Slashdot Mirror
Reviewing Anti-Spam Offerings
Joel Snyder writes "Just finished looking into the innards of 40+ anti-spam products at Network World. The biggest, ugliest, and most comprehensive look at this market that's ever been done. Conclusions: lots of great products to choose from at the top (a dozen or more); a few stinkers in the bunch; and it's basically impossible to review Spam Assassin, which is unfortunate."
Mine isn't in the list.... http://www.mxlogic.com
I have said it before on here, but I use Mx-logic.com to filter e-mail before it even gets to my mail server (as their filtering is in-line). They run multiple concurrent virus scanners, and you can set all policies related to attachments, sizes, virus scanning, quarantines, SPAM (deny, accept, etc, for different "levels" of probability).
It's really efficient. I haven't gotten a virus in any attachments and maybe just 2-3 SPAM messages / month (down from 100+ / day). It also does cool stuff like remove the imbedded tracking images from SPAM HTML messages (should one get through), etc. No, I don't work for them. I used to quarantine messages and review it weekly (that were medium / high probability spam), now I trust their service so much I just deny receipt to my mail server of any Medium+ probability SPAM
We are one consciousness experiencing itself subjectively. Back to you with the weather, Bob!
RTFA:
We also reached out to the SpamAssassin community (see "What about SpamAssassin?"), but couldn't find someone who could act as a representative for support and configuration assistance. However, two commercial vendors, Roaring Penguin (on Unix) and NoSpamToday! (on Windows) sent products that exposed their SpamAssassin cores.
They have a whole page discussing this.
I never thought I'd get to use it... but... RTFA jackass. Don't just see a question and post something about it. Answer: http://www.nwfusion.com/reviews/2004/122004spamsid e6.html
I just upgraded my server to the latest version 3.0.1 of spamassassin and the difference is amazing. I haven't had one piece of spam get through to my inbox today. And from what I can tell, there are no false positives yet. Unless you think that Darcy really wants me to come over and check out her new webcam.
They say, "Although a few well-meaning souls volunteered to be the contacts for SpamAssassin, when it came time to test no one would step up to the plate and represent the product at a level that would make it competitive to the other enterprise-focused vendors."
I can only wonder what it was that they asked and who they asked. There are several companies that provide products based on SA, and the developers are very responsive.
I'll have to look in more depth later and see if any of the products they reviewed were SA-based.
Still, a review that does not cover common open source implementations such as DSPAM and SA is not a review that I would put much stake in.
The mere appearance of SA, though, is impressive because those trade rags rarely include anything open source (partly due to marketing opportunity for commercial, paying companies).
Jerry http://www.syslog.org/
...is to treat your e-mail address like you treat other personal, abusable personal information.
Do what I do: create a Yahoo (or some other free e-mail) account and use that address for all questionable forms you fill out.
I've had the same address now for almost three years now and receive about five spams per week, at most.
There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
The buying guide is useful just for putting all the contenders together. But don't believe the claims until you test them. Barracuda, for example, touts the capability of millions of messages a day, but we are sending our second test unit back because it just can't handle a modest load of real world mail. Their 600, for example, claims it can process "25 million messages per day" but that assumes it is rejecting 95% of the mail -- that's nowhere in their fine print.
If you're going to review things for the enterprise, then you need to keep in mind the requirements of an enterprise. Very few large businesses are willing to trust a product that doesn't have some sort of obvious support structure behind it. If the reviewer could not find a solid support structure for it, then it isn't suitable as an enterprise spam solution.
This sig has been temporarily disconnected or is no longer in service
Easy. A Postfix server running Postgrey and Anvil. Before mail ever hits a mailbox most spam (and a lot of viruses too) are weeded out. It can protect against distributed dictionary attacks.
The world's burning. Moped Jesus spotted on I50. Details at 11.
This is a spam filtering service that I use, In 52 weeks 22,624 spam messages out of 93,714 have been blocked before entering my users inbox. The nice thing about this service for us is our IT dept is very under-staffed and makes it useful to have someone else worry about it. The do our anti-virus scanning as well and am proud to report that they have stopped all 5213 infected messages before even touching my server. Very worth while service if you are in a under-staffed situation like I am.
If you block spam you'll never increase the size of your penis.
What he's really saying is that they couldn't find anyone willing to PAY them to review SpamAssassin on Apache. That's about what passes for "comprehensive reviews" these days.
Though it's a small project, bspam is an excellent Bayesian filter for *nix... I tried bogofilter and some others but nothing jived with my qmail/procmail/pine setup as nicely as bspam.
A well-designed RBL blocks 95+% of spam and consumes less resources than all the other solutions. Plus it has the added benefit of stopping virus and worm propagation, phish e-mails and lots of other scenarios where unauthorized SMTP relays operate.
I see no reason to use client or server-side products that analyze the mail content, when this slows down mail service and reliability. RBLs, blocking mail based on the legitimacy of the source address has proven to be the most effective method of curtailing spam, and unlike all the other solutions, this one aversely affects spammers by not allowing them to consume your resources.
If you're in the business of making money off selling spam products, I can see your support of these various half-way solutions, but otherwise, the best way IMO is to employ RBLs at the server level and slowly work towards SMTP whitelisting. I contend this is an inevitability if the authorities don't start prosecuting spammers for their illegal computer tampering.
Flame suit on, if they can't even get Spam Assassin working... why should I trust them to be knowledgable enough to truly provide a unbaised and effective review of Anti-spam solutions?
There are many ways in which spammers harvest and generate spam messages, and not all of them require entering your e-mail address into web forms.
I have a number of e-mail addresses, some of which date back to the early 90's and use daily, and others which are more recent and which I've never used at all.
My oldest e-mail address was my primary e-mail adddress for newsgroup postings for many, many years. I haven't given or used that address in roughly 2 years now (as I'm using a different address that forwards to this old mailbox), and yet I still get dozens of spam messages being sent to this address daily (all of which are thankfully auttomatically filtered).
On the other end of the spectrum is my Gmail account. I have never used this account for anything at all. I've never sent an e-mail from it, or used it to register for anything. And yet it too receives spam (all of which Google also does a good job of filtering automatically). An old e-mail account I got from my ISP when I signed up for my first cable modem was similar -- I already had a mailbox and never used that account. I never even bothered _checking_ it, until one day nearly a year later out of curiousity to see how many spam messages it may have received -- only to find the mailbox was filled with hundreds of spam messages.
I often see messages where the list of recipients was obviously generated by attaching a list of user names to each entry in a list of domains and then sending the results. And who knows how many Windows e-mail worms out there are sending users address book entries back to spammers.
Best practices can reduce your spam load from certain vectors, but not all of them, making some form of filtering good policy. When even unused mailboxes are getting clogged with spam, however, you know that best practices alone just aren't enough.
Yaz.
GFI got a horrible review last year. The product they submitted was a pure 'word checker' (i.e., if you've got Viagra anywhere, you're spam) and so their false positive rate went through the roof. They also had some horrible heuristics, such as "if you're not on the "to:" line, it must be spam." My experience is that it was architected for a small office where you can tune it out the wazoo. They have since (I have heard) fixed their product, but they were so heavily burned by last year that they didn't want to come and play this year. I can't really blame them; once burned, twice shy. But we'll never really know, will we?
The one product that I am familiar with is Barracuda, as we run that where I work. They claim that Barracuda doesn't support SSL for management, which is dead wrong. In fact it's very simple to _force_ the Barracuda to use SSL for this purpose.
It's only one point, but they make a fairly big deal out of it.
At minimum, they should have taken the false positive rate, added it to the percent missed and ranked by that. Doing so sends BorderWare into the middle of the pack where it belongs, and more likely winners rise to the top. (Postini and MailFrontier). Pretty shoddy reporting when the end reader has to take your numbers and plug them into a spreadsheet to make any sense out of them.
They could have also weighted the two error rates, but deciding on weights would be pretty subjective. Some might think false positives should be weighted higher, while others might think the opposite. Ranking them without weights would have been an acceptable compromise.
9. Check those checkboxes and make sure that you will not receive Spam from them they may be worded funny so that you will check yes to them.
Rule #1: Spammers lie
If a website is going to collection your personal information to sell to third parties, they're going to do so regardless of whether they have a nice privacy notice. Put another way, these people make their living my lying and stealing, but you expect their privacy notice to be an accurate reflection of their real intent?
Disregard privacy notices. If they're an honest company, then they won't need one. If they're spam-friendly, then they won't care about adding one more lie to the mix.
By the way, I find it interesting that your homepage is a link into an MLM website. I clicked the link, added a random junk item to my shopping cart, and proceeded to checkout. When it asked for my "advisor number", I followed the link to their "Finding your Advisor" search. I typed in "fras" (based on the "advno" parameter in your URL) and determined that your name is Todd Fraser, and you live in Troy, NY.
That's about as far as I'm interested in fleshing out your personal information that you posted to the Internet. I'd call you to talk about it in person at the number Google returned when I searched for "todd fraser troy, ny" (you just live a block from a golf course - is it a nice one?) but I'm still at work.
For trying your hardest to protect your email address, you're awfully eager to give away your real name, address, and phone number. I've given up even attempting to hide mine, but I also post to Slashdot with my real email address so I tend not to worry about such things.
Dewey, what part of this looks like authorities should be involved?