[NCLUG] SpamAssassin Testimonials?
Neil Doane
caine at antediluvian.org
Mon Jul 14 22:09:37 MDT 2003
Anyone have a macro for mutt that will add the address of say a current
message to a whitelist?
Neil
* Bob Proulx (bob at proulx.com), on [07-14-03 22:00], wrote:
> > Replies to: rich at experienceplus.com
>
> Rich Young wrote:
> > We're considering installing SpamAssassin, and some
>
> I know this was a week ago but just now getting caught up...
>
> > of my users here aren't familiar enough with it to know
> > whether they should support the plan or not. I would
> > appreciate it if a few of you who have had personal
> > experience with SpamAssassin could reply to me off list
> > with your brief thoughts on its effectiveness as a spam
> > reduction tool.
>
> IMHO SpamAssassin is the best overall tool available. It uses a
> combined arms tactics method of collating multiple indicators into one
> diagnosis. RBLs are another best in class tool. Block all open
> relays and then tag with SA for best results. I don't see as much
> advantage from Razor, DCC, Pyzor. But keep an eye on them and other
> techniques such as greylisting which shows promise. It is a continued
> battle and the landscape will continue to evolve over time.
>
> I implemented SA as an optional addition for a large group of people,
> a couple hundred, in an engineering lab. I don't know how many
> actually turned it on out of that group since it was a personal
> configuration capability. Some never get spam and would not have
> turned it on. Others did. It was opt-in on a personal configuration
> basis.
>
> Most were VERY happy with SpamAssassin. It was received as a
> lifesaver in the sea of spam. A few had some false positives. Even
> with the false positives they were very happy to have the technology
> available and were mostly wanting to understand how to drive it. But
> remember this was an engineering lab of techies and techies love to
> twiddle knobs. The few that decided not to use it had turned it on
> themselves and just turned it off themselves too.
>
> > I'd be especially grateful for comments on:
> > - accidental filtering of legitimate messages
>
> False tagging will happen. One person got html mail from their wife
> at another site that always tagged email with headers and footers.
> They totally agreed it looked like a spam message but wanted to know
> how to whitelist the address. Getting their wife to change mailers,
> companies, etc. was not an option. The address was whitelisted and
> there was no more trouble.
>
> Another person bought and sold items on eBay often and had mail tagged
> from non-eBay people trying to contact them about those items. This
> one was more trouble since the mail could come from anywhere, not just
> eBay, and would really look a lot like spam. Initially they turned
> off SA during the time that they had items and deals open and turned
> SA back on again when they had nothing in the pipeline and the spam
> was annoying them too much. I see that type of FP as the hardest to
> avoid.
>
> > - difficulties adjusting the threshold to optimal level
>
> Am using the default level here. Although users can adjust it I don't
> know of any that actually do. Most that get involved start writing
> their own rules to target their own particular type of spam.
> Personally I increase the likelyhood that any html mail is spam since
> almost all of my html mail is spam.
>
> > - numeric estimates on how much spam reduction it provided
>
> Varies greatly by individual. Some got one spam a month. Others were
> getting up to 50 a day. (I am averaging around 30 a day personally.)
> The more spam the individual got the more of a reduction was seen.
>
> > - how much maintenance it requires to stay ahead of the
> > spammers
>
> The RBL lists are a godsend for dynamically keeping ahead of spammers.
> At the least block any open relay. Open relays are very bad in
> today's hostile Internet and the open relay RBLs are very low at false
> positives and collateral damage making them relatively safe to deploy
> widely.
>
> Stay upgraded to the current version of SA. Since spam flavor changes
> often you should keep up to date. Like updating virus filters. If I
> were to plug the distro I like which makes it trivial to stay on the
> latest version it would start a religious war about distros so just
> let me say keep up to date by whatever method you prefer.
>
> > - any issues regarding using it in a business setting
> > with multiple users
>
> Make sure to educate users that this type of tagging is taking place.
> Making this opt-in is certainly best. I recommend tagging and then
> automatically filing into a caught spam folder. In that case make
> sure they check their spam folder routinely, at least initially until
> they have confidence in it, and look for false positives. In that
> initial period is when most of your false positives from moms, spouses
> and eBay deals will show up.
>
> Do not automatically delete tagged email. If it was wrongly tagged
> and then deleted then it is gone. Instead quarantine and age spam at
> some safe rate to provide a way to retrieve messages from the garbage.
> If nothing else looking through the trash can provide a peace of mind
> that a message you were waiting for was not filed as spam. Educate
> users how to retrieve messages from the trash. By default the
> original message is turned into a MIME attachment so that it is not
> munged by the report which is placed around it. This makes it trivial
> to retrieve completely error free. But MIME attachments also have
> been known to confuse users. I have had users convinced that MIME
> attachments were some form of irreversible corruption. You should be
> prepared ahead of time with the expectation that people will need
> hand holding at this step.
>
> Everyone has unique needs and no tagging or filtering will work for
> everything. There is no such thing as one size fits all so please
> avoid providing only one size. Expect to see unique situations.
>
> Bob
> _______________________________________________
> NCLUG mailing list NCLUG at nclug.org
>
> To unsubscribe, subscribe, or modify your settings, go to:
> http://www.nclug.org/mailman/listinfo/nclug
More information about the NCLUG
mailing list