Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reviewing Anti-Spam Offerings

Posted by CmdrTaco on from the eggs-bacon-sausage-and dept.

Joel Snyder writes "Just finished looking into the innards of 40+ anti-spam products at Network World. The biggest, ugliest, and most comprehensive look at this market that's ever been done. Conclusions: lots of great products to choose from at the top (a dozen or more); a few stinkers in the bunch; and it's basically impossible to review Spam Assassin, which is unfortunate."

16 of 311 comments (clear)

  1. Objective by Anonymous Coward · · Score: 2, Insightful

    From deep within the article:
    "Although these tests were conducted with the assistance of Borderware, we where careful to ensure results where fair and objective."

    So, that would be why borderware's product got the #1 position?

    1. Re:Objective by CoffeeJedi · · Score: 2, Insightful

      what they REALLY say about bias in their report:

      IronPort Systems, a messaging appliance vendor, was asked not to participate in the test because Opus One has an existing consulting contract with this company - including them in the test would have created a conflict of interest.

      --
      May you be touched by His Noodly Appendage. RAmen.
  2. SpamAssassin? by ajs · · Score: 4, Insightful

    They say, "Although a few well-meaning souls volunteered to be the contacts for SpamAssassin, when it came time to test no one would step up to the plate and represent the product at a level that would make it competitive to the other enterprise-focused vendors."

    I can only wonder what it was that they asked and who they asked. There are several companies that provide products based on SA, and the developers are very responsive.

    I'll have to look in more depth later and see if any of the products they reviewed were SA-based.

    Still, a review that does not cover common open source implementations such as DSPAM and SA is not a review that I would put much stake in.

  3. The Best Defense... by TrollBridge · · Score: 3, Insightful

    ...is to treat your e-mail address like you treat other personal, abusable personal information.

    Do what I do: create a Yahoo (or some other free e-mail) account and use that address for all questionable forms you fill out.

    I've had the same address now for almost three years now and receive about five spams per week, at most.

    --
    There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
    1. Re:The Best Defense... by Tenebrious1 · · Score: 3, Insightful

      ...is to treat your e-mail address like you treat other personal, abusable personal information.
      Do what I do: create a Yahoo (or some other free e-mail) account and use that address for all questionable forms you fill out.
      I've had the same address now for almost three years now and receive about five spams per week, at most.

       Maybe that works well on a personal level, it's what I suggest to my friends. However, on a professional level, it doesn't work. You need to give your address out to people, you need them to be able to contact you. That's the nature of doing business, and being careful who you give it to only goes so far.

      All it takes is for one person who has your address to be careless and have their address book harvested by a worm. That may be beyond their control, maybe their IT department is clueless. Maybe they use your address on a webform to send you "info" or a "greeting card".

      That's why spam filters are necessary, some of us cannot work without having our email addresses out in the real world.

      --
      -- If god wanted me to have a sig, he'd have given me a sense of humor.
  4. Re:Thunderbird very good by g0dz · · Score: 2, Insightful

    today i check my inbox and there was no new messages. the junk folder got 108 new messages i check one by one and thunderbird got it right, all spam. thunderbird really make my day.

  5. Enterprise support by sterno · · Score: 3, Insightful

    If you're going to review things for the enterprise, then you need to keep in mind the requirements of an enterprise. Very few large businesses are willing to trust a product that doesn't have some sort of obvious support structure behind it. If the reviewer could not find a solid support structure for it, then it isn't suitable as an enterprise spam solution.

    --
    This sig has been temporarily disconnected or is no longer in service
  6. Re:SpamAssassin? by gcaseye6677 · · Score: 3, Insightful

    What he's really saying is that they couldn't find anyone willing to PAY them to review SpamAssassin on Apache. That's about what passes for "comprehensive reviews" these days.

  7. Re:Did you read the article? by chadpnet · · Score: 3, Insightful

    Flame suit on, if they can't even get Spam Assassin working... why should I trust them to be knowledgable enough to truly provide a unbaised and effective review of Anti-spam solutions?

  8. Discovered on Previously Cached Version... by Carcass666 · · Score: 2, Insightful

    Where's SpamAssassin?

    Although a few well-meaning souls volunteered to be the contacts for SpamAssassin, when our marketting department contacted them regarding advertising no one would step up to the plate and shell-out for print ads like the other enterprise-focused vendors.

  9. Re:Stop complaining about spam by MightyMartian · · Score: 2, Insightful

    > It's economy at work, you pinky commies

    My fine capitalist customers pay to get email, not to get unwanted bulk advertising, much of it fraudulent, and a lot of it in fact coming from computers that have been made into zombies by worm writers breaking the law.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  10. Re:Smart Spam Usage. by msblack · · Score: 2, Insightful

    This is not very practical for those running an existing domain, especially one with 40,000 users. Many coments like those of the posters state that they found effective methods. However, most lack any insight of how one might apply their methods to other users. It's easy to say, "this works for me."

    --
    signature pending slashdot approval
  11. Worthless accuracy table by Ekman · · Score: 4, Insightful
    The way they reported the results was pretty bad. The left two columns ranked products by false positives, while the right two ranked products by spam caught. It is very difficult to look at this table and get a sense of which products performed the best. For example, the top product for false positives, BorderWare at 0.04% looks very impressive until you look at the other column and see that it only caught 88%. It's easy to have a low false positive rate when your catch rate is low, too.

    At minimum, they should have taken the false positive rate, added it to the percent missed and ranked by that. Doing so sends BorderWare into the middle of the pack where it belongs, and more likely winners rise to the top. (Postini and MailFrontier). Pretty shoddy reporting when the end reader has to take your numbers and plug them into a spreadsheet to make any sense out of them.

    They could have also weighted the two error rates, but deciding on weights would be pretty subjective. Some might think false positives should be weighted higher, while others might think the opposite. Ranking them without weights would have been an acceptable compromise.

  12. Re:Thunderbird very good by Just+Some+Guy · · Score: 2, Insightful
    Using Thunderbird greatly cuts down on the amount of spam you see in the inbox.

    ...but does nothing at all to reduce an ISP's bandwidth, storage, and tech support costs. As such, "just convert everyone to Thunderbird" is more or less useless as a first-line response against spam.

    The real payoff is in blocking spam before it ever gets into the system. This is where greylisting, RHSBLs, and server-side spam filtering can save a bundle of cash, both in hardware and reduced administration time.

    Disclaimer: I'm in the process of writing a magazine article on exactly this subject, so I might be a little biased.

    --
    Dewey, what part of this looks like authorities should be involved?
  13. Re:RBLs rule by pjrc · · Score: 3, Insightful
    While we're using stats to "prove" assertions, here's some hard data from my spamassassin filtered inbox:

    grep RCVD_IN_SORBS * | wc
    200 817 13465

    grep ^X-Spam-Status: * | wc
    1201 6029 86914

    If I had followed your advice and used all those RBLs, including SORBS, to immediately reject 86% of incoming connections, then 200 of the 1201 legit messages currently in my inbox (none are spam) and various archived mail folders would not be there. That's over 16% false positive rate!

    Perhaps not all of those 86% rejected connections were really spam, but rather legitimate mail that bounced. You'll never know, since you dropped the connection before getting the message.

    Maybe you don't care about false positives. But I do. That's why I use a cpu-intensive filter, rather than RBLs that are notorious for high rates of false positives.

    Maybe you're an admin at a cash-strapped ISP with high mail loads and old servers that can barely handle them. But in my world, CPU cycles are cheap... and hassles of false positives, expecially from prospective customers, are expensive.

    --
    PJRC: Electronic Projects, 8051 Microcontroller Tools
  14. Re:Smart Spam Usage. by Just+Some+Guy · · Score: 3, Insightful
    8. Check the privacy agreement on the website and make sure that they will not give you email address to everyone

    9. Check those checkboxes and make sure that you will not receive Spam from them they may be worded funny so that you will check yes to them.

    Rule #1: Spammers lie

    If a website is going to collection your personal information to sell to third parties, they're going to do so regardless of whether they have a nice privacy notice. Put another way, these people make their living my lying and stealing, but you expect their privacy notice to be an accurate reflection of their real intent?

    Disregard privacy notices. If they're an honest company, then they won't need one. If they're spam-friendly, then they won't care about adding one more lie to the mix.

    By the way, I find it interesting that your homepage is a link into an MLM website. I clicked the link, added a random junk item to my shopping cart, and proceeded to checkout. When it asked for my "advisor number", I followed the link to their "Finding your Advisor" search. I typed in "fras" (based on the "advno" parameter in your URL) and determined that your name is Todd Fraser, and you live in Troy, NY.

    That's about as far as I'm interested in fleshing out your personal information that you posted to the Internet. I'd call you to talk about it in person at the number Google returned when I searched for "todd fraser troy, ny" (you just live a block from a golf course - is it a nice one?) but I'm still at work.

    For trying your hardest to protect your email address, you're awfully eager to give away your real name, address, and phone number. I've given up even attempting to hide mine, but I also post to Slashdot with my real email address so I tend not to worry about such things.

    --
    Dewey, what part of this looks like authorities should be involved?