Slashdot Mirror
Interview With The SpamAssassin
comforteagle writes "Howard Wen has conducted an interview with Daniel Quinlan of SpamAssassin. In it he explores what keeps Daniel motivated in the face of the unrelenting torrent of spam and new spamming techniques, as well as, what is working - what is not, and what he predicts spammers have up their sleeves next for defeating spam detection." From the interview: "If you don't mind deleting spam manually, that's your prerogative, but don't complain about it. If your ISP doesn't do a good job fighting spam, then switch ISPs or install your own anti-spam software. There are a lot of choices out there."
"If you don't mind deleting spam manually, that's your prerogative, but don't complain about it. If your ISP doesn't do a good job fighting spam, then switch ISPs or install your own anti-spam software. There are a lot of choices out there."
It seems pretty simple to me: complaining leads to awareness, which leads to action. Maybe a bunch of people on Slashdot griping about spam won't amount to jack, but let Oprah or someone else with a grappling hook or two on the office/church/bar water cooler complain about it and they can make a difference in social attitudes.
SpamAssassin is a good step but the real problem is the social system which makes spamming possible. How else can you explain a 60-year-old grandmother 1) using her computer as a spam relay, 2) acknowledging it on television, and 3) not seeing it as a problem because it's "legal" and she's getting regular cheques to do so?
How is it that a social/legal system can be designed to bankrupt and scare the shit out of people who share a few movies or songs but barely put a dent in the people sending out millions of useless, offensive, and content-bordering-on-the-illegal emails? Is there nothing wrong with this?
This has both good and bad aspects. First, the good news: responsible ISPs will be able to block a good portion of spam at their routers and mailservers; it's not hard to detect and blacklist a PC which is spewing the same email to 20,000 different recipients. Unfortunately, it only takes a few poorly-configured ISPs to provide a great deal of bandwidth to spammers. Couple this with Windows' known security holes, and home users' typical apathy regarding patches and security updates, and you have a large pool of potential spam-hosts which cannot be as easily targeted as open relays or specialized spam-spewing servers. After all, if spammers are using a legitimate ISP's mail server to send spam, a remote admin can't block that mail server without also condemning large amounts of legitimate email to deletion, which may well be unacceptable.
The upshot of all this? The onus of spam filtering is going to be, more and more, on ISPs rather than on recipients. While this has its good side - spam filtered at the source doesn't take up as much precious bandwidth - it also means that filtering will be more difficult for those not close to the source.
That's it. I'm no longer part of Team Sanity.
Someone (the author or some editor) added that comma to my sentence. My original email had no comma there. A clearer phrasing that would not tempt someone into adding punctuation would be:
They also removed the name of the company where I work (IronPort), which struck me as a bit odd considering how my job allows me to do open source was part of the article. I think my employer deserves some kudos for that. Not to mention implying that I'm more than just one of the developers. There are eight commiters, six of them on the Project Management Committee and two of them (Justin Mason and Theo Van Dinter) write at least as much code as me.