Date: Mon, 10 Oct 2005 23:34:03 -0400 To: WSFA members <WSFAlist at WSFA.org>, WSFA members <WSFAlist at WSFA.org> From: "Mike B." <omni at omniphile.com> Subject: [WSFA] Re: Spam filtering (was Re: Capclave) Reply-To: WSFA members <WSFAlist at WSFA.org> At 05:18 PM 10/10/2005 -0400, Keith F. Lynch wrote: >"Mike B." <omni at omniphile.com> wrote: >> Any spam filter that discards, unless ordered to by the recipient, >> is seriously broken. > >Early last year, I reluctantly switched from automatically accepting >all email I couldn't find a reason to discard, to automatically >discarding all email I couldn't find a reason to accept. If the recipient orders it, that's fine. My comment was for software, or services, that discard automatically by default. >I'm open to suggestions for better alternatives. Check out SpamAssasin. It's open source, so you can swipe parts for your own system, or port it to whatever you are running. It's a rule-based anti-spam program that can have rules added for all sorts of complex things...headers, body text, network info, etc.. If properly configured it does a pretty decent job of catching real spam without many false positives. http://spamassassin.apache.org/ Services like SpamCop (http://www.spamcop.net/) will filter your mail for you if you like, or privide you with block lists based on user reports of spam. (http://www.spamcop.net/bl.shtml) Some sites will block mail from dynamically allocated IP ranges. In many cases the reverse lookup of these will include the word "dialup" in the DNS name. The company I work for has a very good anti-spam program called Precise Mail Anti-Spam Gateway. It's not an end-user system, but intended for use at the server end. I got only 10 spams in September at my work address. I've got it set up to send me a "digest" of the messages it has quarantined (one message with all the stuff received in the last 6 hours or so...just the From:, To:, Subject: [WSFA] and a link in case I want to release it from quarantine). Anything left in quarantine automatically gets deleted in two weeks, or I can tell it to do so at any time. It also supports black lists and white lists, and anything it quarantines or lets through has some extra lines added to the header stating what rules triggered the "might be spam" rating assigned. There's a web interface for dealing with settings or for viewing the current quaranting too. We provide rule updates so that shifts in the tactics of the spammers don't work for long. I doubt anyone on this list will want to spend that sort of money though, even if they do run their own mail server. Spam Assassin works similarly, but is free if you want that sort of thing. There's another system I saw a while back that sounded good and might work for you...or not with your volume of spam. It was also free, but I forget the name at the moment. I can hunt down the details if it sounds interesting. The basic idea is that all mail received is quarantined if it isn't from someone on the white list. When mail is quarantined, an automatic response is sent to the sender, asking them to reply to it. If they do, their address is added to the white list, and they aren't bothered again. If they don't, the original message is deleted after some period of time (configurable). Since spam generally comes from an automated mailer and the return address is a lie, they won't get the response, won't reply to it, and won't get their message released from quarantine and it will be deleted unread eventually. I can see ways for spammers to get around this, but only by providing a real return address, and a slight modification to the procedure would preclude automated methods of getting around this. You can also manually add addresses to the white list BTW, so you can permit listservs and other automated mailings that you *want* to see. >> Tagging and quarantining is fine, but automatic deletion is not >> advisable at all, ... > >Panix allows only 75 megabytes. Even if I stored nothing else on my >Panix account, spams would fill those 75 megs in well under an hour. You get far more spam than I do. I get 20-30 a day, and they are easy to identify from the subject lines and delete unread. At the moment they are most interested in Canadian drugs and imitation Rolexes. I guess they've finally realized I really don't want larger breasts and am not impotent. In the past I've used "throwaway" addresses (aliases), and I do still get spam sent to some of those that I haven't used in several years (several hundred or so a day to those and to every-name-you-can-think-of at my-domain.com. I never see it though, as it just bounces...those addresses aren't valid. I just see the summary reports every day. >> The problem is that many viruses and worms use addresses stored on >> infected machines to find more machines to attack. The addresses >> can be in the address book, in mail in the mail folder, or even in >> random disk files. > >True. I blame Bill Gates. He and his company are certainly a major part of the problem, but the idealistic types who created the internet protocols share some of the blame, as do others (particularly those who take advantage of the openness of the net to prey on everyone else). In theory the masses of people who bought his lousy software should share some of the blame too...at least the ones in the beginning who were professionals and should have known better. These days many people have to buy it for compatibility...though with Linux and things like Open Office, this need is less and less important all the time. There has been a serious suggestion made that e-mail require "stamps"...i.e. that sending a message through the internet backbone result in some small cost to the sender. It wouldn't have to be much...even a thousandth of a cent might do it. For you and me that might amount to $1 a year or so, and for WSFA maybe a few times that for this list and other dealings (if we continued doing things this way rather than some other method), but for a spammer who sends out literally tens of millions of spams a day, it would mount up fast. The main problem with this, other than outcries from the general internet community, is how to implement it...who pays, and to whom? It's not as simple a problem as some would like to believe...and once in place it would be easy to abuse it to generate extra revenue for those in a position to do so. Another solution would be a new protocol that requires passwords between servers so one could set up a trusted mail network with it's own rules of what is allowable and no anonymity in who is doing the sending. Spammers and spam-supporting sites could be easily cut out of such a setup. This would tend to fragment the net though, as well as being a management nightmare, and probably wouldn't be acceptable to most. -- Mike B.