I'm wondering what anti-spam tools are around and how they really work.
How truthfully do they remove spam and whether there's always a danger
of an important email being labelled as spam ?
I'm building a small email website to be hosted on Linux.
Any comments, experiences?
Mike
On comp.mail.misc, in
<1115574624.738768.253790@f14g2000cwb.googlegroups.com>,
"siliconmike" wrote:
> I'm wondering what anti-spam tools are around and how they
> really work. How truthfully do they remove spam and whether
> there's always a danger of an important email being labelled as
> spam ?
>
> I'm building a small email website to be hosted on Linux.
>
> Any comments, experiences?
>
> Mike
This group is monitored by some of the nastiest spammers
on the Internet.
Any attempt to carry on an educated and honest discussion
of this subject would result in us being hammered by
their sock-puppets.
They'd have you so confused that you wouldn't be able
to tell up from down, which would be their entire
purpose.
They all like the conventional spam filters because
they are the world's foremost experts in their use,
and can, and do, beat them all the time, forcing
users, as you point out above, to take extreme measures
that result in desirable mail being classified as
spam.
So you have to spend half of your life looking through
directories filled with spam for mis-classified mail and
up-dating your filter.
It's stupid.
I get no spam at all. And no one I want to hear from
has any problem reaching me. I don't ever have to
update anything but my passlists, which is a no-brainer
that takes a few minutes a week.
See the URL in my sig and mail me if you have any
questions.
Now, I am killfiling this thread. I won't see any
further posts on it.
Let the gibbering spammer sock-puppets do their
thing.
They can't send their shit to my mailboxes and it
drives them crazy.
AC
--
alanconnor AT earthlink DOT net
Use your real return address or I'll never know you
even tried to mail me. http://tinyurl.com/2t5kp
This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
--=_mimegpg-commodore.email-scan.com-7117-1115590456-0001
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Beavis writes:
> This group is monitored by some of the nastiest spammers
> on the Internet.
Don't be so hard on yourself, Beavis. You're not nasty, you're just acting
out your part of the Usenet Beavis.
> Any attempt to carry on an educated and honest discussion
> of this subject would result in us being hammered by
> their sock-puppets.
FAQ question #5, below.
> They'd have you so confused that you wouldn't be able
> to tell up from down, which would be their entire
> purpose.
You're our beacon of clarity, Beavis.
> It's stupid.
>
> I get no spam at all. And no one I want to hear from
> has any problem reaching me. I don't ever have to
> update anything but my passlists, which is a no-brainer
> that takes a few minutes a week.
FAQ question #8, below.
> Now, I am killfiling this thread. I won't see any
> further posts on it.
FAQ question #6.
*SPANK*
FAQ: Canonical list of questions Beavis refuses to answer (V1.20)
This is a canonical list of questions that Beavis never answers. This FAQ is
posted on a semi-regular schedule, as circumstances warrant.
For more information on Beavis, see:
http://angel.1jh.com/nanae/kooks/alanconnor.shtml
Although Beavis has been posting for a long time, he always remains silent
on the subjects enumerated below. His response, if any, usually consists of
replying to the parent post with a loud proclamation that his Usenet-reading
software runs a magical filter that automatically identifies anyone who's
making fun of him, and hides those offensive posts. For more information
see question #9 below.
============================================================ ================
1) If spammers avoid forging real E-mail addresses on spam, then where do
all these bounces everyone reports getting (for spam with their return
address was forged onto) come from?
2) If your Challenge-Response filter is so great, why do you still munge
when posting to Usenet?
3) Do you still believe that rsh is the best solution for remote access?
(http://tinyurl.com/5qqb6)
4) What is your evidence that everyone who disagrees with you, and thinks
that you're a moron, is a spammer?
5) How many different individuals do you believe really post to
comp.mail.misc? What is the evidence for your paranoid belief that everyone,
except you, who posts here is some unknown arch-nemesis of yours?
6) How many times, or how often, do you believe is necessary to announce
that you do not read someone's posts? What is your reason for making these
regularly-scheduled proclamations? Who do you believe is so interested in
keeping track of your Usenet-reading habits?
7) When was the last time you saw Bigfoot (http://tinyurl.com/23r3f)?
8) If your C-R system employs a spam filter so that it won't challenge spam,
then why does any of the mail that passes the filter, and is thusly presumed
not to be spam, need to be challenged?
9) You claim that the software you use to read Usenet magically identifies
any post that makes fun of you. In http://tinyurl.com/3swes you explain
that "What I get in my newsreader is a mock post with fake headers and no
body, except for the first parts of the Subject and From headers."
Since your headers indicate that you use slrn and, as far as anyone knows,
the stock slrn doesn't work that way, is this interesting patch to slrn
available for download anywhere?
10) You regularly post alleged logs of your procmail recipe autodeleting a
bunch of irrelevant mail that you've received. Why, and who exactly do you
believe is interested in your mail logs?
11) How exactly do you "enforce" an "order" to stay out of your mailbox,
supposedly (http://tinyurl.com/cs8jt)? Since you issue this "order" about
every week, or so, apparently nobody wants to follow it. What are you going
to do about it?
12) What's with your fascination with shit? (also http://tinyurl.com/cs8jt)?
--=_mimegpg-commodore.email-scan.com-7117-1115590456-0001
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQBCfo84x9p3GYHlUOIRAqgVAJ9JDGfQ+gnKdafSfgD8S87PnSyX3QCf bvy7
zJaA/WjG6LdDMjMK6hBcMvI=
=4B7H
-----END PGP SIGNATURE-----
--=_mimegpg-commodore.email-scan.com-7117-1115590456-0001--
>I'm wondering what anti-spam tools are around and how they really work.
>How truthfully do they remove spam and whether there's always a danger
>of an important email being labelled as spam ?
>
>I'm building a small email website to be hosted on Linux.
>
>Any comments, experiences?
>
>Mike
Mike
There are a couple of solutions around. I try to cathegorize them as I
see it
a) DNS Blocklist based e-mail rejection. There the sending IP is
checked against configurable blocklists. This is often used by ISP's
for the simple reason that rejecting mail from certain sources is
relatively easy and saves local resources since the mail itself must
not be processed. The drawback of this method is (IMHO) not too
effective if you don't want lot's of false positves.
b) Greylisting. To oversimplify it a bit, unknown senders are first
quarantained to see if the same message is sent again. This is done to
distinguish PC's using ratware to send out spam from real mail servers
which DO resend mail that could not be propperly delivered in
previoius attempts. It's said to be very efficient if propperly done.
c) Content filtering. This method can be very very good IF the
flitering is good. It can be a nightmare if the filtering is bad.
Popular representant is probably spam assasin. IMHO the drawback of SA
is that it requires constant tuning and fiddling, but that's a
statement I probably get beaten to dead here :-) There are really
powerfull methods of content filtering i.e. filtering for spamvertised
domains & webservers, digital fingerprinting etc. etc. See my coments
at the end.
d) challenge response systems. At a simplistic first view, they may
seem like a good solution. In fact they are not because they are
actually asocial in that the problem is put back on the comunity. A
non whitelisted new sender get's a challenge back to which he must
respond. From the point of view of the owner of such a system, the
problem are first contacts that are senible in their nature (new
customers, elder people, people with diabilities to follow the
sometimes really crazy ways to get "aproved" etc.). Providing a simple
clickable chalenge is obviousely not enough once the method would be
widely enough used since spammers soon would find methods to auto
aprove those messages. That's why such systems sometimes use quite
funy ways to aprove senders which is where the problem lies from the
point of view of the operator of this system. From the point of view
of the comuity theses systems are actually very dangerous. This is
because the wast majority of mail these days is spam and worm mails.
They always use forged mailadresses. What happens is that almost all
mail traffic would be doubled and inocent users would be happy winners
of nice C/R aproval mails. The freaks argue that they filter mail
first so well that C/R's are sent out only on rare ocasions. Well,
this raises the question why is the method is used in the first place
if filtering works so well....
Anywyas, I can't resist so here we go:
At NCT-Technology ( www.nct-technology.com ) we use a mixture of
several methods. It (ok, among those people not requireing medication)
seems to be common sense that using several methods in paralell is
giving the best results. We use acutally primarily filtering (case 'c'
in list above) but otherwise pull all registers. The devices we
manufacure also support DNS blacklisting, but more to have the feature
on the feature list than because we think it's so cool. Anyways, we
detect rumpelstilz attacks, support maintaining honeypots and most of
all filter. We use a single pass html & text parser which detetcs all
kind of reall and obfouscated urls, mail addresses and also supports
scanning the text stream and at the same time also does digital
fingerprinting. That said, the air for spammy is not really only thin,
there is no air left. We have extremly good detection rates (>99%) and
because no woodo kind of detection is made there are no false
positives. Since we filter, people who want to mail towards such a
device don't have to go through hops provided their mail is legit.
Btw, our Embedded E-Mail Server can also be configured to be a relay
server in front of existing servers in order to filter viruses and
spam. Should you be intersted to hear more feel free to ask
HTH
Markus
On Mon, 9 May 2005, Markus Zingg wrote:
> There are a couple of solutions around. I try to cathegorize them as I
> see it ....
>
> d) challenge response systems. At a simplistic first view, they may
> seem like a good solution. In fact they are not because they are
> actually asocial in that the problem is put back on the comunity. A
> non whitelisted new sender get's a challenge back to which he must
> respond. From the point of view of the owner of such a system, the
> problem are first contacts that are senible in their nature (new
> customers, elder people, people with diabilities to follow the
> sometimes really crazy ways to get "aproved" etc.). Providing a simple
> clickable chalenge is obviousely not enough once the method would be
> widely enough used since spammers soon would find methods to auto
> aprove those messages. That's why such systems sometimes use quite
> funy ways to aprove senders which is where the problem lies from the
> point of view of the operator of this system. From the point of view
> of the comuity theses systems are actually very dangerous. This is
> because the wast majority of mail these days is spam and worm mails.
> They always use forged mailadresses. What happens is that almost all
> mail traffic would be doubled and inocent users would be happy winners
> of nice C/R aproval mails. The freaks argue that they filter mail
> first so well that C/R's are sent out only on rare ocasions. Well,
> this raises the question why is the method is used in the first place
> if filtering works so well....
In C/R, you forgot to mention one important point: Often, for a challenge (in
such a system) to be meaningful to a person, it should include some portion of
the original message - and thus a C/R system can be used to actually SPAM:
The spammer sends to a known C/R operator using the forged address of his
intended recipient as the sender's ID to a C/R'ed mailbox. The spammer knows
where in his message to place his "spam payload" by having a test message
challenged back to him. When the spam is challenged, the C/R system is the
source responsible for spamming the target person (who is mistaken for the
originator due to address forging). This means that a C/R system is equivalent
to an open relay for the spammer to use, just like any other compromised
system. C/R proponents repeatedly FAIL to recognize this design flaw.
This is why challenges from C/R systems are themselves classified as spam.
PS: Your posting would probably not pass muster as there are many misspellings
and spammers have lately resorted to massive misspellings in their drivel in an
attempt to defeat content-based filters.
>In C/R, you forgot to mention one important point: Often, for a challenge (in
>such a system) to be meaningful to a person, it should include some portion of
>the original message - and thus a C/R system can be used to actually SPAM:
>The spammer sends to a known C/R operator using the forged address of his
>intended recipient as the sender's ID to a C/R'ed mailbox. The spammer knows
>where in his message to place his "spam payload" by having a test message
>challenged back to him. When the spam is challenged, the C/R system is the
>source responsible for spamming the target person (who is mistaken for the
>originator due to address forging). This means that a C/R system is equivalent
>to an open relay for the spammer to use, just like any other compromised
>system. C/R proponents repeatedly FAIL to recognize this design flaw.
>
>This is why challenges from C/R systems are themselves classified as spam.
Thanks for the hint. The other methods also would deserve more details
but there are limits of what makes sense in usenet posts.
>PS: Your posting would probably not pass muster as there are many misspellings
>and spammers have lately resorted to massive misspellings in their drivel in an
>attempt to defeat content-based filters.
One of the reasons why I like our filters where spelling does not
matter - only clear criterias like domain names, e-mail adresses and
digital fingerprints.
Not only spammers make misspellings. :-) English is not my native
language, I try to do the best I can.
Markus
Alan Connor wrote:
> On comp.mail.misc, in
> <1115574624.738768.253790@f14g2000cwb.googlegroups.com>,
> "siliconmike" wrote:
>
>
>>I'm wondering what anti-spam tools are around and how they
>>really work. How truthfully do they remove spam and whether
>>there's always a danger of an important email being labelled as
>>spam ?
>>
>>I'm building a small email website to be hosted on Linux.
>>
>>Any comments, experiences?
>>
>>Mike
>
>
> This group is monitored by some of the nastiest spammers
> on the Internet.
Alan-It's time for your injection again.
>
> Any attempt to carry on an educated and honest discussion
> of this subject would result in us being hammered by
> their sock-puppets.
Look how bad your paranoia is getting without your medication Alan.
>
> They'd have you so confused that you wouldn't be able
> to tell up from down, which would be their entire
> purpose.
That's due to your increasing loss of grey matter.Taking your medication
will halt that loss Alan.
>
> They all like the conventional spam filters because
> they are the world's foremost experts in their use,
> and can, and do, beat them all the time, forcing
> users, as you point out above, to take extreme measures
> that result in desirable mail being classified as
> spam.
Once we have stabilised your psychosis we will give you something for
your chronic OCD .
>
> So you have to spend half of your life looking through
> directories filled with spam for mis-classified mail and
> up-dating your filter.
Just like you keep looking for princess xena and bigfoot under your bed.
Medication can cure these delusions if only you will take it.
>
> It's stupid.
Oh dear the delusions of grandeur are getting worse. You have an IQ
barely in double figures and yet in your psychotically demented state
you see the rest of the world as being stupid.
> Popular representant is probably spam assasin. IMHO the drawback of
SA
> is that it requires constant tuning and fiddling, but that's a
> statement I probably get beaten to dead here :-) There are really
> powerfull methods of content filtering i.e. filtering for
spamvertised
> domains & webservers, digital fingerprinting etc. etc. See my coments
> at the end.
Thanks for mentioning Spam assassin. I checked it out. Since what I'm
looking for is free software, I think I'll go for it. And since it's
open source we can hope for it to evolve to diminish the drawbacks.
Mike
Post removed (X-No-Archive: yes)