|
Grex > Coop13 > #376: The problems with Grex, e-mail and spam | |
|
| Author |
Message |
| 25 new of 480 responses total. |
maus
|
|
response 118 of 480:
| 
Nov 29 15:16 UTC 2006 |
Just wondering, is there a mechanism by which one could mark a message
as spam if it gets through the filter so that the filter's engines learn
from it? I know spamassassin is supposed to be adaptive and adaptable.
How can one help train the system?
|
maus
|
|
response 119 of 480:
|
Nov 29 15:16 UTC 2006 |
Re #117: Squeak!
|
remmers
|
|
response 120 of 480:
|
Nov 29 15:52 UTC 2006 |
Re #117: Not the "maus" you think it is, I suspect.
|
maus
|
|
response 121 of 480:
|
Nov 29 16:36 UTC 2006 |
Probably not, but who would turn down such a warm greeting?
I am not the small, cute rodent from Mnet or The Well. I am not the grad
student with huge boobs. I am, however, the small, cute rodent who has
been inhabiting cyberspace.org for a fair number of years, but who was
too introverted to participate in the discussions until recently.
|
keesan
|
|
response 122 of 480:
|
Nov 29 16:54 UTC 2006 |
I wrote up a small easy filter that you can just copy from my home directory
to yours, along with my .forward file. cp ~keesan/procmail.simple
./.procmailrc. Then change 'keesan' to your own login, and change the
'jdeigert' in my whitelist to the name of someone you want to get mail from.
This filters on anything assigned five points by spamassassin but I would
change it to three points (*/*/* instead of */*/*/*/*) because I never got
a false positive that way. Someone else copied this but did not let me know
yet if it worked. A slightly more complicated sample is procmail.sample .
I think I set this to send */*/* to /dev/null and */* to a spam folder.
Today I got no spam in any folder, after adding a few more filters on such
things as Windows character sets, embedded images, From: debora .
I don't recall if my sample filter keeps a log of what went where, but I have
my own filter set up to keep a short version, which is running 20 pages a day
of mostly spam (at 3 lines per entry).
|
gull
|
|
response 123 of 480:
|
Nov 29 22:34 UTC 2006 |
With spamc the main concern, load wise, is to make sure you're not
running excessively large messages through it. On systems I configure
I generally bypass spamc for messages larger than 1 megabyte. Its
memory and CPU usage goes up rapidly with message size.
|
remmers
|
|
response 124 of 480:
|
Nov 29 22:41 UTC 2006 |
Using the method I described, it's easy to incorporate that.
|
keesan
|
|
response 125 of 480:
|
Nov 29 23:16 UTC 2006 |
I used to dump any message over 100K and now I forward them somewhere else
before running spamc. remmers, are you working on some way to let people set
up a filter without knowing how to copy and edit a file?
|
remmers
|
|
response 126 of 480:
|
Nov 30 13:36 UTC 2006 |
Yes.
|
tsty
|
|
response 127 of 480:
|
Dec 1 09:00 UTC 2006 |
glad i started something progressive ... keep it up - thank you.
,.
|
naftee
|
|
response 128 of 480:
|
Dec 2 19:37 UTC 2006 |
tajnxxxxxxxxx tws
|
remmers
|
|
response 129 of 480:
|
Dec 6 15:55 UTC 2006 |
There's an article in today's New York Times about the recent upsurge in
spam and why methods of dealing with it that were reasonably effective a
few months ago are now failing.
http://www.nytimes.com/2006/12/06/technology/06spam.html
According to the article, spam volume has doubled in the last year, 90%
of internet email messages are spam, and spammers have developed new
techniques that are very effective in getting past existing spam
filters. The article has interesting details on how spammers are
foiling the filters and why they remain motivated -- there are still
enough suckers who fall for their scams to make them money, often a 5%
or 6% return in just two days.
Anti-spam companies are scrambling to develop techniques to filter the
new breed of spam, but they have a way to go to catch up. If and when
they do, spammers will invent new techniques to get around the new
filters, judging from past patterns.
My own experiments with spam control on Grex tend to bear out what the
article is saying. A few months ago, SpamAssassin filtered over 90% of
the spam coming to my mailbox. I reactivated the filter yesterday, and
it was catching less than half of it. In fact, the spam score of most
of the junk messages was 0.0, meaning that SpamAssassin didn't think the
message was suspicious at all.
SpamAssassin has a "learning" feature (the "sa-learn" command; you can
tell it that messages it let through are in fact spam, and that's
supposed to make it smarter about filtering in the future); I've been
playing around with that and will see if it really improves things. But
it's somewhat cumbersome to use. I'm sure users want a spam solution
that "just works" rather than something that requires constant care and
feeding.
The trouble is, nobody has such a solution. Given that companies that
specialize in spam filtering and actually pay their programmers are
having such poor success nowadays, I'm pessimistic about Grex's
prospects of effectively controlling spam, at least in the near term.
Giving users the option of turning off inbound mail entirely seems more
and more desirable.
|
rcurl
|
|
response 130 of 480:
|
Dec 6 17:33 UTC 2006 |
Spam might be thought of as an infection, and spam blocking is equivalent to
antibiotics. However is there any potential for *immunization*? I imagine an
"anti-spam bot" that infects people's computers with a spam-bot killer
application. I can see an ethical question in this - immunizing users'
computers without their knowledge - but that is till better than the
infection, especially as the "anti-spam bot" could be made to have no side
effects.
|
remmers
|
|
response 131 of 480:
|
Dec 6 17:52 UTC 2006 |
Interesting idea. I can see various problems with it but won't discuss
them here, as this item is supposed to be about what measures might be
feasible for Grex to take regarding the spam problem.
|
keesan
|
|
response 132 of 480:
|
Dec 6 18:00 UTC 2006 |
I change my filter every day or two when the subject line of the stock spams
changes. Today it is 'check this' with a name, some days just a name, some
days 'name here' etc. Labor-intensive but I get less than 10 spams a day,
most of them in the spam folder (anything on the spamcop or sorbs list which
slips through spamassassin goes there). I am also dumping inline images,
javascript, 3DContent, and all Windows charsets, and whitelisting any friends
who use that junk, if I find their mail in my log file.
I dump anything mailed by The Bat!
|
mcnally
|
|
response 133 of 480:
|
Dec 6 18:14 UTC 2006 |
Sindi is using what could probably be thought of as the Howard Hughes
method of spam immunization.
|
rcurl
|
|
response 134 of 480:
|
Dec 6 18:50 UTC 2006 |
That takes probably more time than just deleting it.
|
nharmon
|
|
response 135 of 480:
|
Dec 6 20:42 UTC 2006 |
Re: Anti-spam immunization, there are groups that do something like
this except for exploit botnets not necessary spambots. I think its
called the Honeynet project.
|
keesan
|
|
response 136 of 480:
|
Dec 6 21:23 UTC 2006 |
I consider it fun to tune the spam filter, but unpleasant to have to delete
spams. And it only takes a few minutes a day to analyze what is slipping
through. I seem to be missing a lot of the Windows-1252 stuff, it gets
through the beginning of my filter, don't know why.
|
void
|
|
response 137 of 480:
|
Dec 7 02:32 UTC 2006 |
I rather liked the Alan Ralsky method of deterring spam...people found
out his home address and signed him up for every kind of junk snail mail
they could think of. Too bad other sapmmers' home addresses are not so
easily found.
|
gull
|
|
response 138 of 480:
|
Dec 7 04:05 UTC 2006 |
Re resp:130: The idea of retaliating against spam bots surfaces every
so often. It's been tried, but there have always been problems with
mis-targeting, collateral damage, and legal liability.
|
rcurl
|
|
response 139 of 480:
|
Dec 7 06:37 UTC 2006 |
It would have to be done in the same spirit of the spammers - undercover.
Is there a discussion somewhere of mistargeting and collateral damage?
|
krj
|
|
response 140 of 480:
|
Dec 7 19:26 UTC 2006 |
Just as a personal whiny datapoint: I had 180 spam e-mails in my
work e-mail this morning, which had all arrived since I left
work the previous day. This extrapolates out to close to 300 per
day; this would mean that my spam load has tripled since early
November, when I was getting about 100 per day.
If it triples again, my work e-mail account will get close to 1000
per day.
There is no reason to assume this growth curve will stop short of
the collapse of the e-mail infrastructure.
On Grex, /var/mail is full again.
|
keesan
|
|
response 141 of 480:
|
Dec 7 19:51 UTC 2006 |
I think we should bring back the 100K mail limit, 1MB mailbox limit, and
delete mailboxes of anyone who has not read their mail in 1 month except for
members.
|
rcurl
|
|
response 142 of 480:
|
Dec 7 20:04 UTC 2006 |
Given the spam load, a 1MB mailbox limit could be reached in one day - the
limit should be big enough to allow a week's worth of mail since not everone
can log in daily (like I usually do - but then, I will be away and possibly
out of touch over the holidays). What happens to mail when the limit is
reached?
This is another reason for a general Grex filter for the spam-of-the-day
variety.
|