Web page to scan ?

[Edward Brookhouse <eb...@healthydirections.com>]

Hi all,

 

A while ago I came across a web page that was setup to paste in the
contents of an email and spamassassin would scan the email and show you
a html report of what was triggered.

Has anyone seen this or know where I can find the source again?

 

Any help appreciated,

 

Regards Edward

 

Re: Web page to scan ?

[Matt Kettler <mk...@comcast.net>]

At 10:18 AM 5/31/2005, Edward Brookhouse wrote:
>Hi all,
>
>A while ago I came across a web page that was setup to paste in the 
>contents of an email and spamassassin would scan the email and show you a 
>html report of what was triggered.
>Has anyone seen this or know where I can find the source again?


I don't know of such a page and was unaware one ever existed. Really, it's 
not in the SpamAssassin community's best interests to make such a tool 
available. While it might be helpful to legitimate marketers, it's also 
helpful to illegitimate ones.


However, if you really want to test a message, it's not that difficult to 
install spamassassin and run the tests yourself.

If you pipe the email through spamassassin -t it will even force SA to 
generate a full report as if the message was tagged as spam, no matter how 
low the score.

But even that is of limited use in tuning. Most SA users use bayes, and 
you're not going to be able to accurately predict what a specific person 
will have in their bayes DB.

If you are a legitimate mailer and want some general advice, check out the 
10 recommendations at:
http://www.workz.com/content/view_content.html?section_id=513&content_id=6411

Other recommendations I would have include:
         1) if you use a third-party remailer, check their credentials 
extensively. Make sure they have STRICT anti-spam policies and list 
management policies. While these strict policies may be an inconvenience to 
you, you'll avoid winding up with a "fly-by-night" remailer that also sends 
a ton of spam and thus is heavily blacklisted.

         2) Avoid using third party "message tracker" services that use web 
bugs.   If you must use one, check their policies too.

         3) don't buy email lists from anyone, ever. Most "5 billion 
addresses for $100" deals are collections of email addresses illegally 
scraped from websites (yes, this is illegal in the US) and are often loaded 
with spamtraps. If they tell you it's opt-in they're lying. Nobody ever 
opts-in to have their email address resold to others indiscriminately as 
these operations are doing.

         4) do double opt-in. Yes, you'll loose some subscribers because 
some users can't figure it out. But let's face it the ones you loose are 
your least valuable subscribers anyway. They're clearly not interested 
enough to apply any thought, and they're also likely to later forget the 
signed up and start complaining. At the very least do not ever have a blind 
"subscribe" email address that will subscribe anyone that emails it 
regardless of content. You'll end up subscribing a lot of people who had 
their address forged by a virus sent to your address which will end up 
causing you tons of headaches.

         5) If you have lots of problems, consider signing up with 
bondedsender. Yes, this costs money, and you really do not need it. 
However,  it's not very expensive unless you wind up with a lot of 
complaints and if you have the budget to spare for the annual fees it's 
fairly effective. Personally, I don't think this is called for except in 
extreme cases, but I do think that Ironport is a very decent company.