Re: anti spam sw?

"Ian" wrote in message news:PZNhi.19327$3j1.15905@xxxxxxxxxxxxxxxxxxxxxxx

"Vanguard" wrote ...
"Stef" wrote ...
Can anyone recommend some basic anti spam software that merges painlessly with OE and that doesn't require emails to be checked at a different location or only allowed though when the sender put a code in or anything like that
I've happily used Norton anti spam for 12 months but the subscription had run out and they'll only upgrade to their full security suite which I don't want

SpamPal

It only tags suspect mail as spam. It is up to you to define whatever rules you want to do whatever you want on this tagged mail. SpamPal identifies. You choose what to do with it.

SpamPal works for me. I use it together with the Bayesian plugin, I still get the occasional one through, maybe 1 a week out of 200-300 spam messages.

That's why I like that the primary function of SpamPal is the DNS blacklists of known spam sources. I don't use the aggressive lists (although SpamCop is usually considered above normal for aggressiveness but I do use that one). SPEWS is *not* a spam filter for personal use but instead to guage the spamminess of a domain. SORBS is way, way too slow to update their lists. I use the Spamhaus SBL+XBL (which include Composite Blocking List (CBL), and blitzed.org), NJABL, ORDB, and SpamCop blacklists. Bayesian filtering should ALWAYS be the *last* mechanism used to detect spam since it is a guessing scheme based on word weigthing over a historical sample set experienced by just one particular user. There are variations where you download a "community" driven database, like Outlook's junk filter; however, the weighting is based on a sample set that may not reflect the particular junk that you happen to get. There are also voting schemes, like Cloudmark, but then spam gets through until enough [trusted] community users have voted that the mail is spam so it will get through if it hits you while still new (i.e., not voted on yet or not enough votes yet), which is also a problem with the DNS blacklists (and why you need Bayesian or another scheme as a second filter).

I also use the MXblocking plug-in because I don't want mails sent from dynamically IP addressed hosts. Those are the hosts that are infected with trojan mailers. If someone wants to operate their own mail server then let them get a static IP address (and also maintain the PTR records so a reverse lookup shows they list the valid mail server hosts at their domain).

I used to use the HTML-Modify plugin but recent versions of e-mail client have an option to disable linked images. The plug-in was getting old and not updated by its author so the detection of old ploys for malware were no longer valid within the plug-in or already handled by firewalls, anti-virus, or e-mail/browser clients. Spammers quite using HTML, anyway, and most of anything that I see that leaks past my filtering is always text.

I still use the UserLogfile plug-in because that gives me a plain-text version of any e-mails that got tagged as spam and may get [permanently] deleted within my e-mail client's rules. Sometimes a false positive still occurs (and why Bayesian isn't perfect or why DNSBLs may point to someone who just got their IP re-leased but got a spammer's prior IP address) and it helps to have the text version as backup. Unfortunately the author didn't provide for auto-expiration of old saved plain-text copies of spam-tagged e-mails so I wrote up a .bat script to do that. The author used to have a link to it on his site. I probably could use robocopy from the Resource Kit or other 3rd party software to do the expiration.

Of course, I still leave the spam filtering option enabled on the mail server. There is no reason to waste downloading the spam and the CPU cycles disk space required to interrogate the e-mails to find the spam if the server can already do that upstream of my host. I consider any e-mail provider that does not provide an option to DISABLE their anti-spam filtering as a rude, uneducated, and egocentric service provider. I may not want their filtering if it generates lots of false positives or blocks from domains of my friends, so I will rely on my own spam filtering if their's sucks. Gmail is one of those rude providers.

I was getting an average of 120 messages per day. About 3 or 4 might leak past the DNSBLs and Bayesian filtering. Those were brand new spam that wouldn't yet be on the blacklists, were being sent by zombied hosts sending through static IP addressed mail servers, and happen to use content that wasn't weight yet or enough in the Bayesian database to catch them. Considering the blast of commercials on television, including cable, I consider these few to be more than acceptable, especially since no one is obviously getting the same effect at spam filtering that also visits Usenet.

The next anti-spam scheme that I'd like to add would be greylisting (http://en.wikipedia.org/wiki/Greylisting) but that has to be performed at the receiving mail server, not by a user's local e-mail client. Rejecting delivery for, say, an hour lets the DNSBLs get updated in time to detect the mail came from a spam source plus it would eliminate the zombied hosts since they don't bother to queue up and resend their spam. Obviously users should still be able to employ whitelisting to circumvent greylisting for known senders or trusted domains. If a sending mail server isn't willing to retry sending mails due to a first-time rejection then I don't want it.

Don't even get me started on the a-holes that are irresponsible uses of challenge-response mail providers or clients (and challenges sent by client can be detected from those originating from mail servers that issue them). If someone tosses their C-R challenge "turd" in my Inbox then I will either not reply to them (because it is someone that is going to get hurt by my lack of response) or I will reply to them so they get the response and end up seeing the spam that there were attempting to use me to filter out of their Inbox. Read http://spamlinks.net/filter-cr.htm#issues-harmful.

.

Relevant Pages

  • Re: IPCop for Small-Business Network: Web Proxy Usage
    ... >> If you are worred about spam, ... >>your network, and your mail server, and filters out ... the machines will be running Windows, ... Websense for web filtering, assuming it does not ...
    (comp.security.firewalls)
  • Re: How to filter spam based on message content?
    ... Please step away from the Dark Side of the spam filtering myths. ... The above lists combined are reported to stop over 80 to 90% of the spam ... unless you want to make a political statement about the sending mail server. ...
    (comp.os.vms)
  • Re: Plusnet Users
    ... because the rbl's my mail server uses is dropping them before they reach me though. ... I know you are busy in the customer feedback group fielding off the slings and arrows :-) It would be nice though if your spam thingy could ID and mark them all. ... filtering is enabled on all your addresses? ...
    (uk.people.silversurfers)
  • Re: anti-spam advice
    ... all the mail server operators that provide me with e-mail will not accept e-mail from known dynamic I.P. addresses. ... This is because some large ISPs have blocked them completely or have threatened to do so because they are fed up with spam delivery attempts from infected computers. ... A small number of people have trouble getting real mail servers off of the list because they can not pass the simple test of being able to read a message sent to either the postmaster or abuse address as indicated by the rDNS for the mail server. ... I would attempt to do the second stage filtering a little differently. ...
    (comp.os.vms)
  • MSF antispam info
    ... Spam and fraudulent e-mail messages are major issues for computer users ... Exchange Server, and Microsoft Exchange Hosted Filtering. ... and personalized spam protection while reducing false positives. ...
    (comp.mail.misc)