[NCLUG] SpamAssassin Testimonials?

Neil Doane caine at antediluvian.org
Mon Jul 14 22:09:37 MDT 2003 

Anyone have a macro for mutt that will add the address of say a current
message to a whitelist?


Neil



* Bob Proulx (bob at proulx.com), on [07-14-03 22:00], wrote:
> > Replies to: rich at experienceplus.com
> 
> Rich Young wrote:
> > 	We're considering installing SpamAssassin, and some 
> 
> I know this was a week ago but just now getting caught up...
> 
> > of my users here aren't familiar enough with it to know 
> > whether they should support the plan or not. I would 
> > appreciate it if a few of you who have had personal 
> > experience with SpamAssassin could reply to me off list 
> > with your brief thoughts on its effectiveness as a spam 
> > reduction tool.
> 
> IMHO SpamAssassin is the best overall tool available.  It uses a
> combined arms tactics method of collating multiple indicators into one
> diagnosis.  RBLs are another best in class tool.  Block all open
> relays and then tag with SA for best results.  I don't see as much
> advantage from Razor, DCC, Pyzor.  But keep an eye on them and other
> techniques such as greylisting which shows promise.  It is a continued
> battle and the landscape will continue to evolve over time.
> 
> I implemented SA as an optional addition for a large group of people,
> a couple hundred, in an engineering lab.  I don't know how many
> actually turned it on out of that group since it was a personal
> configuration capability.  Some never get spam and would not have
> turned it on.  Others did.  It was opt-in on a personal configuration
> basis.
> 
> Most were VERY happy with SpamAssassin.  It was received as a
> lifesaver in the sea of spam.  A few had some false positives.  Even
> with the false positives they were very happy to have the technology
> available and were mostly wanting to understand how to drive it.  But
> remember this was an engineering lab of techies and techies love to
> twiddle knobs.  The few that decided not to use it had turned it on
> themselves and just turned it off themselves too.
> 
> > I'd be especially grateful for comments on:
> > - accidental filtering of legitimate messages
> 
> False tagging will happen.  One person got html mail from their wife
> at another site that always tagged email with headers and footers.
> They totally agreed it looked like a spam message but wanted to know
> how to whitelist the address.  Getting their wife to change mailers,
> companies, etc. was not an option.  The address was whitelisted and
> there was no more trouble.
> 
> Another person bought and sold items on eBay often and had mail tagged
> from non-eBay people trying to contact them about those items.  This
> one was more trouble since the mail could come from anywhere, not just
> eBay, and would really look a lot like spam.  Initially they turned
> off SA during the time that they had items and deals open and turned
> SA back on again when they had nothing in the pipeline and the spam
> was annoying them too much.  I see that type of FP as the hardest to
> avoid.
> 
> > - difficulties adjusting the threshold to optimal level
> 
> Am using the default level here.  Although users can adjust it I don't
> know of any that actually do.  Most that get involved start writing
> their own rules to target their own particular type of spam.
> Personally I increase the likelyhood that any html mail is spam since
> almost all of my html mail is spam.
> 
> > - numeric estimates on how much spam reduction it provided
> 
> Varies greatly by individual.  Some got one spam a month.  Others were
> getting up to 50 a day.  (I am averaging around 30 a day personally.)
> The more spam the individual got the more of a reduction was seen.
> 
> > - how much maintenance it requires to stay ahead of the 
> >    spammers
> 
> The RBL lists are a godsend for dynamically keeping ahead of spammers.
> At the least block any open relay.  Open relays are very bad in
> today's hostile Internet and the open relay RBLs are very low at false
> positives and collateral damage making them relatively safe to deploy
> widely.
> 
> Stay upgraded to the current version of SA.  Since spam flavor changes
> often you should keep up to date.  Like updating virus filters.  If I
> were to plug the distro I like which makes it trivial to stay on the
> latest version it would start a religious war about distros so just
> let me say keep up to date by whatever method you prefer.
> 
> > - any issues regarding using it in a business setting 
> >    with multiple users
> 
> Make sure to educate users that this type of tagging is taking place.
> Making this opt-in is certainly best.  I recommend tagging and then
> automatically filing into a caught spam folder.  In that case make
> sure they check their spam folder routinely, at least initially until
> they have confidence in it, and look for false positives.  In that
> initial period is when most of your false positives from moms, spouses
> and eBay deals will show up.
> 
> Do not automatically delete tagged email.  If it was wrongly tagged
> and then deleted then it is gone.  Instead quarantine and age spam at
> some safe rate to provide a way to retrieve messages from the garbage.
> If nothing else looking through the trash can provide a peace of mind
> that a message you were waiting for was not filed as spam.  Educate
> users how to retrieve messages from the trash.  By default the
> original message is turned into a MIME attachment so that it is not
> munged by the report which is placed around it.  This makes it trivial
> to retrieve completely error free.  But MIME attachments also have
> been known to confuse users.  I have had users convinced that MIME
> attachments were some form of irreversible corruption.  You should be
> prepared ahead of time with the expectation that people will need
> hand holding at this step.
> 
> Everyone has unique needs and no tagging or filtering will work for
> everything.  There is no such thing as one size fits all so please
> avoid providing only one size.  Expect to see unique situations.
> 
> Bob
> _______________________________________________
> NCLUG mailing list       NCLUG at nclug.org
> 
> To unsubscribe, subscribe, or modify your settings, go to:
> http://www.nclug.org/mailman/listinfo/nclug

More information about the NCLUG mailing list