> If all we can do is filter the turkey with SA and not shut him down, then
> is the use of it?

I always thought that if you implement a decent filtering system and have it
(or similar systems) installed across a wider base, you limit the number of
spams that make it to the end-user, thus decreasing the effectiveness.
Unfortunately, I don't think this trend has had much of an effect on
spammers and if nothing else, they have simply increased the volume of junk
and resorted to exploiting certain aspects of known filters to get around

> I am beginning to think that the collective efforts of many organizations
> shut down spammers is a dismal failure. I have been doing the anti-spam
> for a real long time and, if anything, the spam has steadily increased
> the years rather than decreased. Until radical changes are made to the
> infrastructure of the internet to shut down open relays and proxies as
well as
> header validation spam will continue. The spammer that sent this spam
> to be bullet proof. I suspect that with sufficient funds, he is telling
the truth.

I would agree about the infrastructure.   SMTP is an old standard.  Hell,
it's almost as old as I am (that tells you something of my youth, I
suppose).  Unfortunately, it was designed back when the Internet was a much
friendlier place when relays were common.  Now, it is a sin to operate a
relay.  What's worse is that most of the open relays I receive spam from
seem to be DSL subscribers who just installed Microsoft's SMTP services and
didn't know WTF they were doing (well, it is Windows...).

That means there are two options:  Help users get a clue about what they're
doing or change the infrastructure to be spam unfriendly.  I don't know
about you, but to me both options are nearly impossible.  The first is
unlikely and the latter is costly.  So, we have to do what we have to do -- 
run filters.  It may not be a perfect solution but it is a solution
nevertheless, and with projects like SpamAssassin, I think we as a community
are heading in the right direction.  Simply throwing your hands up into the
air and declaring everything as a failure is giving in to the problem.
That's not what we're here for.  That's not what has made the Internet as
great as it is.  What makes it great are the countless hundreds (even
thousands) of wonderful, brilliant people from around the world who get
together to collectively solve a problem.  Denying that of all things alone
should be blasphemy...

> Rule 1: Check incoming mail against a whitelist (based on From, To, and/or
> Subject). If in whitelist, pass it on, and stop checking.

Whitelists are effective but they are a pain for the average user to use.
Remember, we're talking about people who think that the "little thingy you
put CDs in" doubles as a cup holder.  If you ask them to take an extra step
just to receive e-mail from a friend, they'll probably do without e-mail.
On the other hand, they will also be the first to complain about receiving
300 pieces of junk e-mail per day because they plastered their address all
over the Internet thinking they could get something for free (first mistake)
or chose a very common name for their e-mail address (second mistake).  It's
a lose-lose situation if you look at it *that* way.

> Rule 2: Check incoming mail against a blacklist (based on From, To, and/or
> Subject). If in blacklist, discard, and stop checking.

I thought that's what RBL was for.  And Razor (though not *really* in the
same sense of a blacklist)...

> Rule 3: Check incoming mail against the SA hit level. If above a Hit
> move the mail to a spam folder for manual checking, and stop checking.
> time, this rule should refine the whitelist and blacklist and could be
> to simply discard.

I already do this.  Since I'm using Outlook Express and am too lazy to put
anything else on this system (this is my work system anyway), I have to
filter by subject tag.  It works.  It's called deleted items...

> Rule 4: Check incoming mail against the SA hit level. If equal to or below
> Hit level, forward the message back to the from or reply to address with
> following message,
> "Your email is being returned by an automatic spam detection system. If
> still wish to send this message to the recipient, please add the following
> code XXXNNN to your subject line and resend the message. We apologize for
> inconvenience this may cause you; however, it is necessary due to the
> amount of spam now found on the internet. Once this process if completed,
> address will be added to a list of valid addresses and you will not need
to do
> this again."

I don't know about that...  I've had calls from several users who have
received messages similar to this because they sent e-mail to a friend on a
service that uses a whitelisting mail filter.  They didn't know what to do.
This equals more time I have to spend helping them figure out how to reply
to a message they don't understand in the first place...

Besides, autoresponders are a sore topic with me after I whined to the list
yesterday about one.  Just ask Simon -- he had to listen to my silly jaw
flap on about this sort of thing yesterday!  He knows how to write *real*
autoresponders anyway -- ones that don't send numerous messages to lists
when they otherwise shouldn't.

That's my $0.02.  The last article I read citing Jupiter research claimed
per-user spam has been doubling every 42 days.  I'd almost believe it...

And would you look at that, no sooner do I reply to this than another "Learn
to Spam" mail message comes in...  The thermonuclear path is really starting
to look tempting by now.


This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
Spamassassin-talk mailing list

Reply via email to