Hi,
I have for some time used 'spambouncer'
http://www.spambouncer.org/
which despite being useful is I feel not too good at catching spam. I
know spamassasin does a better job. However, spambouncer has one very
useful feature, which is sufficient to prevent me changing to
spamassasin. With spambouncer it is possible to send an automatic
reply to messages considered as spam, with the request to insert a
password in the subject line if they are not spam.
Despite getting literally 1000's of spams (~100/day and with the
recent worm 14,000 over 3-days), I've only ever had two spammers
contact me by that means - and one was only semi-spam (since I'd dealt
with the company before). The second one actually wanted to know what
software I was using, claiming to have "accidentally spammed me"!
As such I think the ability to do that would be really useful. I'd
suggest it worked something like this.
1) You receive a message which is considered spam.
2) An automatic reply is sent to the sender. The automatic reply has a
few lines at the top something like:
"My anti-spam filter thought your message was spam. If it was not
spam, will you please reply putting the $password anywhere in the
SUBJECT line, so I can then receive the mail. Make sure $password in
the subject line - putting it in the body will have no effect."
The rest of the original message then follows, without the normal
chevrons if possible.
3) A non-spammer gets the automatically generated reply, adds the
password in the subject line.
4) Any replies get automatically added to a 'whitelist' of
non-spammers who you accept email from.
Experience has shown me.
a) It's not necessary to change the password often - in fact, I never
did, since only two people ever used that method to send me spam. You
could of course use a one-time-only password, but I don't think that
is necessary.
b) Some of the autogenerated replies you send then bounce back to you,
since the sender's address is invalid. But you just arrange them to go
in their own folder, or /dev/null.
c) Spoofed emails, where the sender's address is valid, but not the
person who sent the mail was never an issue since spambouncer could
detect most of them.
I think a combination of the better spam detection facilities of
spamassassin, with those from spambouncer, would make an excellent
anti-spam filter.
--
Dr. David Kirkby Ph.D CEng MIEE
Author of 'atlc' http://atlc.sourceforge.net/
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
