SpamAssassin Gets a Promotion 168
darthcamaro writes "The folks at internetnews.com are reporting that the Spam Assassin project has been promoted to a full top level Apache Software Foundation project..the project has been in incubation for a while and it's finally made it through...the article also reveals that Apache is now using Spam Assassin themselves: 'I think spam filtering is now a critical part of the network infrastructure and Spam Assassin is a leader in the area,' said Daniel Quinlan, chairman of the Apache Spam Assassin Project Management Committee."
Nice (Score:2)
Bout Time! (Score:3, Interesting)
Re:Bout Time! (Score:5, Interesting)
Re:Bout Time! (Score:5, Insightful)
Re:Bout Time! (Score:4, Insightful)
Re:Bout Time! (Score:3, Interesting)
I do the exact same thing, but with a score of 12. Anything that trips the filter as spam gets dumped into a spam folder off the main maildir and they can use IMAP or check with webmail to see what spam they have. A cron script erases anything in the spam folder older than 2 weeks. Oh yeah, and individual users can alter their own white/blacklists and scores since I pull the username and match the scores in a postgres database. Combined with clamd and qmail-scanner, it's heaven. :-)
As for the incoming
Re:Bout Time! (Score:2, Interesting)
Re:Bout Time! (Score:5, Informative)
1. HELO Filtering
2. Sender Filtering
3. Recipient Filtering
4. Content Filtering and Delivery
I reject over 95% of all incoming mail before it ever gets to SpamAssassin. This means that SA's success rate isn't as good as on other systems (since I weed out all of the obvious spam), but my mailbox is happy and shiny.
SpamAssassin is a brilliant last line of defense, but I wouldn't advise just dumping your raw incoming stream into it. Much of the useful information about a message isn't available to spamd (such as your list of local domain names, relay domains, etc.) and you should consider using a set of cheaper filters to flush out the blatant chaff.
Re:Bout Time! (Score:2)
Not in my experience. Maybe it's the size of my Bayes databases, but clamd uses significantly less CPU than spamd on my particular system. YMMV, of course. Anyone who blindly implements my solution without understanding it and tailoring it to their own needs is likely in for a few nasty surprises.
erm (Score:4, Informative)
spamassassin.org, not spamassasin.org
Re:erm (Score:4, Interesting)
Don't worry (Score:5, Funny)
Ben
Great News! (Score:5, Informative)
Re:Great News! (Score:5, Interesting)
Personally I do use SpamAssassin, but as an intermediate step.
First step: Check a whitelist of known senders. Deliver if the sender is on the list, AND the message originated from an IP subnet that I allow for them personally.
Second step: Scan with SpamAssassin. If the score is really high (above 20) throw it the hell out.
Third step: If the score is less than 20, and the person wasn't whitelisted, run the message through TMDA [tmda.net] and politely tell the sender I'm not sure who they are, and I get a lot of spam, and could you please click this link to prove that you're a real person.
I've been using this three-step system for eighteen months now, and out of over one million messages that have come into my mailbox (really), exactly FOUR spam messages have made it all the way through. Apparently the spammers decided to go ahead and click on the little link, or they used a real person's return address, and when that person got they autoreply, they were too stupid to understand what was going on.
Even better, I have not received ANY indiciation that I've lost any messages; at least, no one has ever mentioned anything about an email that I didn't get.
I've got five other people at my domain using the same system, although for not quite as long (one for fifteen months, three for about a year, and one for just a month now); they have all had similar success.
So based on those numbers I'd estimate a success rate of 99.9997% for eliminating spam (which is, admittedly, COMPLETELY INSANE), and a false-positive (or at least "lost message") rate of 0% so far (fingers crossed). A few people have had to confirm their messages, of course, but I've whitelisted them as that happens.
I actually wrote all the connecting code in PHP, believe it or not, with a MySQL database as a backend. It's invoked using
The whole system took about twelve hours of programming to set up, on one Saturday.
Now, for correspondence to companies (such as Microsoft, or Amazon.com), I use a different scheme (although it's handled by the same PHP code). I create up a unique email address for each of them, which ONLY allows mail to or from that domain (for example "rptamazon@mydomain.com" only allows messages from amazon.com). Those addresses are also easily cancellable, individually, if the company starts to annoy me with spam. Basically, each email address can be assigned its own unique whitelist, and can be cancelled individually at any time, through the little web interface.
I also have a number of email addresses for things such as customer support for our company (I write computer software). I'm using the same system for those, also, but instead of checking whitelists based on the sender, I've found a simple way to do it is to check for ANY of our product names anywhere in the message body or subject. If the message doesn't mention any of them, it sends a simple autoreply back similar to that in (3) above, but mentioning that the message didn't seem to be about any of our products, but if it was, please click here, blah blah. We don't have a high volume of support messages (about one or two a day; we're a small company) but in the last year only three or four people have had to click through like that, and, honestly, their support requests were so f*cked up anyways that I'd rather it just dropped them on the floor.
Then, as a very last ste
Re:Great News! (Score:2, Interesting)
Re:Great News! (Score:2)
random word HTML ("<frank><moon>") etc. Nigerian scam spam seems to get through waaayyy too frequently.
What I have found very useful is the DNSBL's that block known spamming IP's (spamhaus.org) and all email from dynamic addresses. This cuts 95% out before SA even sees it. With a whitelist system in front and SA
Re:Great News! (Score:3, Informative)
Currently I have amassed 3681 spams totalling 76 megs. I should probably empty that directory sometime
sa-learn makes a big difference though. Helps with the misspellings and random junk. Havn't seen a Nigerian scam come through eith
Re:Great News! (Score:2)
Re:Great News! (Score:4, Interesting)
What I don't understand is the base64 problem.. One of the first thing SA does is decode base64. Even "rawbody" rules get base64 decoding, so really base64 encoding shouldn't make a difference at all, as SA never examines the encoded text.
As for the intentional mis-spellings of V!agr0, check out antidrug.cf (use google) or wait for SA 3.0 which includes this set of rules as a part of the standard distribution.
Disclaimer: I am the author of antidrug, and thus do have a bias here.
Re:Great News! (Score:2)
I didn't see any references to ClamAV in here, but since its integration with SA is documented in other places, that can be an afterthought.
When you run your own mail server, it's easy to trump Google, Yahoo and MSN's recent multi-GB offerings. Wonder if they can top my 100GB mail account. Not that I've ever gotten more than 1GB mail worth reading in my almost 20 ye
Re:Great News! (Score:3, Interesting)
Hopefully I'll find some free time later this summer (two big big programming projects I'm working on now are ending next month) and I'll see if I can take a we
Re:Great News! (Score:2)
Yeah that is COMPLETELY INSANE
Re:Great News! (Score:2)
I respond to those all the time. I politely send a "please don't auto-reply to forged spam" message. It's not my fault that your anti-spam solution is stupid enough to re-define an email reply to mean that you should accept forged mail.
Re:Great News! (Score:2)
Re:Great News! (Score:2)
Indeed, the message ends up with a negative score in SpamAssassin, because it has proper "In-Reply-To" and "References" headers and such. And since it quotes the text of the original message, at the bottom, it gets through any Bayesian filters and such they have as well, unless their message was very spammy in the first place. (In which cast it's their own fault, not mine.)
Here is the real link to spam assasins site (Score:4, Informative)
The link in the text goes to some search page
3.0? (Score:2)
3.0, late-July, early August (Score:5, Informative)
It will apparently take another month or so to finalize the weighting of the rules.
I've put 3.0.0pre1 on a production system that filters ~350k messages per day. With some tweaking of the RBL, bayes, and AWL rules, it is much (~10%) more efficient at tagging spam than 2.63, which I'm running on a parallel server that also sees ~350k messages/day (load balancing is your friend).
More info: http://www.au.spamassassin.org/full/3.0.x/dist/bu
Re:3.0, late-July, early August (Score:2)
Just out of curiosity, that sounds like you're running it on your mail gateway. How do your users set their spamassassin options to adjust their filter settings, or do you just give everyone a global setting?
Re:3.0? (Score:4, Informative)
[rulesemporium.com]
I use the rules there, and even minor spam gets obliterated with no problems of catching real mail.
I recommend it!
DSpam (Score:5, Interesting)
DSpam also came with much better directions for integrating with Exim than did SpamAssassin. As fond as I was of SpamAssassin, they have some catching up to do.
Re:DSpam seems okay but not for relay hosts (Score:2)
Maybe there's a way to do it but I couldn't take the time to figure out a good way to get it done.
Re:DSpam seems okay but not for relay hosts (Score:2)
Re:DSpam (Score:5, Interesting)
It's also not very easy to understand how it works, or configure your mail client to easily train it, or to configure procmail how to properly call it (there are a lot of command-line flags as well).
That being said, IT IS WORTH IT. A properly set up and trained DSPAM filter will SOLVE your spam problem. Training time usually takes about 2 weeks and the results are fantastic after that.
You can also set it up a number of ways - server-side, user-side, with postfix or another mail server, with procmail or without. Relay or not. It's up to you.
Re:DSpam (Score:2)
It has a lot of perl module depencies and integration of with MTA was documented quite poorly when i tried to install S.A.
Re:DSpam (Score:3, Interesting)
It's a bugger to set up with Procmail, but if anyone wants a peek at my config file, just e-mail... One thing I did do was forget about that whole "forward
Re:DSpam (Score:2)
Re:DSpam (Score:3, Informative)
I haven't seen any false positive stats on dspam. It's easy to say a spam filter has a high spam catching rate, but it means nothing without a very low false positive rate.
Redirecting my mail to
Re:DSpam (Score:4, Interesting)
I've got my system set to deliver spam to a spambox which I check nightly for false positives.
and the docs say that I ought to have alot more training before it's up to standard. it's already better for me than SA was.
dave
Re:DSpam (Score:2)
However, I might be switching over to Exim soon from qmail, and I'll be sure to check out dspam.
Re:DSpam (Score:2)
It's all about training.. (Score:2)
Re:DSpam (Score:2)
This all works pretty well but a trickle of spam still gets through to the end users. I've set up conferences on the groupware box where users can drag missed spam and mistagged ham to for training. Here i
Re:DSpam (Score:4, Interesting)
The bad messages go into a quarantine on the server and can be reviewed by the end user using a web-based interface (looking for false positives.) In the press of a button, that quarantine can be emptied, freeing up disk resources on the server.
Other SPAM solutions (like SpamAssassin) mark the message and continue with delivery. What's the point in downloading the SPAM to your mail client just to throw them away?
-ch
Re:DSpam (Score:2)
If Only It Was For Real (Score:5, Funny)
Re:If Only It Was For Real (Score:2)
Re:If Only It Was For Real (Score:2)
Re:If Only It Was For Real (Score:2)
--
Dependra Web Hosts [dependra.com]
The problem is... (Score:4, Funny)
what to do with spam after it's id'd? (Score:5, Interesting)
I like SA, and find it is very good for identifying around 95% of my incoming spam. However, I also have around 0.1% false positive rate, which means at some point I have to look through all the filtered spam messages and make sure none of them were legit.
I need a better tool for handling mail SA has identified as spam, either server-side or client-side. I'd like to delete anything with a score > 15, simply store anything with a score > 5, and send an auto-reply for scores between 5 and 10 indicating that the message was marked as spam and I'll probably never look at it.
A good set of procmail and formail rules will accomplish this, but my hosting company has a weird procmail setup and I'd prefer something easier to implement.
Any ideas?
Re:what to do with spam after it's id'd? (Score:5, Insightful)
I need a better tool for handling mail SA has identified as spam, either server-side or client-side. I'd like to delete anything with a score > 15, simply store anything with a score > 5, and send an auto-reply for scores between 5 and 10 indicating that the message was marked as spam and I'll probably never look at it.
Procmail can do it, but please reconsider the auto-replies. What happens if I'm pissed at bob and decide to sent out 1m spams with the return address of bob@example.com? More common, what about viruses that forge headers?
I would consider auto-whitelisting instead.
a better approach: reject the mail (Score:3, Informative)
Re:what to do with spam after it's id'd? (Score:3, Interesting)
sorting mail by spamassassin score (Score:5, Informative)
I can't speak for auto-replies, but you can do the sorting part client-side. The key is that spamassassin adds a line like "X-Spam-Level: *****" where the number of *'s is the score of the email. Almost any email client can filter mail to different folders based on headers. The unary representation of the spam score ensures that even a primitive filter can work.
For example, one popular client is Microsoft Outlook, and there are several web pages in google (such as this one [carleton.ca]) that explain how to reroute mail to specific folders depending on the spamassassin score.
Re:what to do with spam after it's id'd? (Score:4, Interesting)
Yes, you sure do.
Odds are that this doesn't apply to you, but the Mac OS X mail program, Mail, does a brilliant job. It recognizes the YES or NO header that SpamAssassin adds to filtered messages and, depending on your preferences, filters accordingly. By default it merely flags spam messages with a little trash-bag icon and leaves them in your inbox. At the flip of a switch, you can have the program automatically move spams into a Junk folder that (again, depending on your prefs) can be automatically emptied every week or month or day or whatever.
If your mail program doesn't already do this, then your mail program sucks.
Re:what to do with spam after it's id'd? (Score:5, Informative)
I have a very well known address (which is why I'm posting as an Anonymous Coward
The correct response to spam is to throw it away. Trying to reply to it makes the world worse, not better.
Re:what to do with spam after it's id'd? (Score:4, Informative)
logfile "/path/to/my/home/dir/maildrop.log"
###
### Maildrop variable substitution
###
MAILBOX="./Maildir"
DEFAULT= "$MAILBOX"
SPAM="$MAILBOX/.Spam"
###
### SpamAssassin
###
# Filter through SpamAssassin
xfilter "/usr/local/bin/spamc"
# Handle messages marked as spam
if (
{
# Store messages flagged as spam in another folder; uncomment
# this during testing just in case any legit mail gets sent
# to
#cc "./spam-store"
# Delete messages with a score of 10 or higher, filter all other
# spam messages into a spam folder
if ( $MATCH2 >= 10.0 )
to "/dev/null"
else
to $SPAM
}
Re:what to do with spam after it's id'd? (Score:2)
:0fw
| spamc
# Marks extreme spam, and handls one of several ways.
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*
{
#First report it as spam to the athorities.
| spamassassin -r
#
# For complete deletion...
#
#
# Remove markup...
# | spamassassin -d
#
# For sending to the FTC
# ! uce@ftc.gov
# For when checking highspam...
$MAILDIR/.caughtspam.highspam/
}
:0
* ^X-S
Re:what to do with spam after it's id'd? (Score:2)
In your situation, I would simply suggest saving messages above 5 to a special folder and forward messages above 12 to Dave Null.
As others have mentioned, never, never send auto-replies or configure your MTA to send bounce messages.
If you want to reject messages, you have to do it in the SMTP dialogue with the spammer or his raped relay. If you accept the message first, or your ISP does
What's the big deal? (Score:5, Funny)
Re:What's the big deal? (Score:2)
I have a gmail account and I haven't gotten a single email in a week. Not one. Kind of makes me want to post my email address to a news group.
Kind of.
You people need to stop being so cynical (Score:5, Funny)
A step up from living in your parent's basement and whacking off to an inflatable doll, right?
I'd stay and chat, but I have to get back to a Nigerian man about a bank transfer
Re:You people need to stop being so cynical (Score:4, Funny)
Re:You people need to stop being so cynical (Score:2)
Get the owner, not the dog..... (Score:5, Insightful)
Somebody is paying for the spamming, and we know exactly who it is. The URL of that organization is prominently displayed in every item of spamail. It is the advertiser.
The advertiser is right there out in the open, easy to locate. If they're not, the spam isn't doing its job, and wouldn't have been sent. And easy to locate means easy to go after, easy to sue, to fine, DoS or whatever.
Dinging the advertisers, and dinging them hard, will instantly put the spammers out of business.
Spamming can be eliminated without blocking, white lists, or anti-spoofing RFC's. Just go to where it's pointing.
To draw an [ugly, graphic] picture: a dog comes and poops on sidewalk in front of my house, and I step in it. Yelling at the dog is going to be only moderately successful, building a poop filter is difficult, messy, and leaky (as Spam Assassin demonstrates) . Following the dog's leash and fining the owner is what works.
The owner doesn't bring the dog back since s/he doesn't want to pay another fine.
No owner, no dog, no spam.
Get the owner.
Kill the spam.
Re:Get the owner, not the dog..... (Score:2, Insightful)
The advertiser is right there out in the open, easy to locate. If they're not, the spam isn't doing its job, and wouldn't have been sent. And easy to locate means easy to go after, easy to sue, to fine, DoS or whatever.
Re:Get the owner, not the dog..... (Score:3, Insightful)
Let the FBI actually buy something from a spammer, trace the money, as its being bought with a CC, then prosecute whoever cashes the CC transaction. They do buys for drug busts routinely, so why not.
Re:Get the owner, not the dog..... (Score:2)
I'm not sure why so many people on Slashdot think this, but when you have a good idea, it doesn't mean the other ones are bad.
Your idea is good. The cops should indeed go after spammers exactly as you say. However, that won't get all of them. One recent spam I got was sent from Brazil, advertises a site hosted in China, and transfers the money t
Cost of spam (Score:2)
Server - CPU/Storage
Bandwidth
User time to read/sort it
User time is expensive.
Bandwidth and servers are relatively cheap
Email filtering saves the most valuable resource, this helps limit the damage of it. Nobody is saying this is the ideal case, but it is an effective tool.
Challenge-Response schemes are more effective (Score:2, Interesting)
Filtering spam generates way too many false positives. Challenge/Response schemes are IMHO much more effective. TMDA [tmda.net] and similar programs can be configured with whitelists for your regular mail partners, auto-whitelists for everyone who confirms their e-mail identity, and, if necessary, with blacklists too.
Re:Challenge-Response schemes are more effective (Score:5, Informative)
Re:Challenge-Response schemes are more effective (Score:2)
I filter 97%+ of Spam (~175/day) and the only false positives I get are from companies just begging to be filtered. Ie: Easyjet.com, in the (massive HTML) conformation of my itinerary trying to sell, sell, sell me hotels, car rentals and the lot.
Those companies should realise that Spam is a problem end even though they are not spammers, they should keep in mind their messages will be sent through a filter, so better make sure they don't look like it.
I have nev
Re:Challenge-Response schemes are more effective (Score:3, Insightful)
Re:Challenge-Response schemes are more effective (Score:3, Insightful)
We shouldn't feed the trolls (eh. ACs), but I'll bite anyway, because it's a valid argument.
You also ban all innocent bystanders than send you regular 550: no such user bounces, right? TMDA messages are exactly like bounces if you think of it. They appear automatically generated on purpose. It's a piece of cake to filter them if you dislike 'em. It's not like spam which tries to deceive you.
Now, trying not to be too caustic, backscatter is a fact of life. If you really want to avoid this completely, you
I prefer my method - sacrificial subdomains (Score:2)
Not perfect, then again, spam prevention methods never are.
What I do [whirlpool.net.au]
Re:I prefer my method - sacrificial subdomains (Score:3, Interesting)
As a side note, I don't use these email addresses for personal emails - I can hopefully trust that the people I personally send emails to are not, or are not going to become spammers.
Well, that is not a very secure assumption. Unless you know that all those people are not using an MUA/OS combination that is vulnerable to viruses or worms. Harvesting addresses is done that way nowadays...
It is an odds game (Score:2)
The people I trust with my "hidden" personal email address are also people I trust to run a patch MTA/MUA. Of course, they also have my personal phone number, if they need a different way of contacting me, when email doesn't work.
If I don't trust them to run a patched MTA/MUA, then they'll get one of my "special" ie. sacrificial subdomain email addresses, rather than my actual personal one.
A key point, which I didn't realise when I wrote the original text at the URL, is that nothing is permanent, includ
Re:It is an odds game (Score:2)
nothing is permanent, including my physical address, my phone number or even my name.
Now that makes sense ;) It's actually a great idea.
Imagine the repercussions on the legal system if we could switch IDs in real life every now and then! Change your bank account, diplomas, contracts... would be quite difficult. Unless you have a secret unique ID stored on some government computer. Connect to that server, and change your public name anytime you like (after paying a fee?).
throws away ANY bulk mail (Score:5, Interesting)
that plus the points for any non-safe html colors or any html at all, SA effectively tags ANY bulk mail as spam!
For an end user to setup on their client (as a "junk mail" folder) thats great.. I like to have bulk mail seperated from my personal mail, but for an ISP to throw it away before it even gets to the intended recipient is fucking rediculous and should be illegal.
The only email an ISP should be allowed to discard are the ones with attached viruses or some known email worm. The only reason your customers are happy with you throwing away their email is because you don't fucking tell them.
Re:throws away ANY bulk mail (Score:3, Insightful)
Thank Microsoft. ISPs could easily just add a header line and let the user filter on it, but Outlook Express is crippled from Outlook in that it can't match on arbitrary header lines, forcing ISPs to delete or leave alone.
I agree that SA is great client-side, which is how I use it. The problem is that it isn't plug-and-play on even *IX, and it's not trivial [openhandhome.com] to set up on the client s
Re:throws away ANY bulk mail (Score:2)
The point is, there are also many rules that give negative scores for especially hammy messages. So, messages can have a lot of very spammy things about them, but as long as they also have a lot of hammy things about them, you're ok.
Also, be sure to train your bayes database well with a lot of ham, it'll help a lot too.
SA and filtering (Score:2)
Evolution just files those with high rankings into another folder.
I don't think auto deleting emails is a good idea.
Yahoo does a similar thing, throws suspect spam into a bulk folder. Quite often I find stuff (website registrations) in there.
Re:throws away ANY bulk mail (Score:2)
You can even run spamassassin directly on Exchange (Score:4, Informative)
But if you are a smaller shop and don't have the resources for that, then you can run sa right on Exchange.
Here is a write up on how to do it [spamblogging.com] (that particular write up is for Exchange 2003 and SA 3.0, but it will work for SA 2.x as well, and for Exchange 2000 - or any combination thereof - but it won't work on Exchange 5.5 that I know of).
I'll never need Spam Assassin (Score:2)
Re:I'll never need Spam Assassin (Score:3, Insightful)
You're just plain lucky. It's a fact of life that at least one of your email pals will use Windows, and store your emails in an Outlook or Outlook Express mail folder. Some days later, your pal will catch a worm or virus, and this little spam helper will harvest all those addresses, including your beloved, "protected" addy.
Re:I'll never need Spam Assassin (Score:2)
I don't worry about the infected e-mails because my filter is 100% effective at screening them out. I really don't consider infected e-mails to be spam because the purpose and intent is entirely different than spam-for-profit.
Re:I'll never need Spam Assassin (Score:2)
The problem is not that you can screen/filter viruses on your side, it's that your pals won't on their side; and once a virus on your pals' machine gets your address (from their addressbook or mail folder content), it will send this address to harvesting servers, which collect all new addresses. It is then just a matter of time before you start getting tons of spam too. You didn't disclose your address, but some virus on your pals' machine did it. You have absolutely no control over this, once your email le
Re:I'll never need Spam Assassin (Score:2)
I guess time is on my side then. I get plenty of infected e-mails. Probably 200 Beagle variants alone. None have resulted in my address being harvested by spammers. I believe you are mistaken about viruses and worms harvesting addresses. (Got some documentation?) By definition, I should be spammed out by now.
The problem with using virusses and worms to harvest addresses is that "the powers that be" will analyze the infectio
Re:I'll never need Spam Assassin (Score:2)
The problem with using virusses and worms to harvest addresses is that "the powers that be" will analyze the infection and identify where the addresses are being sent to.
Don't overestimate their investigative prowess. It is actually quite easy to send back the addresses where they can be collected:
As for the last point: you can add the addresses as plain text in the spam payload,
Re:I'll never need Spam Assassin (Score:2)
You've provided no evidence. Sure, anything is possible, but that's hardly an argument. Show me evidence that spammers are using worms and viruses to harvest addresses from infected users' address books. If they were, by all rights, I should be swamped with spam.
Re:I'll never need Spam Assassin (Score:2)
Yes, I didn't provide evidence, because the only evidence I have is source code from a grey-hat workshop experiment which establishes a stealth P2P virus/worm-based network (in a lab environment) which does exactly that harvesting stuff I was talking about. This self-spreading, self-organizing and self-healing network code must never be released in the wild for reasons you certainly understand.
Coding this is very easy for experienced people with shellcoding, sockets-api and openssl experience. It's not di
Re:I'll never need Spam Assassin (Score:2)
Proof is in the pudding.
Re:I'll never need Spam Assassin (Score:2)
Other times, maybe your hosting company will let slip your email address. Maybe one of your friends will send you one of those goddamn Yahoo E-cards, and Yahoo will have your address to sell at will. Maybe one of your friends will fill your address in one of those "Forward this article to:" fields on a commercial news site; do you trust the site? Maybe one of your friends will normally send an email
Re:I'll never need Spam Assassin (Score:2)
#2 Listserv moderation has nothing to being protected from spammers.
#3 The issue is whether a mailing list is archived on a web site, not protected behind a password. If you join such a listserv, don't whine about the spam. When you engage in risky behaviors, expect consequences.
hey, did anyone else... (Score:2)
Personal spam filter? (Score:2)
My ISP is using SpamAssasin, but I have no influence over the setting they use, and it lets far too much through.
I assume a server solution is better than a filtering client. Besides, it would make it possible to filter for both computers in the household.
I'm on Mac OS X.
OT: Spam Cannibal (Score:2)
Please have a look at Spam Cannibal [spamcannibal.org]
It's an interesting concept that if correctly deployed (big "if") by even a relatively few admins around the world, could really make a difference to the amount of spam on the net. It can also protect hosts against DoS attacks of various kinds.
Don't get me wrong, I'm not astroturfing this (much...). It has flaws - there are those who think blacklis
Re:Spam... I just don't get it. (Score:3, Funny)
Publish your addy on /. (or anywhere else), wait a few days, and have fun!