Greg Allen wrote: > I know some people use the public folder drag-drop for learning spam, > but I personally don't like the whole idea. And I did consider it. > > I would rather work smarter on the server end to kill or mark the spam > before it gets to the user. > > I don't think users should have to worry about all the technical > details, that's my job.
Depends on the user. Some of them like the ability to contribute to solving the spam problem. I don't use this method simply because there is no simple way to do it. Most of my users use pop3 with Outlook or OE. > Yea, a few will slip through now and then. But they will slip through > either way, and annoying users with the details isn't going to change > that. > > Spamassassin is pretty smart. If you enable all of the features and > keep the version up-to-date, tweak a little and configure your server > (Postfix for instance) to do better at rejecting UCE up-front, most > spams will eventually classify themselves correctly automatically. > > The way they classify themselves is because the spammer will use > various email servers and will start getting on various IP blacklists > and URBL lists, various headers are seen, etc. Within a few days the > new spam will start to have more and more points. All it takes is to > trip the spam points one time and that's is the end of that. True, but a well-trained Bayes database is good at catching some of the 0-day spam runs that get past the blacklists. > If you use Razor, DCC, URBL, etc... system admins (and users in some > systems like DCC, etc) are constantly feeding spams into those > systems. That is a better way to go IMO. use a system that is already > setup for that. Yes, definitely use Razor, DCC, Pyzor, URIBL, etc. They are a major contributor to most of my caught spam. But don't forget about Bayes. BAYES_99 is one of my top spam rules. It hit on 67% of my spam in the last two weeks. And BAYES_00 hit on 55% of my ham. > For the marginal (hard to define) spam emails that go on and on for > weeks, they can forward those emails to the admin to find a way to > block. > > You will always have a certain amount of white-list black-list admin > needing to be done. > > Also, now that AOL is blocking all email with no PTR record, you can > probably kill a lot of spam with that right on the front end now. If > anyone complains, ask them how they email to AOL. :-) That depends on your user-base. I deal with businesses and if I tried something like that, I would get the response, "Yes, but my customers aren't trying to email AOL, they are emailing ME and I expect the emails to get through." I could get away with adding points for it (does that already happen?), but outright blocking is not a good idea unless the criteria is very close to 100%. I currently only do MTA-level blocking for viruses. -- Bowie
