You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by sp...@incubator.apache.org on 2004/07/08 19:14:01 UTC

[SpamAssassin Wiki] Updated: DeletingAllMailsMarkedSpam

   Date: 2004-07-08T10:14:01
   Editor: 129.246.254.14 <>
   Wiki: SpamAssassin Wiki
   Page: DeletingAllMailsMarkedSpam
   URL: http://wiki.apache.org/spamassassin/DeletingAllMailsMarkedSpam

   Added information about email passwords (helpful if you autodelete)

Change Log:

------------------------------------------------------------------------------
@@ -2,6 +2,17 @@
 
 In general, no. While SpamAssassin is very good at picking out a large proportion of spam, it's impossible for a computer to do this job perfectly. You should only delete mail if you (and your users/customers) would find it acceptable to lose mail that might be legitimate. A much better idea is to filter possible spam into a separate folder that can be checked less frequently than the normal mailbox. It is possible to reject the mail at the smtp level, generating a delivery error, so the sender is notified that their message is rejected. This works well imo. You need to use a mail server that supports this(I use mimedefang+sendmail).  Mimedefang also allows me to save the mail to a central archive that I can extract from if I get a FP. If you do reject mail at the 5xx delivery level you need to set your spam threshold higher than the default of 5.
 
+If you have so much spam that manually reviewing all messages isn't practical, you can
+reduce the damage by creating rules to implement a whitelist.
+You can also implement through rules an "email password"; email that includes
+the email password in the subject (or body) could be ranked as much less likely to
+be spam. Then, make sure that those who might legitimately contact you
+can learn the email password, e.g., placing a shrouded graphic of the
+email password on your website.  Make sure you can can change your email
+password later (e.g., by changing rules), in case spammers start including
+your old email password.  You can see more about email passwords at
+http://www.dwheeler.com/essays/spam-email-password.html
+
 (EditHint: I log in into a shell account, so I wrote a perl script that checks my spam mailbox for new messages [i.e. those missing a Status field in the header] and included it in my .bashrc.  This script, with the -r option, also marks all those messages as read so I don't see those same headers popping up next time I log in.)
 
 == But I really really want to do it anyway! ==