on Sendmail, including Roaring Penguin, Privacy Networks, Proofpoint and Cloudmark. In some cases, the differences were dramatic. A single-line change in Sendmail configuration, for example, tripled the throughput of Roaring Penguin's CanIt Software. This means companies that install their own software, rather than going with an appliance, need to be prepared for significant performance tuning.
Wow, a one-line change in sendmail.cf is "significant performance tuning". I guess I'm not overpaid after all.
Edith Keeler Must Die
http://www.rhyolite.com/antispam/objections/mperon e.html
Just say what happens; the commercial products fail
to detect
mis-detect OK mail ...
prevent people working by canning MS project files
till now I have to send all attachments as Base64
encoded PGP encrypted files
and all the M$-l'admins are to stupid to understand
or do anything about it.
I discovered today that the reason one of my friends keeps getting bounce messages from my address is that the company I have an account with uses exim's sender verification, and the organisation he uses has graylisting enabled. He sends an e-mail, exim tries to check back, the graylister drops the connection, and exim concludes that the MAIL FROM is forged. Be nice if anti-spam solutions co-operated, wouldn't it?
and it's an accurate assessment, but not everyone out there is an ISP, and if theirs don't deal with the Spam problem, the users are stuck trying to cobjob their own automagical miracle multiple software apps complex IT spam solution at home, OR, use something as simple as tbirds or mozs spam filter, which works good enough to at least keep it down to a manageable size. Or is spam filtering only for the "IT elite"? How long do we poor non_ISP and non pro sysadmin plebians need to wait for ya'all to deal with the Spam then? How long has it been again?
If it is really hurting the ISPs, then it's in their best interest to do something about it, but they seem to not be doing that very much. Or would you rather all those millions of regular ole surfin folks just eat the spam until such a time in the mysterious future as the web "professionals" actually do something about it? Speaking as joe internet consumer, I am tired of waiting for the "IT Network ISP professionals" to "handle" it, because they haven't "handled it", not in the general sense.
As such it's NOT "useless" at all to run a personal spam filter, it's the only thing the millions of spam deluged people have currently,and at least we can use some end user app that's easy to set up and configure. But becauae it's not the single magic silver bullet, we shouldn't use it?
Some ISPs have made an attempt to "stop spam", or their upstreams, but most haven't, and the overall results are still dismal, else we wouldn't be having these spam-problem discussions every other day, and it wouldn't be a global annoyance and cost and complexity headache problem.
Now if the poor ISPs want to pay their users, take a penny off what they pay for an account per spam, something like that, maybe that will get their attention, but most ISPs just let the slop through. Why? Don't ask me, I ain't one of them guys, but spam filters have been around awhile now, no idea why they aren't more widely used at every point on the internet. Spam shouldn't make it past the first hop, IMO, or at least most of it.
It's a moron thing. The level of false positives is impressive. Sure that one smap message is annoying, but one good message marked as spam is just much more unacceptable. I hate when the receiving server rejects my (non spam) messages.
What if the post office were to start a service where an advertiser could give them one copy of a piece of junk mail along with a list of recipients. The post office would then duplicate the mail, stuff them in envelopes and then send them out to the recipients postage due. Eventually you would need a wheel barrel to get your mail everyday.
That's how spam works and that's why people complain.
How about the Apache Software Foundation who now develops the product? ApacheCon happened about a month ago and I'm sure was swarming with all the folks who work on these Apache projects.
While I realize what they are saying (They'll actually have to take an hour, search google, and get directions with _might_ work as expected, rather than clicking NEXT>NEXT>NEXT>FINISH>), I still disagree with it.
Most of the other products are commercial and would cost money. If they paid for them (doubtful), of course there's an 800 number. If they got them free, I'm sure there is a big flag labeled PRIORITY next to their serial number.
So with Apache, there's no 800 number or authoritative contact. Ask any Guru and they'll tell you all about
Bug a developer and you'll probably get great features like Razor and RBL activity in there.
All I'm saying is this happens all too often. Because there isn't a support@[opensourceproduct], reviewers look no further.
I would have been more impressed if they didn't mention it at all, as at least then they'd be ignorant rather than lazy/unresourceful
when you see the word 'Linux', drink!
Got to love those spam free emails - www.loftmail.com
The project home page (number one hit on a google seach for SpamAssassin) has a link to a list of commercial support solutions written with a large font at the top of the page.
Argh. Who modded up that comment? Is this some kind of a troll? You want spamgourmet to be included in the test? Are you fscking nuts? Jesus Christ, did you even read the damn review? How can Spamgourmet EVEN be a part of the test?
Spamgourmet is NOT a software. It is a WEB service. You CANNOT install it on your network gateway. So it cannot even be a part of the test! For a company with an enterprise mailing system for 400-1000 employees, you expect them to use spamgourmet?
Just because you don't understand something doesn't make it false. Somtimes, people more clever than you have actually already looked at the problem.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
A copy of what we sent to the editor of NW:
Your magazine's analysis of 0Spam.Net completely missed the boat as to our service's accuracy level by reporting our false positive rate at 5% of message traffic. Clearly we would not have any customers if that were the case. Your results are statistically irreconcilable with the fact that for the last 18 months our service's false positive rate has been less than 1 in 2,000,000 false positives. You made no attempt to determine why your findings on a small sample of 10,000 messages differed with our production results of hundreds of millions of messages. As such, your reporting of our service as having a "dismal 5% false-positive rate" is not only inaccurate, but disserves the needs of your reader base. Your analysis was far from a realistic test of our service.
The problem with the test analysis is simple: it primarily boils down to your attempt to review 36 products simultaneously. While Mr. Snyder is to be commended for his efforts and did as well as he could with such an unrealistic task, he could not spend the time with each vendor that would be expected by a company's executive management for acceptance testing of a vendor chosen to solve such an important business problem as spam.
0Spam.Net is a service offering with real customer support personnel behind it and numerous feedback opportunities, NONE of which Mr. Snyder chose to explore. Perhaps no one expected a product to offer real service levels and direct interaction with the customer. While many vendors don't offer high service levels to their customers, our practice of doing so has shown with real production results that it leads to phenomenal quality, accuracy, and security levels.
To be specific as to how the testing was unrealistic, our normal acceptance testing process for new customers involves a 30-day period during which time auditors and trial account coordinators work closely with customer staff to collect feedback and adjust filters appropriately. The "tuning" period offered by Network World involved no interaction with Mr. Snyder ("the customer") and was considerable shorter in length. Further, we were not able to "touch" the service settings once the test period started; auditing and customer interaction go on 24x7 (as needed) with our service because, well, it's a service - not a piece of software or a box. Sadly, while there is not much need to have interaction after the acceptance testing, it is critical at the start of the acceptance process and was not possible given the test methodology.
Mr. Snyder also stated that our product "has no knobs" to make adjustments; it is unfortunate that he appears to have had so little time to read and follow the most basic of the end user documentation available for our service. There is no need for end users (or an administrator) to tune lots of knobs - most whitelisting, blacklisting and other tuning operations are easily done with an existing interface they are already familiar with: their email client.
In summary, we are dismally disappointed that your magazine spent such a small amount of effort understanding and testing the products as compared to what would have reasonably been expected by an enterprise IT staff in evaluating a product for actual acceptance testing. At a minimum, one would have expected you to seek to understand why your statistically tiny test sample of 10,000 messages might differ so much from the results of a much statistically larger body of production results with real customers. While we understand the pressure Mr. Snyder was under to try to evaluate 36 products simultaneously, your methodology came up short in our case and allowed a product with a customer track record far better than any of the other products in your review to be greatly shortchanged.
-Bill Franklin, President, 0Spam.Net "Imagine a world with: No Spam, Viruses, ID Theft or Spyware - Guaranteed"
That means no misdirected bounce messages and anyone whose mail is rejected is notified by his/her MTA.
By the way, I have never had anyone tell me his/her legitamate email was rejected by my server. What false-positive rate do you consider to be acceptable?
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
Seriously, break out of your bubble. Or somebody is going to pop it.
Spamgourmet is open source software. And its free. However, there is NO VENDOR SUPPORT for this software. You get that? Who is going to support it once it is in place?
Secondly, have you ever ever come across corp email id's in the format- bestbuy.5.linda@xyzcorp.com ?
Where do you get the faintest idea that companies will think of using that kind of email addresses?
Have you come across one medium sized company using such a solution? NOPE.
You think any company is going to use bestbuy.5.linda@xyzcorp.com?
That sounds and looks like shit.
Nobody would like to be caught using such email addresses.
The problem the author of the review stated with spamassasin is ALSO the problem with spamgourmet. Nobody is selling it, so nobody except volunteers are supporting it.
If something goes wrong, then you better not be the one who implemented such a system because your ass is definitely going to be on the line.
Email is sacred to companies. Why the heck do you think anybody is going to use such a system? The author of the review did not EVEN consider
So as I stated in the grandparent, you are a troll. Don't bother replying to this message.