SpamAssassin 3.0 Released 335
davemabe writes "At long last, SpamAssassin 3.0.0 has been released. I've been using the release candidates for a month or so, and the results have been far improved over previous versions. Its use of SURBL along with Bayes auto learning make it seem like this solution is the one to beat. It looks like they've introduced a new logo as well. Snazzy!"
Re:SURBL (Score:4, Insightful)
A spam arms race? (Score:5, Insightful)
Re:SURBL (Score:3, Insightful)
Does it use IP's or URI's ? (Score:5, Insightful)
I would rather extract the domain, look up the IP, and check the IP.
That way the server will have to move to a new IP - not just get a new bogus domain name.
Yes, I know that servers many host many domains:
This will only increase pressure on the spamheaven server admins to get rid of the people who use spam to spamvertize their sites.
Re:SURBL (Score:4, Insightful)
Curse you ISP! (Score:2, Insightful)
Sigh. Now I have to fight with my ISP to get a semimodern version of Perl installed.
Re:Improved Performance? (Score:1, Insightful)
Re:anto-spam (Score:1, Insightful)
and humans don't make mistakes? I'll give you 1,000 messages - lets see if you don't hit delete by mistake...
Re:actually i've always felt their name's not righ (Score:3, Insightful)
fillters vs. stallers (Score:4, Insightful)
what we need is not spam filters but spam stallers.
With spam filters your just precipitating in a arms race.
The spammers will send more and more spam
and your spam filters will use more and more
of your processor time to filter the spam.
It is a uphill battle against the spammer.
With spam stallers like sa-exim and tarproxy
your are stalling the spammers smtp connection
and the effect is that the spammer can't send
as much spam or that they drop you email from there email database.
Re:SURBL (Score:1, Insightful)
i am not aware of any user that has no spam filer or would even consider buying something from a spammer, and nevertheless i recieve 200 spam mails a day.
Re:SURBL (Score:4, Insightful)
<rant>
You know, if we just dropped the whole notion of using HTML in e-mails, and only allowed plain text most of this would never have happened in the first place.
</rant>
Re:fillters vs. stallers (Score:2, Insightful)
Re:fillters vs. stallers (Score:2, Insightful)
What you are likely doing is pissing off the people who are willing to forward your mail to you, and they may decide to just drop all of your mail instead of being screwed with.
Re:A spam arms race? (Score:2, Insightful)
Its kinda like The Club(tm). Its just enough to make the spammer go to the other car, so to speak.
Re:Does it use IP's or URI's ? (Score:3, Insightful)
Which is fine with me.
Re:still waiting for spammerassassin (Score:3, Insightful)
from a legal dictionary [law.com].
murder
n. the killing of a human being by a sane person, with intent, malice aforethought (prior intention to kill the particular victim or anyone who gets in the way) and with no legal excuse or authority...
No worries, spammers don't qualify as human.
Installing on Windows....you're kidding, right? (Score:5, Insightful)
I'm probably going to flamed for this, but that install process is ridiculous. I'm not even close to being a newbie, but there's no way I'd go through that much hassle to install a spamblocker compared to something like SpamBayes that does a standard windows install and hooks right into Outlook. Does anyone thing that these things are reasonable?
1. I'm supposed to extract it to the root of my drive. Sorry, my root is sacrosanct. If the
2. I've got to install Perl modules? And it doesn't work with certain versions of Perl? The install should include whatever it needs to run. Don't make me track down some particular version of outside software.
3. I've got to generate a batch file and run it to generate the documentation? Why not just include the generated documentation?
4. Step 10 of the install FAQ mentions a D drive. I don't have a D drive. Does SpamAssassin really require TWO drives to run/test properly?
5. The whole install process includes 13 steps, some of which are fairly complicated.
This is one of the reasons why the whole open-source initiative has such a bad, pointy-headed reputation. Where is the focus on usability and user-friendliness? I often get the impression that it's "not cool" to actually put time and energy into making your software anything other that esoteric in its usage. I realy would like to try SpamAssassin, but dealing with the minor annoyances of SpamBayes for the next six months is clearly less work than installing SpamAssassin today. Why doesn't that bother anyone?
I'm probably going get either flamed or ignored for this post, but I would appreciate a reasonable response if there is one. We'll see I guess.
Re:SURBL (Score:4, Insightful)
Which is fine. There are two defenses, both of which work now: 1. Javascript in a message is a big spam flag; legit mail almost never uses it. SpamAssassin and most other hybrid systems assign mail a score, more points means more likely to be spam. HTML typically adds a small penalty, javascript adds a bit penalty. Bayesian systems that see the Javascript will quickly learn to penalize any javascript tags. 2. The filter can filter based on what the user sees, not the raw feed. SpamAssassin already does this to catch people using HTML to try and break up words.
All in all, this isn't worrying to me at all.
Re:Does it use IP's or URI's ? (Score:5, Insightful)
You're not blacklisting; you're marking as "more likely spam". In practice the damage will be minimal. First, legit email from the other 399 domains will in general be non-spam-like. The positive hit on the IP address won't be enough to push them over the edge. The penalties for being found in the SURBL at the moment are all relatively small, all less than 1 (5 points are needed in the default configuration to mark a message as spam). The only exception is data from the Spam Cop database, which is fairly small and more carefully vetted. If they broaden from hostnames to IPs, you might have to tweak the scores down, but that's it. Second, what's the realistic chance of your getting email containing a URL linking to that IP? There are millions of web sites. The Big Important Web Sites aren't on the sort of massive shared server you describe. The chances that you'll get an email mentioning one of those smaller sites is pretty small. There is a risk, but it's small enought that I won't lose any sleep over it.
Re:fillters vs. stallers (Score:3, Insightful)