Slashdot Mirror
DSPAM v3.6 Released
Nuclear Elephant writes "After six months of development, DSPAM v3.6 has been released. The most notable change is the series of new features added to make an anti-spam gateway appliance possible (Knoppix anyone?). Version 3.6 also includes a highly accurate alternative to Bayesian filtering known as Markovian discrimination, based on Bill Yerazunis' research. Other significant enhancements include trusted sender whitelisting, integrated Clam Antivirus and LDAP support, a centralized spam training alias, and a new dependency-free storage driver. Much of the documentation has also been rewritten to make installation easier. A change log and release notes are also available. Slashdot has recently featured a review of the author's book, Ending Spam and an interview as well."
It would be interesting to compare this version to other spam filters and see how it measures.
Finally a decent anti-spamming utility. There's been a lot of hype around this product and it is not out of place. I like the way its (at least partially) integrated to clam(win?). I still feel it wont be long for spammers to find ways around this tool... but for now, great, im definately using it.
I know I'm going to get mauled over this quesiton... but has anyone compiled it on Windows 2003 server ?
For practical reasons I don't have linux in my test lab, and I'd like to have DSpam on my Webserver which is running IIS6 and Windows 2003 Server.
I can see I need to run it in SMTP mode with a relay to my Exchange box, but I don't want to waste my time trying to compile it (using Visual Studio), if someone already knows it wont work.
-Jar.
Together, We Can Make Slashdot Better. I Do NOT Mod ACs. - Check Me Out
There isn't any trademark problems with DSPAM?
SPAM is a registered trademark of Hormel Foods Corporation, and DSPAM aren't the Monty Python.
My city: Barcelona.
That was how earlier version worked. I don't know of anyone who actually got them to work natively under Windows.
DSPAM is also noted for their trademark spat with Hormel, who tend to be nice about "spam" as a term until it's spelled in all-caps. (Previous Slashdot coverage.)
But the great news is this product is no longer needed. After all the FBI has put a stop to all of that: http://www.detnews.com/2005/technology/0510/16/B01 -349738.htm
(For those that are easily confused, the comment was tongue in cheek)
If you want to give your site's visitors a simple way to contact you without losing your email addess to the spam harvesting "folks" (not to mention without forcing your visitors to fire up a client they probably don't even have configured with a mailto link), just set up a simple form and use simple php to make it convenient for them to reach you while keeping your email address safely tucked away.
Though this is only possibly with PHP, ideally running on a Debian system, it's the most important language to learn in the universe. For a starter's guide, check out this site.
I'm a long-time proponent of and rare contributor to SpamAssassin, and I'll continue to be, but fighting spam is much like fighting disease: you have to diversify your defenses. DSPAM is a nice package, and is very well designed. I've spoken to the author in the past, and he has an excellent understanding of the complexities of the issue (as opposed to the legions of people who seem to think that spam filtering should be easy, given the right algorithm).
As far as I'm concerned there are two tools for spam filtering: DSPAM and SpamAssassin. Try them both. See what fits your needs. My impression is that SpamAssassin provides more knobs and buttons and is more easily extended by the casual user, but DSPAM can be lighter weight. Both are highly accurate, with very low false positive rates.
I use Gmail. :)
This is one of those things that makes me wonder...which "side" is pushing the technological envelope further and faster, the {spammers | malware slimers | virus breeders} or those who develop to defeat them?
Since it's generally agreed that history is written by the winners of a given conflict, I guess we won't have an answer to that until the war's over.
This comment generously brought to you by a severe lack of caffeine.
All the world's an analog stage, and digital circuits play only bit parts.
How about getting it compiled into a Linksys WRT54G router firmware i.e Sveasoft firmware?
Comment removed based on user account deletion
How well does "Markovian discrimination" work in practice? It sounds fascinating, but what is the false-positive rate that can be expected on average?? :)
Geez from dealing with spammers to working with the crap DiamondTouch, Yerazunis is a real glutton for punishment
~jennifer.k~
This isn't "bulletproofly" reliable either. My brothers and I run a small local ISP. Years ago I created an address for my youngest daughter. She never used it, it was never posted anywhere, and it wasn't an easy to guess address since it was a combination of her name and her nickname. However spammers are constantly trying to discover email addresses on our domain, we get about 2,000 invalid recipient attempts every hour of the day. So eventually they discovered her address and she now gets a small amount of spam. (6 to 12 a day) If you want something 100% effective, then cancel all of your email accounts. A more reasonable course of action is to use an excellent solution like DSPAM.
The OpenBSD port can be downloaded from ftp://ftp.00f.net/misc/port-dspam-3.6.0.tar.gz
{{.sig}}
PHP is nothing but an email harvesting/phishing scam. I was going to convert our website from Windows IIS ASP to Linux/Apache/PHP. I had read all the hype and thought it would be a good move. I subscribed to a list on php.net to help me install. I tried posting a message and was told I had to visit three different websites in order to be able to submit it. I tried contacting the list admin. He seemed helpful at first, but then became belligerent. It was then I realized I was trapped on spam list.
But all was not lost. The PHP spam scum were too stupid to prevent me from emaling their list. A number of months later I managed to get a message posted which detailed my saga with the list. That's when some seemingly nice list person contacted me. They offered to help me get removed from the list. What they suggested, I had done before but nothing happened. Then to my shock and horror, the person wanted my password to my gmail account. This PHP stuff isn't just an email harvesting scam, but a phishing scam too!
So now my address was trapped on the spam list and my new gmail account was full of spam (even with gmails filtering). They've tried to get me to give them my password, but failed. Their phising scam has been revealed. I luckly managed to post a 2nd message to their list about the phising scam. After all of this they finally realized I wouldn't fall for the scam and removed me from their list.
All I can say is that I'm lucky I didn't convert our production server yet, no telling what could be written in the PHP code. It is just amazing this spam harvesting scheme has come this far. Stop the PHP spammers and phishers! Just say no to PHP. Don't even visit a website with PHP in the URL.
I thought that whitelisting had been a feature of every email reader/server since spam filtering began.
Nice troll. PHP has nothing to do with spam, if anything it was your blatant stupidity that got you on a spam list.
Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo!
I did this because, in practice, my system never had a message scored 10 or higher that a used considered to be HAM, and indeed, no one has ever called and said, "WTF? My email didn't get through!" Also, in practice, the number of spams and hams that score between 5 and 10 is very low, so users do check their spamboxes. 99% of the messages delivered to the spam folder are flagged as spam. Every so often, a ham slips through, but never has a ham been rejected to my knowledge.
I like this solution because it keeps all obvious spam away from the users, keeps most non-obvious spam away from the users, yet never drops anything to /dev/null.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
... but it'll sound like one: I recently converted from a rather involved anti-spam defense utilizing SpamAssassin with Razor, Pyzor, and several RBL checks. I spent a fair amount of time selecting RBLs that worked the best and tweaking SA test scores whenever I got false positive/negative messages. I even had all sorts of validity checks turned on in the MTA to block out badly formed messages and the like.
I replaced all those defenses with: DSPAM. And I'm seeing better results out of the box than I ever did with a multi-layered SA-based solution, even after a lot of time tweaking.
A quick anecdote: When I converted, I opened up a bunch of previously blocked spamtrap addresses, just to get some good training material for the filter. I've long since passed my initial training threshhold but haven't even bothered to block the spamtraps again because I never see the spam. At the risk of sounding like I'm bragging, I literally don't have a spam problem anymore, and DSPAM is entirely responsible for that.
Now, I'm not necessarily advocating that you give up all your custom defenses and switch to DSPAM. (I've turned off all my other filters, but I haven't removed them completely.) There's always a chance that an ingenious spammer will find a weakness in DSPAM setups, but I can testify to the fact that DSPAM is "scary good" as of right now. Training the filter is a simple matter of dropping misclassified messages (and there aren't many) into an IMAP folder.
If what you have is working for you, stick with it. But if you're looking for a low-maintenance, high accuracy filter, you should definitely give DSPAM a shot.
I must agree about PHP being un-magical. It's great for one or two specific purposes, but is pretty lacking for anything else. Want a simple web email form? It'd be hard to find an easier way to do it than PHP. But if you want a large web application, it's worth trying other languages. What's magical and amazing is that people have built incredible things with it despite its shortcomings -- projects like Drupal and Mediawiki are sheer wizardry.
I've been keeping a list of problems with PHP, if anyone wants details. I won't say it's not biased, but it's not terribly religious either. It just attempts to list some of the more important issues.
I've found that nearly all of my users actually prefer an interactive system like dspam over a fully-automatic system. Both systems make mistakes, but the interactive system gives the user a feeling of empowerment to fix mistakes and improve their accuracy over time.
It's better for the admin, too... When a non-interactive system makes a mistake, I find that the users complain -- either to the admin or to each other. But with dspam, they reclassify the missed message and continue working, happy to know they're part of the solution. A simple "mark as spam" button eliminated most of my email support requests.
I do get occasional users who still aren't happy... they expect 100% accuracy with 0 effort. But the only way to please those users is to hire them a personal spam secretary. And guess how often that happens?
Absolutely. It is cathartic to punish spam by reporting it to your spam filter. And, of course, fully automatic systems aren't nearly as good as claimed. (Neither are learning filters - 99.9...% accuracy? pshaw! - but they're better than non-learning ones.)
I get an incredible amount of spam bounces in my GMail account -- from somebody sending lots of spam using my GMail address as the From: or the Return-to: address.
I really, really want an option for GMail to record the message-id of all messages I ever send through their server, and bounce any which are returned to me but which they haven't got on record as being sent by me.
I requested this ages ago, and it should be relatively straightforward. Does anyone else have this problem?
"Wise men talk because they have something to say; fools, because they have to say something" - Plato
Why is it not included in Debian?
Spamassassin is.
Bogofilter is.
Popfile is.
I thought it was the license, but seems that DSPAM is GPL.
So, can anyone comment? I'm not installing it
for my server if i can not apt-get it and have debian
security support for it.
I used SPAM Assassin quite happily for many years but found the effectiveness started dropping, there are some messages that just can't be caught, usually these are the worst kinds of messages (ie. a face full of spunk) almost always received by the people most likely to be offended (ie. 55 year old female administrative staff).
False positives seem to be more of a problem written in languages other than English. Pretty much all of our e-mail in Welsh language we receive through AOL has been tagged by AOL as SPAM, you might say AOL losers etc. But SpamAssassin & Messagelabs also incorrectly tag e-mails, training these systems doesn't really help and that pretty much ruled those options out, then on top of that if we don't respond to Freedom of Information requests within 20 days we can be fined, so another good reason to not rely on any SPAM system that can be manipulated by the user, better to not receive than to misfile and forget.
I have measured our greylisting performance, I manually filtered over 8000 messages and found only 4 items (Nigerian / lottery frauds) that were undetected SPAM, that gives us 99.95% and our users have had to take no action whatsoever to achieve this. Asside from the usually very short (usually less than 5 minutes) initial delay and the very occasional non-delivery (3 instances in 18 months) due to a broken downstream mailserver (easily rectified with a phone number & guaranteed to work contact e-mail in the bounce) it's very low maintenance.
Another great feature of greylisting is that it's a highly effective first line of defense against viruses. Prior to enabling greylisting I was getting around 10-20 messages a minute intercepted by our virus scanners, with greylisting the number is more like 8 a DAY and all of those are thanks to either transparant SMTP proxying from some brain dead ISPs or messages passed on through forwarding.
SPAM is not really a security risk as such, but the fact that greylisting has such strong anti-virus capabilities should when balanced against it's few potential shortcomings make it very easy to justify switching on as a good e-mail security measure.
Oh and I really get a laugh when people using SpamAssassin helpfully mark their own non-SPAM e-mail as SPAM, thats always a good one and a sure sign that there is something seriously wrong with the SpamAssassin approach.
Jason.
Cool. So we have yet another spam filter. What we really need is an alternative to ClamAV_Redirector.py , which is bunk.