Slashdot Mirror
Reviewing Anti-Spam Offerings
Joel Snyder writes "Just finished looking into the innards of 40+ anti-spam products at Network World. The biggest, ugliest, and most comprehensive look at this market that's ever been done. Conclusions: lots of great products to choose from at the top (a dozen or more); a few stinkers in the bunch; and it's basically impossible to review Spam Assassin, which is unfortunate."
RTFA:
We also reached out to the SpamAssassin community (see "What about SpamAssassin?"), but couldn't find someone who could act as a representative for support and configuration assistance. However, two commercial vendors, Roaring Penguin (on Unix) and NoSpamToday! (on Windows) sent products that exposed their SpamAssassin cores.
They have a whole page discussing this.
Does great for Windows
I never thought I'd get to use it... but... RTFA jackass. Don't just see a question and post something about it. Answer: http://www.nwfusion.com/reviews/2004/122004spamsid e6.html
Using Thunderbird greatly cuts down on the amount of spam you see in the inbox. After using for only about a month, 90% of spam was automatically deposited in the "junk mail" folder. Surely this isn't as good as a paid spam-prevention service, but its free :)
Maybe it's just me and I'm one of the few lucky people in the world, but out of 5 regular email addresses that I use on a daily basis, I rarely if ever recieve spam, and during the workday, watching mailserver logs, the only people in my company getting silly amounts of spam (to me, one or two messages a day is just a minor annoyance) are people who click every popup and put their email addresses in every form available. If it wasn't for the built in spam filtering of Kerio Mail server, which is what we use here, it would probably be impossible for them to get any real work done, as out of 200 people, these 5 or so get more spam directed towards them than the rest of the company gets regular emails. Some common sense goes a long way in avoiding spam.
> From deep within the article:
>"Although these tests were conducted with the
> assistance of Borderware, we where careful to
> ensure results where fair and objective."
So deep that... they must be in some other article. I don't know where you cut-and-pasted that out of, but it sure wasn't the article referenced in this post.
"However, two commercial vendors, Roaring Penguin (on Unix) and NoSpamToday! (on Windows) sent products that exposed their SpamAssassin cores. Although neither met our false-positive threshold for inclusion in the top 12 finalists (probably because of difficulty of tuning Bayesian engines and neural networks in a test lab setting), we were very pleased to have them participate in the project."
Still, a poster that does not RTFA before making such a comment is not a poster I would put much stake in.
I don't think I've seen any false-positives since about 0.7 - but it does miss some emails now and then, so it's not really 100% success rate, but really, what is?
But I do see your point... however, you also have to understand that with Thunderbird, you're not really running a separate application to filter your spam (or running anything on your server for it) - this is just a free email client that does it's own filtering.
Though as I said, I'm quite satisfied. And of course, your mileage may vary.
They tried to get it to work well enough to review, but couldn't. You can flame them for not spending more time on it, but not for not trying, because they did.
Thunderbird's anti-spam is nice, but I wouldn't call it excellent, at least from my experience. I've been using the junk mail feature since 0.7 or thereabouts, on a mail account that gets anywhere from 10 to 30 messages a day, 90% of which are spam. When I recently downloaded 300 or so messages, I still had 25 junk mails that it didn't flag. After several months of training, I'd think it should be more effective than that.
Easy. A Postfix server running Postgrey and Anvil. Before mail ever hits a mailbox most spam (and a lot of viruses too) are weeded out. It can protect against distributed dictionary attacks.
The world's burning. Moped Jesus spotted on I50. Details at 11.
"We invited every anti-spam vendor in our online Buyer's Guide to participate"
And what is there "online Buyer's Guide"? - a pay for inclusion directory!
Between that and their #1 choice helping them with the review process - I have serious questions as to the value of this report
. Accurately simulating a bunch of different anti-spam systems all getting the same e-mail is a bit of a trick. If one of the major players is helping set the rules - its way to easy for them to stack the deck.
Though it's a small project, bspam is an excellent Bayesian filter for *nix... I tried bogofilter and some others but nothing jived with my qmail/procmail/pine setup as nicely as bspam.
RBL (list.dsbl.org : bl.spamcop.net : blackholes.mail-abuse.org : sbl-xbl.spamhaus.org : multihop.dsbl.org : cbl.abuseat.org) + greylistd == average 0 spam in inbox/day.
What I like best about this approach is that you reject most of the spam at SMTP-time without accepting it. If I could I'd add spam-assassin-on-SMTP to the end of the chain, but my server is tight on memory :-(
(Unfortunately there's a bug somewhere between the debian greylistd and python whereby the daemon shuts down on me all the time, but I've lodged a bug report and hope to get some help tracking it down.)
Belief is the currency of delusion.
MX Logic participated last year, but didn't get into the "final fab five" or whatever it was. I am not sure why they didn't participate this year. You'd have to ask them.
GFI got a horrible review last year. The product they submitted was a pure 'word checker' (i.e., if you've got Viagra anywhere, you're spam) and so their false positive rate went through the roof. They also had some horrible heuristics, such as "if you're not on the "to:" line, it must be spam." My experience is that it was architected for a small office where you can tune it out the wazoo. They have since (I have heard) fixed their product, but they were so heavily burned by last year that they didn't want to come and play this year. I can't really blame them; once burned, twice shy. But we'll never really know, will we?
The one product that I am familiar with is Barracuda, as we run that where I work. They claim that Barracuda doesn't support SSL for management, which is dead wrong. In fact it's very simple to _force_ the Barracuda to use SSL for this purpose.
It's only one point, but they make a fairly big deal out of it.
Spammers will Spam you if they can Guess or Get your Email Address so the trick is to make it hard for them to get it.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
FROM TFA:
The short answer is that no one submitted it, but of course there's more to it than that. This year we reached out to the SpamAssassin community and asked them to participate. Although a few well-meaning souls volunteered to be the contacts for SpamAssassin, when it came time to test no one would step up to the plate and represent the product at a level that would make it competitive to the other enterprise-focused vendors.
Interest in SpamAssassin is understandable. In the small-business market, the open source SpamAssassin dominates many anti-spam systems. When well tuned and integrated by a value-added reseller (VAR) that knows what it is doing, it turns out to be a very effective system. SpamAssassin users routinely report 100% spam reduction and 0% false positives (although these self-reported statistics are probably biased), and are generally overjoyed with the results.
Advertisement:
By itself, SpamAssassin is little more than the software implementation of an interesting idea: apply statistics, neural networks and Bayesian probabilities to the problem of classifying mail as spam or not. Train the engine by giving it desirable and undesirable mail, and it can tell you for each new message what pile it most resembles. It turns out to work astonishingly well, especially in small businesses where mail flow is very homogeneous. SpamAssassin's Bayesian engine even redefines the meaning of spam by letting you say, "This is the mail I want," and "This mail I don't want." SpamAssassin also mixes other tools into its scoring system, such as DNS-based blacklists and collaborative scoring, as well as more traditional keyword searches and formatting tests.
The key to SpamAssassin's success, though, is a smart VAR or IT person installing it. SpamAssassin requires a significant amount of integration work to make an enterprise-class installation succeed. Without a GUI, database, quarantine, anti-virus scanner, policy or per-user configuration, SpamAssassin is a great tool for those who want to build their own anti-spam system, but is in no way a solution by itself.
This doesn't mean that SpamAssassin wasn't well represented in our test. The important core of SpamAssassin, a Bayesian engine, was recognizable in at least one-third of the products we tested and might well have been hidden in the guts of more. The strategy of combining multiple tests to identify spam is in nearly all modern, anti-spam products, including SpamAssassin.
The difficulty in testing or recommending products that require heavy engine training, or ones based on trained neural networks, is that companies with many employees have very diverse mail flows, and the training will likely generate false positives or negatives across large numbers of users. For example, a multinational company might have many employees who don't read or speak Italian, and might train all their Italian mail as spam - something that would upset the Milan and Rome offices. Or imagine IDG, which owns many publications, all which have specialized vocabularies. No one set of training mail would work for the different communities.
Products that successfully include a Bayesian recognizer, such as SpamAssassin, do so by considering it as one factor in the larger cocktail of spam identification. By weighting the Bayesian verdict with other information, vendors have followed the trail that SpamAssassin blazed and made it enterprise-ready.
RTFA. Postini was in it, both in the big table and in the Dirty Dozen finalists.
Thanks for the compliment... because, you see, I first used the methodology in 2003, in the original Network World test (see http://www.nwfusion.com/reviews/2003/0915spam.html ).
m demo.html)
Or, you could go back to February, 2003, and see the same methodology being prototyped at the Demo conference (http://www.nwfusion.com/reviews/2003/0224antispa
Let's see: Feb 2003: 2 products.
Sept 2003: 16 products, with 4 top overall performers.
Dec 2004, 36 products, with 12 top overall performers.
And Network Computing? 23 products with 10 finalists, in between my two reviews for Network World.
Yeah, I'm feeling like what Network Computing does in between my reviews makes me a copycat...not.
What are you, a NWC ad salesman? Or just a bit clueless yourself?
You did not read the article. From the Who got left out or opted out page:I'd say that given these two statements, their motives are impeccable. They did review SpamAssassin-based products. They did not review SA on it's own because there was no way to make it fit with their methodology. There were many other products that also got left out for these reasons, and their reasons make sense.
You are full of shit.
There are no trails. There are no trees out here.
http://assp.sourceforge.net