> If all we can do is filter the turkey with SA and not shut him down, then what > is the use of it?
I always thought that if you implement a decent filtering system and have it (or similar systems) installed across a wider base, you limit the number of spams that make it to the end-user, thus decreasing the effectiveness. Unfortunately, I don't think this trend has had much of an effect on spammers and if nothing else, they have simply increased the volume of junk and resorted to exploiting certain aspects of known filters to get around them. > I am beginning to think that the collective efforts of many organizations to > shut down spammers is a dismal failure. I have been doing the anti-spam thing > for a real long time and, if anything, the spam has steadily increased over > the years rather than decreased. Until radical changes are made to the > infrastructure of the internet to shut down open relays and proxies as well as > header validation spam will continue. The spammer that sent this spam claims > to be bullet proof. I suspect that with sufficient funds, he is telling the truth. I would agree about the infrastructure. SMTP is an old standard. Hell, it's almost as old as I am (that tells you something of my youth, I suppose). Unfortunately, it was designed back when the Internet was a much friendlier place when relays were common. Now, it is a sin to operate a relay. What's worse is that most of the open relays I receive spam from seem to be DSL subscribers who just installed Microsoft's SMTP services and didn't know WTF they were doing (well, it is Windows...). That means there are two options: Help users get a clue about what they're doing or change the infrastructure to be spam unfriendly. I don't know about you, but to me both options are nearly impossible. The first is unlikely and the latter is costly. So, we have to do what we have to do -- run filters. It may not be a perfect solution but it is a solution nevertheless, and with projects like SpamAssassin, I think we as a community are heading in the right direction. Simply throwing your hands up into the air and declaring everything as a failure is giving in to the problem. That's not what we're here for. That's not what has made the Internet as great as it is. What makes it great are the countless hundreds (even thousands) of wonderful, brilliant people from around the world who get together to collectively solve a problem. Denying that of all things alone should be blasphemy... > Rule 1: Check incoming mail against a whitelist (based on From, To, and/or > Subject). If in whitelist, pass it on, and stop checking. Whitelists are effective but they are a pain for the average user to use. Remember, we're talking about people who think that the "little thingy you put CDs in" doubles as a cup holder. If you ask them to take an extra step just to receive e-mail from a friend, they'll probably do without e-mail. On the other hand, they will also be the first to complain about receiving 300 pieces of junk e-mail per day because they plastered their address all over the Internet thinking they could get something for free (first mistake) or chose a very common name for their e-mail address (second mistake). It's a lose-lose situation if you look at it *that* way. > Rule 2: Check incoming mail against a blacklist (based on From, To, and/or > Subject). If in blacklist, discard, and stop checking. I thought that's what RBL was for. And Razor (though not *really* in the same sense of a blacklist)... > Rule 3: Check incoming mail against the SA hit level. If above a Hit level, > move the mail to a spam folder for manual checking, and stop checking. Over > time, this rule should refine the whitelist and blacklist and could be changed > to simply discard. I already do this. Since I'm using Outlook Express and am too lazy to put anything else on this system (this is my work system anyway), I have to filter by subject tag. It works. It's called deleted items... > Rule 4: Check incoming mail against the SA hit level. If equal to or below the > Hit level, forward the message back to the from or reply to address with the > following message, > > "Your email is being returned by an automatic spam detection system. If you > still wish to send this message to the recipient, please add the following > code XXXNNN to your subject line and resend the message. We apologize for any > inconvenience this may cause you; however, it is necessary due to the large > amount of spam now found on the internet. Once this process if completed, your > address will be added to a list of valid addresses and you will not need to do > this again." I don't know about that... I've had calls from several users who have received messages similar to this because they sent e-mail to a friend on a service that uses a whitelisting mail filter. They didn't know what to do. This equals more time I have to spend helping them figure out how to reply to a message they don't understand in the first place... Besides, autoresponders are a sore topic with me after I whined to the list yesterday about one. Just ask Simon -- he had to listen to my silly jaw flap on about this sort of thing yesterday! He knows how to write *real* autoresponders anyway -- ones that don't send numerous messages to lists when they otherwise shouldn't. That's my $0.02. The last article I read citing Jupiter research claimed per-user spam has been doubling every 42 days. I'd almost believe it... And would you look at that, no sooner do I reply to this than another "Learn to Spam" mail message comes in... The thermonuclear path is really starting to look tempting by now. ~Benjamin ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk