Thursday, September 23, 1999, 10:49:59 AM, Thomas wrote:
> Now, how do you actually set the filter to identify spam, i.e. make TB
> tell it apart from legitimate mail?
The one that I use which is actually quite simple takes some time to set
up but once done it works fine. It also takes a bit to understand how it
works, so I'll try to explain as best as I can.
Spam basically has one constant, they are usually large BCC lists because
spammers learned early on that people won't page through hundreds or thousands
of addresses in the TO or CC fields to get to the actual advertisement. It
quickly became a marker of spam. They want their advertisement front and
center in the smallest package possible to get it in front of your eyeballs
before you have a chance to delete it.
What all that means is that the messages are rarely addressed to you
directly *or* have any of the markers of mail that is destined to you. Those
markers are either your email address in the to/cc field (IE, direct
addressing), from people that you know (normally associated with direct
addressing) and either to/cc'd or bcc'd to a list you're on. The last one is
the tricky part.
I think that most people who use TB filter out mailing lists into separate
folders. These filters will activate and then stop. This forms the bases of
the spam filtering system. You simply create filters for everything that you
may get. It sounds like a lot of work, but if you're already filtering out
email lists, it is mostly over.
Step 1: Filter your email lists out and have those filters stop.
I'm not familiar enough with TB's internal filtering to say what is the
best way to filter mailing lists specifically, but in general, it is best to
filter on the "sender" header. That header tells you who sent the mail and
all reputable mailing lists will put in the list owner as the sender. For
example, here is the sender for this list:
Sender: [EMAIL PROTECTED]
Filter on that string and you will get list mail into the list folder.
Mail not for that list will not. This will work better than to/cc/subject
filters because it will only catch mail from the list server. The others will
catch mail which may be directed to you and CCd to the list, have the subject
of the list but be a private message, or miss it in the case of a BCC. The
last point is the important one.
Step 2: Filter out anyone that *may* send you BCC mail.
I generally put on close friends and relatives to this filter. It just
leaves mail in the inbox but stops filtering.
Step 3: Filter out anything that is directly addressed to you.
Again, spammers don't directly address anything. It takes to long for
individual messages and they don't want 20k worth of headers that people will
not skip past. That is why you see things like "[EMAIL PROTECTED]" and such.
So, if it is addressed directly to you, chances are it really is to you. Stop
filtering again.
Step 4: Create a filter that is after all other filters. If it hits this
filter, move the message to a spam folder.
So here are the 4 steps in something of a logic diagram?
Is it from a list? If yes, stop. If no, continue.
Is it from someone I know? If yes, stop. If no, continue.
Is it directly addressed to me? If yes, stop. If no, continue.
Possible spam, move to a separate folder.
When I was beta testing for PMMail in '97 I developed that series of
filters. In the time that I used them from late '97 to early '99, about a
year and a half, I saw *maybe* a grand total of 10 spam ever hit my inbox.
That is less than 1 a month. During the same time frame it would catch an
average of 3-5 a day. Furthermore, *all* false hits were because I had not
added a filter for a mailing list when I signed up for it. IE, operator
error. So the end result, using the rough estimates is 2190 spam blocked in
15 months, 10 let through, for a total blockage of 99.54% of all spam to my
account with a 0% false-hit rate when you remove those due to my own laziness
(which is why I filtered to a folder, not straight to the trash).
TB does offer something nice that PMMail does not which is the ability to
limit the contents of a folder by age and/or a message number limit. What you
can do is create a spam filter to move all the hits into, set it to delete
after 14 days, and let it sit. Check it once a week for false-positives
(trust me, easier to look for legit mail in a sea of spam than the reverse)
and let TB take care of deleting them for you.
Of all the methods of blocking spam that I have seen over the years, this
is the one that I advocate the most. Not because I came up with it (albeit
independently, I'm not saying I'm genius enough to be the only person to think
of it) but because it places the responsibility and control in the hands of
the end user. I've worked for ISPs for over three years now. I had a six
month stint as a postmaster at a regional ISP. I really don't like the idea
of the ISP doing the blocking because any false positives that are hit are
lost. In this method each user (IE, you) can decide what to do with the false
positives. Not only that, but it is highly accurate for each individual. I'm
not BSing about the accuracy being >99%.
--
Steve C. Lamb | I'm your priest, I'm your shrink, I'm your
ICQ: 5107343 | main connection to the switchboard of souls.
-------------------------------+---------------------------------------------
--
--------------------------------------------------------------
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To Unsubscribe from TBUDL, click below and send the generated message.
<mailto:[EMAIL PROTECTED]>
--------------------------------------------------------------
