Thread: Best spam filter?
View Single Post

  #3 (permalink)  
Old 01-16-2004
David Cheatham
 
Posts: n/a
Default Re: Best spam filter?
Alan Connor <zzzzzz@xxx.yyy> wrote in message news:<lNLNb.12503$zj7.6886@newsread1.news.pas.eart hlink.net>...
> On 15 Jan 2004 21:23:47 -0800, Ason Asesh <aasesh@cpu-technologies.com> wrote:
> >
> >
> > What would you say is the best SPAM filter? SpamAssasin? or is there
> > another product that is as good or better?
> >
> > My email address - pick it up SPAM bots :)
> > aasesh@cpu-technologies.com
>
> The best STRATEGY for controlling your mailbox is:
>
>
> YES Pass-List
>
> first get all the mail from friends and businesses and mailing lists
> safely in your inbox

Normal people call this a whitelist. Spamassassin can do this easily.
In fact, it will autowhitelist people if you keep receiving legit mail
from them.

But whitelisting a losing battle...whitelist the people who regularly
get classified as spam, and just be sure to run typical message
through spamassassin's Bayesian learning.

> NO Content-Filter like SpamAssassin
>
> to weed out the stuff you KNOW is spam

Alternately, just put the tags in there and let your client (or
procmail) classify it into another folder.

> MAYBE Challenge-Response
>
> send a note to everything that gets past the above asking them to
> paste an included password on the subject line and send it back.
>
> if the address is a forgery, then it doesn't come back
> and you know it's spam or worse.

Unless the person who's being forged get so damn pissed at everyone
forwarding spam to them that they confirm it, which I do whenever it
happens to me.

It's not my job to filter your spam for you. No one has the right to
forward random messages 'back' to me when they don't know if I sent
them or not.

> (use the Reply-To address first, and the From: address second)

Warning, warning, warning.

Do not listen to Alan Connor, he is completely insane.

You should not send bounces or delivery failures messages to Reply-To
or From, *ever*. Delivery failure messages go to the envelope,
*always*. (Or, arguable, the depricated Errors-Tos header, which
someone pointed out the last time I was here.)

Alan's system will do stupid things like send C/R confirmations to
mailing lists. (In fact, his system is so screwed up that a message
can be forged to it to cause it to do confirmed opt-in to a mailing
list.)

This is in *addition* to C/R being a bad idea overall.

> Procmail can do all of the above, including calling SA, easily.

Or maildrop, or whatever you want to use. Spamassassin can run as a
daemon, too, which is a lot faster than starting perl each time.
Reply With Quote