Slashdot Mirror

← Back to Stories (view on slashdot.org)

Interview With The SpamAssassin

Posted by Zonk on from the thin-pink-line dept.

comforteagle writes "Howard Wen has conducted an interview with Daniel Quinlan of SpamAssassin. In it he explores what keeps Daniel motivated in the face of the unrelenting torrent of spam and new spamming techniques, as well as, what is working - what is not, and what he predicts spammers have up their sleeves next for defeating spam detection." From the interview: "If you don't mind deleting spam manually, that's your prerogative, but don't complain about it. If your ISP doesn't do a good job fighting spam, then switch ISPs or install your own anti-spam software. There are a lot of choices out there."

7 of 202 comments (clear)

  1. gmail has good spam protection by erick99 · · Score: 5, Informative

    When I got to over 300 spam a day was just about the time I tried gmail (google mail). So far this is the best spam protection I have come across. My spam folder is getting about 400 a day now but I can't remember the last time a "good" message went in there. I still get about five spam a day that I need to manually deal with.

    --
    http://www.busyweather.com/
  2. Cloudmark SpamNet by Zendar · · Score: 5, Informative
    Been using Cloudmark's SpamNet for over a year and haven't looked back since. Nothing gets by.

    Disclaimer: No interest in the company. Just a satisfied customer.

  3. Once again.. by daeg · · Score: 4, Informative

    I've said it before, but I have to promote PopFile (http://popfile.sourceforge.net/) again. Since doing a bit of training, it now correctly sorts about 99% of my e-mail. I get about 600 messages a day not including mailing lists, and my accuracy is 99.65%. It is generally not susceptible to new spam techniques unless they can match the subject matter that my e-mail typically covers.

    When they start spamming "Linux IPF Apache LOOK! Vi@GR@ makes your peNi$ PHP Bug CSS" I will be concerned.

  4. Am I alone? by The+Eagle+Maint · · Score: 4, Informative

    Maybe I'm the lucky minority here, or my mail host has some crazy filters I don't know about, but I very, very rarely recieve any type of spam. Now, I don't go handing out my email address either. If I'm signing up for something shady, I use another address at a web-based email account, which does get a lot of spam... but otherwise I use the mail host that comes with my website http://www.surpasshosting.com/ and Thunderbird as a client, and never see any type of spam.

  5. If you can't run your own mailserver... by vasqzr · · Score: 4, Informative


    A pop3 proxy works great. I recommened SpamBayes

    http://spambayes.sourceforge.net/

  6. Re:Complain as much as you can! by frankie · · Score: 4, Informative

    Most spammers are not in U.S.

    This is false. The SpamHaus list shows the USA hosts more spammers than the other countries put together.

    the FBI who has bigger fish to fry

    This is somewhat true. We won't put a dent in spam from a legal perspective until a federal agency devotes some serious infrastructure to the job.

    That's mainly due to lack of willpower and expertise rather than funding, however. A competent "Spam Czar" armed with the authority to seize spammer's personal assets could easily achieve self-funded operation within a year.

  7. How I beat spam by Just+Some+Guy · · Score: 5, Informative
    I just wrote an article for this month's issue of Free Software Magazine on building spam filters. The long and short of it is that Spam Assassin is a very, very good last line of defense. However, there's a lot you can do to limit the amount of junk that even makes it that far into your system:
    1. Filter the HELO messages. If the sender says "HELO yourownname.example.com", then it's lying and you can safely reject the connection.
    2. Don't be overly picky about reverse DNS lookups, but do check that the domain of the From: address is resolvable. After all, what's the point of getting mail from "spew@nonexistentdomain.com" if you can't reply to them?
    3. Selective DNS blacklists. Do your homework and find a couple that are picky about what they add. Remember: false negatives are much better than false positives!
    4. SPF. It's not a cure all, but it works and it's available today.
    5. Greylisting. Oh, how I love thee!
    6. Finally, Spam Assassin, ClamAV, and other "expensive" defenses.

    Since I implemented the above as a Postfix ruleset, I don't get spam anymore, and it's not exactly like I've actually kept my primary address secret. No, I'm not kidding or exaggerating - basically, my mailbox is my own once again. Viva Postfix! Viva greylisting!

    --
    Dewey, what part of this looks like authorities should be involved?