SpamAssassin 3.0 Released

davemabe writes "At long last, SpamAssassin 3.0.0 has been released. I've been using the release candidates for a month or so, and the results have been far improved over previous versions. Its use of SURBL along with Bayes auto learning make it seem like this solution is the one to beat. It looks like they've introduced a new logo as well. Snazzy!"

Re:SURBL

[Mr Guy]

I would imagine the javascript would flag it highly suspicious on that basis alone.

A spam arms race?

[zaxios]

And will SpamAssassin's effectiveness erode as spammers adopt smarter methods in response? Escalation is not a long-term solution to any arms race or conflict. We can continue to fight spam, but the only way we will decisively defeat it is by acknowledging it as a social problem and legislating against it, with an common sense certainty and determination no one in Western goverments seems to be providing.

Re:SURBL

[PhotoBoy]

Can you run javascript inside emails? I thought even Outlook and Outlook Express would be blocking that by now?

Does it use IP's or URI's ?

[NKJensen]

From the SURBL site: "parse URIs in message bodies, extract their domains, and check those against a SURBL...."

I would rather extract the domain, look up the IP, and check the IP.

That way the server will have to move to a new IP - not just get a new bogus domain name.

Yes, I know that servers many host many domains:

This will only increase pressure on the spamheaven server admins to get rid of the people who use spam to spamvertize their sites.

Re:SURBL

[thing12]

I'm not aware of any (modern) mail clients that execute javascript, so what would be the point of sending an email with js links?

Curse you ISP!

[Anonymous Coward]

"Perl v5.6.1 required"

Sigh. Now I have to fight with my ISP to get a semimodern version of Perl installed.

Re:Improved Performance?

[Anonymous Coward]

This is a point I'd like to carry out a bit. I hate to be a whiner though, so I'll do it AC. But why isn't there a simpler install for Linux users. I resorted to using SpamPal on Windows boxes and just getting my mail on them and it works great. In fact, it's one of the last things I keep a Windows machine around for. I mean how twisted can it get, I use Linux desktops for almost everything but mail? That's totally bass ackwards, but the fact is I can install almost everything I want from Synaptic. I guess that's the other question, what about .deb that has all the dependencies or something.

Re:anto-spam

[Anonymous Coward]

for the human is the reference, what the human considers spam is spam - the rest isn't.

and humans don't make mistakes? I'll give you 1,000 messages - lets see if you don't hit delete by mistake...

Re:actually i've always felt their name's not righ

[shadowkoder]

Well, though there may be a large amount of spam, doesn't like 90% of it get sent by the top 10% of spammers, or something to the same effect? If you could whack off a couple of the top guys ...

fillters vs. stallers

[Anonymous Coward]

When do people learn that
what we need is not spam filters but spam stallers.

With spam filters your just precipitating in a arms race.

The spammers will send more and more spam
and your spam filters will use more and more
of your processor time to filter the spam.
It is a uphill battle against the spammer.

With spam stallers like sa-exim and tarproxy
your are stalling the spammers smtp connection
and the effect is that the spammer can't send
as much spam or that they drop you email from there email database.

Re:SURBL

[virtualone]

thats right.. but that does not scare away spammers.

i am not aware of any user that has no spam filer or would even consider buying something from a spammer, and nevertheless i recieve 200 spam mails a day.

Re:SURBL

[BlowChunx]

Probably some argument along the lines that made e-mail clients render HTML...

<rant>
You know, if we just dropped the whole notion of using HTML in e-mails, and only allowed plain text most of this would never have happened in the first place.
</rant>

Re:fillters vs. stallers

[Anonymous Coward]

This is not exactly true. If you can manage to get fewer eyeballs viewing the spam, you should get fewer people responding to spam. This is removing the economic incentive while keeping the costs the same. In other words it becomes less profitable.

Re:fillters vs. stallers

[SnarfQuest]

Are you actually stalling the spam producer, or are you stalling someone who is just forwarding the mail? Most mail does not go directly from the producer to your machine, but goes through numerous forwarders before it gets to you.

What you are likely doing is pissing off the people who are willing to forward your mail to you, and they may decide to just drop all of your mail instead of being screwed with.

Re:A spam arms race?

[celerityfm]

We use SpamAssassin in between our post office and our smtp server and its been working great at filtering spam. But I always wonder why the spammers don't first try running their spam through spamassassin before sending it us. I mean sure they can't beat the bayes filter, but really theres no excuse for sending out mail that trips any of SA's other filters! WTF are they thinking sending out messages that trip even the simplest of filters like malformed headers or whatever? Goes to show you that spammers aren't interested in spamming people with spam filters if they don't even bother to see if their spam can make it past them in the first place.

Its kinda like The Club(tm). Its just enough to make the spammer go to the other car, so to speak.

Re:Does it use IP's or URI's ?

[NKJensen]

If the admins are too slow to take down the spamvertized site and report back to the reporter, yes, and only then.

Which is fine with me.

Re:still waiting for spammerassassin

[jeffguy]

from a legal dictionary [law.com].

murder
n. the killing of a human being by a sane person, with intent, malice aforethought (prior intention to kill the particular victim or anyone who gets in the way) and with no legal excuse or authority...

No worries, spammers don't qualify as human.

Installing on Windows....you're kidding, right?

[Chris Carollo]

So I've heard good things about SpamAssassin and headed over the webpage to figure out what I needed to do to install, and I found this [apache.org].

I'm probably going to flamed for this, but that install process is ridiculous. I'm not even close to being a newbie, but there's no way I'd go through that much hassle to install a spamblocker compared to something like SpamBayes that does a standard windows install and hooks right into Outlook. Does anyone thing that these things are reasonable?

1. I'm supposed to extract it to the root of my drive. Sorry, my root is sacrosanct. If the /. crowd is going to complain about RealPlayer dumping shortcuts in my desktop, quickstart bar, and main start menu, how is SpamAssassin making directories in my root any better? At least I can delete the stuff RealPlayer litters around.

2. I've got to install Perl modules? And it doesn't work with certain versions of Perl? The install should include whatever it needs to run. Don't make me track down some particular version of outside software.

3. I've got to generate a batch file and run it to generate the documentation? Why not just include the generated documentation?

4. Step 10 of the install FAQ mentions a D drive. I don't have a D drive. Does SpamAssassin really require TWO drives to run/test properly?

5. The whole install process includes 13 steps, some of which are fairly complicated.

This is one of the reasons why the whole open-source initiative has such a bad, pointy-headed reputation. Where is the focus on usability and user-friendliness? I often get the impression that it's "not cool" to actually put time and energy into making your software anything other that esoteric in its usage. I realy would like to try SpamAssassin, but dealing with the minor annoyances of SpamBayes for the next six months is clearly less work than installing SpamAssassin today. Why doesn't that bother anyone?

I'm probably going get either flamed or ignored for this post, but I would appreciate a reasonable response if there is one. We'll see I guess.

Re:SURBL

[ChaosDiscord]

I suppose this will driver spam-advertizers to obviscate their URLs in the spam mails. Eg use javaScript to build the URL so the real URL can't be detected...

Which is fine. There are two defenses, both of which work now: 1. Javascript in a message is a big spam flag; legit mail almost never uses it. SpamAssassin and most other hybrid systems assign mail a score, more points means more likely to be spam. HTML typically adds a small penalty, javascript adds a bit penalty. Bayesian systems that see the Javascript will quickly learn to penalize any javascript tags. 2. The filter can filter based on what the user sees, not the raw feed. SpamAssassin already does this to catch people using HTML to try and break up words.

All in all, this isn't worrying to me at all.

Re:Does it use IP's or URI's ?

[ChaosDiscord]

If they're on the same box as me, you just blacklisted 399 other domains that shouldn't have been blacklisted.

You're not blacklisting; you're marking as "more likely spam". In practice the damage will be minimal. First, legit email from the other 399 domains will in general be non-spam-like. The positive hit on the IP address won't be enough to push them over the edge. The penalties for being found in the SURBL at the moment are all relatively small, all less than 1 (5 points are needed in the default configuration to mark a message as spam). The only exception is data from the Spam Cop database, which is fairly small and more carefully vetted. If they broaden from hostnames to IPs, you might have to tweak the scores down, but that's it. Second, what's the realistic chance of your getting email containing a URL linking to that IP? There are millions of web sites. The Big Important Web Sites aren't on the sort of massive shared server you describe. The chances that you'll get an email mentioning one of those smaller sites is pretty small. There is a risk, but it's small enought that I won't lose any sleep over it.

Re:fillters vs. stallers

[Coppit]

With spam filters your just precipitating in a arms race.

True, but the purpose of a spam filter is to only let legitimate email through. If that encourages spammers to start writing legitimate emails, great! You might argue that they are writing legitimate looking emails, but SpamAssassin has always been 1 step ahead of them.

With spam stallers like sa-exim and tarproxy your are stalling the spammers smtp connection and the effect is that the spammer can't send as much spam or that they drop you email from there email database.

I agree. However, you still need to first figure out they are a spammer, right?