At 1:55 PM EST on April 5 David T-G sent off: > Hi, all -- > > I know that there are a lot of folks using various spam-fighting > tools here, and particularly some who are using Spam Assassin, and so I > thought this might be of interest. I haven't checked into SA or how it's > configured or looked [recently] at the SpamTricks article, but I'd like > to know how much of this guy's claim is bupkus
Pretty much all of it. > and how much is valid. So his mail got sent into a junk folder (was it really dumped? He confused content filtering with bouncing: "My first encounter with content filtering (the practice of bouncing email automatically based on words in the message)"). Big deal, he could have resent it, because he got a bounce message. That's what they're for. He's just mad because it's a major inconvenience for him; i.e. he's a BULK mailer. Add overblown (i.e. his writing style) financial (biz) stuff to it and it sure *looks* like spam. Which brings me to my point: any complete spam filter has to consider the content. Spammers play too many tricks with the headers to always get caught that way, and whatever gets passed to the human gets a brief content based evaluation anyway. Briefer if the human has to wade through too much, meaning that it is possible for a human to accidentally delete valid email as well. So spam filters can actually help get good mail that for some reason looks spammish to the reader, especially if they have a (automatic) whitelist like SA. > Surf on over to > > http://www.talkbiz.com/assassin.html > > and give it a read. > > Enjoy! I did! It's too bad he bushwhacked that poor website administrator, though. My experience with SA: It works very well, but did need some tweaking for me, especially because so many of my students use Hotmail (aargh...I've told them they could use free university accounts, but noooooo....) I had to fix its hotmail forging detector, and start munging (with procmail before passing to SA) all incoming HTML Hotmail to remove the ad "signature" at the end. You know, after the <hr>. Not just for aesthetics, but because the ad signatures can trigger SA's phrase detectors. After all, they are little bits of spam. For some reason I also had to hack a way for it to work with Vipul's razor, even though it is supposed to use it by default if it's there. I gather that spamcop is something like Vipul's razor, and noticed the talkbiz guy was also complaining about anonymous spam reporting. I trust the razor because its users are spread out, so the only way another one could poison a message before it got to me would be if they got it first - which probably means it's spam. Even if other people in the department started using it*, we could hack it so that our local server kept track of reporters, with free cookies for high scorers. * with a new mail -> user's holding tank -> razored when fetched from holding tank. That would be great, since the first reader in the dept. could report it. Back to SA, its default threshhold of 5 seems right for me. (equal # of false positives/negatives, ending up within +/-1 of 5) I put the positives in a spam file that I check once a day, so it's not a big deal. Many spams score 10, 20, or even 30, so an ISP could bounce at 13 or so. -- "Nothing can be loved or hated unless it is first understood" - Leonardo da Vinci 1452 - 1519 Robert I. Reid <[EMAIL PROTECTED]> http://astro.utoronto.ca/~reid/ PGP Key: http://astro.utoronto.ca/~reid/pgp.html
