Slashdot Mirror

← Back to Stories (view on slashdot.org)

Interview With The SpamAssassin

Posted by Zonk on from the thin-pink-line dept.

comforteagle writes "Howard Wen has conducted an interview with Daniel Quinlan of SpamAssassin. In it he explores what keeps Daniel motivated in the face of the unrelenting torrent of spam and new spamming techniques, as well as, what is working - what is not, and what he predicts spammers have up their sleeves next for defeating spam detection." From the interview: "If you don't mind deleting spam manually, that's your prerogative, but don't complain about it. If your ISP doesn't do a good job fighting spam, then switch ISPs or install your own anti-spam software. There are a lot of choices out there."

10 of 202 comments (clear)

  1. gmail has good spam protection by erick99 · · Score: 5, Informative

    When I got to over 300 spam a day was just about the time I tried gmail (google mail). So far this is the best spam protection I have come across. My spam folder is getting about 400 a day now but I can't remember the last time a "good" message went in there. I still get about five spam a day that I need to manually deal with.

    --
    http://www.busyweather.com/
  2. Cloudmark SpamNet by Zendar · · Score: 5, Informative
    Been using Cloudmark's SpamNet for over a year and haven't looked back since. Nothing gets by.

    Disclaimer: No interest in the company. Just a satisfied customer.

  3. Once again.. by daeg · · Score: 4, Informative

    I've said it before, but I have to promote PopFile (http://popfile.sourceforge.net/) again. Since doing a bit of training, it now correctly sorts about 99% of my e-mail. I get about 600 messages a day not including mailing lists, and my accuracy is 99.65%. It is generally not susceptible to new spam techniques unless they can match the subject matter that my e-mail typically covers.

    When they start spamming "Linux IPF Apache LOOK! Vi@GR@ makes your peNi$ PHP Bug CSS" I will be concerned.

  4. Am I alone? by The+Eagle+Maint · · Score: 4, Informative

    Maybe I'm the lucky minority here, or my mail host has some crazy filters I don't know about, but I very, very rarely recieve any type of spam. Now, I don't go handing out my email address either. If I'm signing up for something shady, I use another address at a web-based email account, which does get a lot of spam... but otherwise I use the mail host that comes with my website http://www.surpasshosting.com/ and Thunderbird as a client, and never see any type of spam.

  5. If you can't run your own mailserver... by vasqzr · · Score: 4, Informative


    A pop3 proxy works great. I recommened SpamBayes

    http://spambayes.sourceforge.net/

  6. Re:Complain as much as you can! by frankie · · Score: 4, Informative

    Most spammers are not in U.S.

    This is false. The SpamHaus list shows the USA hosts more spammers than the other countries put together.

    the FBI who has bigger fish to fry

    This is somewhat true. We won't put a dent in spam from a legal perspective until a federal agency devotes some serious infrastructure to the job.

    That's mainly due to lack of willpower and expertise rather than funding, however. A competent "Spam Czar" armed with the authority to seize spammer's personal assets could easily achieve self-funded operation within a year.

  7. Re:you'ved been spammed! by Christopher_G_Lewis · · Score: 3, Informative

    It's just an arms race. SpamAssassin gets better, then the spammers adjust.

    Part of the problem with open source spam filters, the Bad Guys can reverse engineer what's currently being tested.

    I kinda wish that the SpamAssassin group would separate their tests from their product development, so we could get more frequent update of the "offical" spam assassin filters. However, I remember reading somewhere that testing and evalutating any new rules against their current corpus takes quite a long time.

    Also, make sure you check out http://www.rulesemporium.com/ for more frequently updated rules.

    --
    www.christopherlewis.com
  8. Spamassassin much better with personal training by gvc · · Score: 3, Informative
    The article and the SpamAssassin documentation seem to imply that SpamAssassin is best used as a server-side filter.

    In fact I've found it works great as a personal filter, if you configure it somewhat differently from the way the documentation suggests. That is, increase the weight of the Bayes filter, and have it train itself on every message it classifies. Then correct it on any mistakes it makes - which rapidly become few and far between.

    Here's a paper showing that SpamAssassin can achieve as good results as others touted for personal use.

    Unfortunately SpamAssassin is a bit hard to install and set up. But if you have RedHat or Debian Linux, it is available by rpm/apt and you can install a few scripts to make it work.

    I wish I had a better shrink-wrapped version, but I don't. So I'm supplying the raw files for one user in the hopes that (a) somewhat technical people can reproduce the setup and be happy, (b) somebody will make a shrink-wrapped version, perhaps with plugins or extensions or macros for more mail clients.

    Here is the Linux Personal Spamassassin setup.

  9. Easy manual sorting.. by deacon · · Score: 3, Informative
    For those of us who prefer to sort manually, using Pine over SSH and leaving all email on the ISP's server works pretty well.

    With a full screen terminal window, I can mark spam based on the name and the subject header. I can recognize spam at a rate of about 10 per second this way. With the names spammer pick, and the mis-spelled subject headers, it is pretty easy to pick them out.

    Using pine, I never give a spammer info by opening web bugs. I can look at the raw email by typing "h" to show the headers, so all those phishing emails are immediately obvious.

    Keeping the email on the isp's server means that when I rebuild a machine, I don't have to worry about about backing up my email.

  10. How I beat spam by Just+Some+Guy · · Score: 5, Informative
    I just wrote an article for this month's issue of Free Software Magazine on building spam filters. The long and short of it is that Spam Assassin is a very, very good last line of defense. However, there's a lot you can do to limit the amount of junk that even makes it that far into your system:
    1. Filter the HELO messages. If the sender says "HELO yourownname.example.com", then it's lying and you can safely reject the connection.
    2. Don't be overly picky about reverse DNS lookups, but do check that the domain of the From: address is resolvable. After all, what's the point of getting mail from "spew@nonexistentdomain.com" if you can't reply to them?
    3. Selective DNS blacklists. Do your homework and find a couple that are picky about what they add. Remember: false negatives are much better than false positives!
    4. SPF. It's not a cure all, but it works and it's available today.
    5. Greylisting. Oh, how I love thee!
    6. Finally, Spam Assassin, ClamAV, and other "expensive" defenses.

    Since I implemented the above as a Postfix ruleset, I don't get spam anymore, and it's not exactly like I've actually kept my primary address secret. No, I'm not kidding or exaggerating - basically, my mailbox is my own once again. Viva Postfix! Viva greylisting!

    --
    Dewey, what part of this looks like authorities should be involved?