Better spam control

["Kenneth P. Turvey" <kt...@squeakydolphin.com>]

I'm using a couple different DNS based blacklists, but I'm still getting 
a lot, and I mean a lot, of spam in my inbox.  What are your 
recommendations for controlling spam?  Are there any other DNS based 
blacklists that I could use?  

Currently in use:

Blacklist: 

bl.spamcop.net
dnsbl.njabl.org

Whitelist:

query.bondedsender.org


I tried using the Bayesian filter in the config, but I couldn't get it to 
work.  I'm a bit concerned about doing this on the server anyway, but it 
might be acceptable if I could get it to work.  

-- 
Kenneth P. Turvey <kt...@squeakydolphin.com>	


---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org

Re: Better spam control

[David Legg <da...@searchevent.co.uk>]

Kenneth P. Turvey wrote:
> I'm using a derby database for the spools and 
> such.  I think it had a problem with finding a place to put things.  I 
> wasn't sure what to do to get it to work, so I turned it off.  Should I 
> give it another shot and provide you people with error details?  I 
> assumed it wasn't a fully implemented feature yet.

I use MySQL for storage but Derby must be pretty similar.  I'm sure if 
you send a partial stack trace and/or any messages, someone will be able 
to set you straight.

Just for reference there is more documentation on the James Wiki [1].

> I thought spamcop would work better than it does.

Just think of Blacklists as just one of many measures you need to take 
to reduce spam.  It's called 'defense in depth' where you put up as many 
barriers as you practically can in the hope that spam will fail to get 
through one of them.  I happen to think that Bayesian analysis is one of 
the more effective measures but it is by no means the perfect solution 
on its own.  For one thing it always needs constant feeding so it can 
detect the latest style of spam.

Other techniques you may want to research include:  Teergrubing[2], 
VERP[3], Tarpitting[4], Greylisting[5], SPF[6].  The list goes on and 
on!  Luckily, most 'normal' people use major ISPs for their email and 
the ISPs do the defense in depth thing for them.  If 'normal' people 
were exposed to the fantastic amounts of spam without any form of 
protection they would be amazed!

Regards,
David Legg

[1] http://wiki.apache.org/james/Bayesian_Analysis
[2] http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html
[3] http://cr.yp.to/proto/verp.txt
[4] http://www.palomine.net/qmail/tarpit.html
[5] http://projects.puremagic.com/greylisting/whitepaper.html
[6] http://new.openspf.org/

---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org

Re: Better spam control

["Kenneth P. Turvey" <kt...@squeakydolphin.com>]

On Fri, 16 May 2008 23:34:11 +0100, David Legg wrote:

> I don't know why you say you couldn't get it to work.  I'm assuming you
> trained it by sending it spam and ham messages.  It takes a while to
> improve itself and you do have to religiously send it any spam that
> escapes.  Give it at least a week before measuring its success rate.

I really couldn't get it to work.  I got some kind of exception, but I 
don't remember what.  I'm using a derby database for the spools and 
such.  I think it had a problem with finding a place to put things.  I 
wasn't sure what to do to get it to work, so I turned it off.  Should I 
give it another shot and provide you people with error details?  I 
assumed it wasn't a fully implemented feature yet.  

> One final word.  Don't put too much reliance on DNS blacklists.  One
> worrying trend at the moment is for spammers to hire armies of drones to
> manually overcome the Captcha technology used by Google and Yahoo to
> create legitimate accounts from which they can send auto-responder
> emails.  No genuine blacklist is going to put Google or Yahoo on their
> lists!

This is a problem.  I thought spamcop would work better than it does.  It 
is far better than the other blacklist, but still lets through a lot of 
spam.  

-- 
Kenneth P. Turvey <kt...@squeakydolphin.com>


---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org

Re: Better spam control

[David Legg <da...@searchevent.co.uk>]

Hi Kenneth,

> I'm using a couple different DNS based blacklists, but I'm still getting 
> a lot, and I mean a lot, of spam in my inbox.  What are your 
> recommendations for controlling spam?
>   

I swear by the Bayesian filter for spam control.  Out of 450 daily spams 
it only lets one or two through.

You have to be aware of its limitations though.  For one thing I only 
have a small number of users using it.  If I had to manage lots of users 
the filter might start removing emails which one person thinks is spam 
while another doesn't.  I guess that's why you were concerned about 
doing it on your server.

I don't know why you say you couldn't get it to work.  I'm assuming you 
trained it by sending it spam and ham messages.  It takes a while to 
improve itself and you do have to religiously send it any spam that 
escapes.  Give it at least a week before measuring its success rate.

One final word.  Don't put too much reliance on DNS blacklists.  One 
worrying trend at the moment is for spammers to hire armies of drones to 
manually overcome the Captcha technology used by Google and Yahoo to 
create legitimate accounts from which they can send auto-responder 
emails.  No genuine blacklist is going to put Google or Yahoo on their 
lists!

Regards,
David Legg


---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org