Aaron Konstam: > You are asking a lot form a spam filter. Not really, it's the computer, not me... ;-) > But let me share with you this: > 1. For the first time spamassassiin really works with evolution in f7. > I get no more that 1 spam message a week out of maybe a 1000 messages. I picked on that one as just an example, but it's the only one available from my various mail hosts. As I said before, it needs to be done on the server. Else *YOU* are still getting spam (wasting storage space and downloading it), and lost mail gets silently discarded or you have to manually check. And that's the problem, where it's remotely installed, its not modifiable enough by me to be worth it. > 2. It is impossible to run a spam filter without checking the junk > folder since you will lose a few files that you wanted to see. Training > in this regard is everything. Yes, and no. You can run spam systems that do the poison bait test that I outlined, and nothing more. If anything posts to my bait address, it gets marked as spam, 100% error free. The same message posted, separately, to my other accounts is identified as spam, also with 100% certainty. Such tests can be done without further care. You can also do other tests, giving them less certainty, but I found it not necessary. The spam I was getting was always addressed to all of my contacts. Sometimes as separate messages, sent at the same time, sometimes as one message addressed to a few of them. > 3. Asking your spam filter to notify the spam senders is crazy. Why > would I want all the cialis vender's and Nigeria con men to know their > mail did not get through. You're thinking about this from just one point of view. Firstly, let's look at killing spam: If it's spam, you don't want it, obviously. If you *reject* at the input stage, it's like firewalling. They fail. And it's better that they know that. Auto spam systems can give up on your address, giving the world a bit less traffic to deal with. Scattergun spammers, not caring about the response, aren't given anything more useful to them than your system silently accepting their spam. They already have your address. Secondly, let's look at not killing non-spam (ham): You have someone trying to mail you who should be able to, but for some reason their message triggers the spam detector. If that was your long lost brother, your boss telling you something important, your potential client asking you something or accepting your quote, etc., and it's silently rejected, you've lost out something important, perhaps permanently. If you have to check your junk mail, personally, why bother having an anti-spam system in the first place? And you might check it too late to be any good. But, if your system rejects the message, with a notification, that sender has the chance to try resending it, differently, so that it gets through. Think of making phone calls; if it's busy, the caller tries again; if it rings and rings, they don't know what to do; if it takes a message, they expect that someone will listen to it. This is at the SMTP level. It doesn't backfire onto some faked address, spamming yet another person. If they'd connected directly to your SMTP server, part way through *trying* to send it'd abort and pop up a warning (just the same as you'll see on some systems if you try to post to a non-existent address). If they'd sent through their ISP's SMTP server, they'd send it, and moments later their ISP mail system would bounce it back to them, to their mailbox, not to someone else's address fraudulently written in the spam's "from" field. The notification would be of this sort: Your message could not be delivered, because the anti-spam system has determined the message to be spam. If this is not correct, you can try re-sending your message, but in a slightly different manner. e.g. Turn off HTML, send it as plain text, send your message without a 20 meg file attached to it, send your message without an executable file attached, send your message without content similar to many spams (i.e. don't quote spam content to us), telephone us if you are having trouble, etc. A real person will see that, and make some adjustments and try again. Most spammers will not see that, and not hand craft a spam for one person in a million. Some spammers may look at the rejection notices that they get back, but those that are going to try again are still going to spam you with the something that triggers the spam detection, just about all their attempts at obfuscation are detectable. And again, they're not going to do this just for you, but for all their victims, increasing the chances that anti-spam system updates will also catch them. > 4. I guess being a New Yorker I have a thicker skin. I have never gotten > a message from a crazy that I felt would damage my equilibrium. If one > appears I put him in my blacklist and he disappears. I'd simply rather not have to bother. Though, at times, I've sent their replies back to the public list. They don't usually pull that stunt again, on anyone. Some even unsubscribe. I find blacklists mostly a waste of time. I've got to fiddle around on more than one client, usually, and those sorts of people will change addresses so they can continue to be a pain. And there's a certain level of satisfaction in hitting the delete button. I will also respond to the following, despite your feeling about it drifting away from topic, as it's a topic that needs occasionally bringing up, the separation of public and private mail, in general. It goes beyond the two of us, at this stage it's pertinent, and I don't think the thread has dragged on hideously (like some tangental posts do). Not yet, at least. ;-) > The real thing is communication channels are designed to communicate. > And some communication does not belong on a public list. To tell people > they can't communicate with you except if they know the secret code word > to me is rude. I have no good examples in e-mail communication but If I > could e-mail you directly to give you examples why having an unlisted > phone number can be between disastrous to life threatening in some > situations. Since email is rarely a life and death situation, particular in this list's case, I don't find it a compelling argument, and I only apply that hard rule to this address, which is only used with list mail. And, of course, the primary communication of this list is through it. You're, in no way, impeded from using the list in its normal way by how my mailbox works, so no communication is prevented, that way. I do something similar on usenet, posting from an impossible to reply to address (e.g. like: user@xxxxxxxxxxxxxxxxx). Again, it doesn't impede the group. The signature informs people the mailbox is ignored, so they should be able to work it out, and anybody who fires off an email without reading the whole thing that they're responding to has other problems, or will have. I think someone who wanted to contact me off list would have to be pretty stupid not to think of asking, on the list, "please contact me off list," without me explicitly explaining that to them. At that point, I can accomodate them, in one way or another, or decide not to. Just the same as I can continue any other conversation, or terminate it, whether that be e-mail, the phone, or someone knocking on my door. None of us are obligated to respond, no matter what the other person thinks. Remember that when you next see a troll, you can turn your back on them, you are allowed to, you don't have to be polite. Sometimes you get things that should have been on the list, and it disadvantages everyone when some people only reply privately, even though its not private material (e.g. they have the answer for stopping your X from crashing, and it's information that someone else would use, too). I've seen forums and usenet groups where all you read are questions, and replies saying "FAQ sent privately." There's no useful information to be read, there. I like to discourage that. I'm not sure that I'd want communication that didn't belong on a public list, certainly not without some inkling about it. For instance, I have exchanged private mail with Gene about television production related issues, but knowing about *why* beforehand. Think of that *password* in this manner: You work at a shop, and you have a client that has spoken to you a few times. You're happy for them to contact you at work, like we do on this list, and they can do so at their pleasure. But you don't give them your home number or address without a compelling reason. It is my little bit of privacy still remaining, that I'd generally prefer not to receive private mail. And plenty of others prefer not to, either. Some find it quite confronting that posting to a list results in some surprise private mail. Rather like finding that shopkeeper knocking on your door at tea time, to tell you that things would be easier if you just did this... Or the school bully catching up with you after school, knowing there'll be no witnesses. It feels like stalking. You weren't expecting that sort of response. For those reasons I'm loath to contact someone privately, especially someone I hadn't already established a rapport with. I know some people find it quite daunting. I think that private mail is something best kept private, or arrangements made beforehand. -- [tim@bigblack ~]$ uname -ipr 2.6.22.1-33.fc7 i686 i386 Using FC 4, 5, 6 & 7, plus CentOS 5. Today, it's FC7. Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. Spamming the postmaster, that's a paddling...
