Berlind's Testbed

David Berlind
Home / News & Blogs / Berlind's Testbed

What's worse? The spam itself? Or how anti-spam solutions block legitimate mail?

By | October 29, 2007, 11:57am PDT

After being in New York City last week and being busy almost the entire time, I spent a good part of the weekend catching up on e-mail. I have more inboxes than I care to admit and use more technologies than I should be using to see access them (Via the Web, Thunderbird, Outlook, etc). Somewhere on my to-do list is a day or two’s worth of purging and consolidation. These e-mail marathons usually include the tedious job of searching junk mail and spam folders for any legitimate e-mails. When it comes to e-mail, most of us (e-mail users and the e-mail solutions providers that serve them) have lost our sensibilities. The facts that (a) legitimate e-mail finds its way into our junk mail folders, (b) we must spend our time searching through junk mail folders for that legitimate e-mail, and (c) we somehow think this is normal, is proof that we’re gluttons for punishment.

So, let me make this abundantly clear: the very second you must access your junk e-mail folder to make sure there’s no legitimate e-mail in it is the very second in which your anti-spam technology has become entirely useless to you. After all, the whole idea of anti-spam technology is to make it so that you don’t have to wade through illegitimate e-mail in order to read your legitimate e-mail — all of your legitimate e-mail. One statistic that anti-spam solution providers pride themselves on is the fewest number of false positives. That is, they’ll boast that their systems make the fewest number of mistakes when it comes to misclassifying a legitimate e-mail as spam (and dumping that legit mail into your junk mail or spam folder). To me, this would be like an amusement park bragging about the fewest number of deaths.

Let’s be clear. Even one false positive is unacceptable. In fact, I’d argue that just one false-positive is even worse than a bunch. What’s harder to spot? One needle in a giant haystack? Or 20 or 30? If you’ve ever scanned a junk mail folder with 100’s of entries, only one of which is legit, spotting that one is actually harder than spotting a bunch because of the way we are so easily desensitized by seas of text. Ultimately however, it doesn’t matter. The fact that we have to look at all completely defeats the purpose of having a junk mail folder. We might as well just let the spam flow into inboxes because having to look in two folders for our e-mail is just the same as having to look in two inboxes. You still have to look.

OK, so you don’t have to look. That is, so long as there isn’t a chance that a critical e-mail may have ended up there. But what’s non-critical? Several recent scans of my junk mail folders revealed the following false positives and how that false positive affected me:

  • Someone that I would drop everything for was coming to town on short notice and wrote to me to see if I wanted to get together with them. I missed the opportunity.
  • A service that I pay for annually was about to expire and was reminding me via e-mail to renew. Luckily, I caught it before it expired.
  • A vendor wrote to me with a correction to something I wrote on ZDNet. It took longer than either of us would have liked for me to correct the text.
  • Readers write to me with tips for Technology Shakedowns or their own thoughts on what I’ve written. I like to write back to readers and thank them for writing to me on a timely basis. But that sometimes doesn’t happen because their e-mail is getting falsely accused of being spam.
  • My bank actually sent me a real e-mail having to do with security measures. With so much phishing going on, it is nearly impossible to tell the difference between an e-mail from your real bank and some imposter pretending to be your bank. Fortunately, I look closely at anything that says it’s from my bank just in case it really is. But should I have to do this?
  • Someone I had an appointment with had to change that appointment. I showed up at the originally scheduled time and bumped into a competitor. Can you say “uncomfortable”?

I could keep going but won’t. You get the picture. Once you realize that these sorts of mission critical e-mails are being routed to your spam folders, you have no choice but to keep an eye on those folders too.

It raises a serious question. What’s worse? The spam itself? Or, the nasty side-effect of anti-spam solutions whereby important e-mail isn’t getting to its recipients on time, if at all. For me, all it takes is one missed deadline. Or one canceled appointment. Or one missed critical business communication for me to realize that one of those snafus is far more costly to me as a businessperson than all of the spam taken together. Can’t decide? Put yourself in the sender’s shoes. Actually, you don’t have to do that.

Chances are, you send e-mail. What’s worse? The spam you’re getting or the fact that some mail you are sending is getting falsely classified as spam on the other end by an anti-spam system that you have no control over? During my junk mail folder cleansing operation this weekend, I decided to do something differently (perhaps you’re one of the lucky few who heard from me?). For every false positive (and there were many), I wrote back to the person with the following message or something similar:

Just fyi… outlook rejects your e-mails as spam. No idea why. Outlook doesn’t tell you.

So, first, a couple qualifiers. Here at CNET Networks, we use Spam Assassin at the server level and Outlook’s built-in filtering at the client level. When Spam Assassin catches something, it adds an attachment that tries to explain why the e-mail in question passed the corporately set “Is this spam?” test. When this attachment was present, I furnished that information as well. But for e-mail that makes it past Spam Assassin’s watchful eyes (and plenty of spam does), Outlook 2003 has its own anti-spam technology to serve as a backup. When Outlook 2003 thinks something is spam, it doesn’t tell you why the way Spam Assassin does.

I wasn’t about to dig around these e-mails to figure out. It’s not my job and I don’t have the time for every false positive that comes in (now that there are so many). But I’d hate to have to be the poor IT guy on the other side where now, they’ve been notified that their business-critical communications may not be getting through to the intended recipients. How many e-mails didn’t get through? Don’t know. What was causing the problem? Don’t know (even when Spam Assassin tells you, you have to be a rocket scientist to figure out what it means). It’s a complete breakdown of a system that senders everywhere are depending on.

This, my friends, is known as the “deliverability problem.” If you’ve noticed legitimate mail getting falsely classified as spam on your end, then you know it’s happening to your outbound e-mail on the other end. How many times have you said to someone “Didn’t you get my e-mail?” and had the other person say “No, maybe it got trapped by my spam filters.”

Invariably, in response to my rants about spam, my inbox and my junk mail folder get loaded with pitches from anti-spam solution providers who will swear until their blue in the face that I must try their system because of how much more accurate it is than the rest of the solutions on the market (especially mine). The funny thing is that even though they don’t realize it, they all say the exact same things. Here are some bullet points. Feel free to cut and paste if you work for an anti-spam vendor:

  • Our system is patented (whoop dee doo. Some kid filed for and was awarded a patent for swinging sideways on an ordinary swing).
  • It was developed through man years of research by security experts in Tel Aviv (that’s right, Tel Aviv attracts better spam researchers than any other city in the world).
  • The inventor of our system has a Ph.D. (no comment, I don’t want hate mail from Ph.Ds unless my anti-spam system will falsely classify it as spam).
  • I’ve seen this Dave and I’m telling you, it really works (Your definition of “works” and mine are very different).
  • The Gartner Group has seen this and they agree, there’s nothing quite like it (It’s one of the most unfortunate facts about the anti-spam ecosystem — no two solutions are created equal. That’s part of the problem).
  • So and so Fortune 500 company is using it (oy vey, the blind leading the blind).
  • No honestly Dave, I swear to you. Try this system and you’ll agree that it’s better than anything else out there.

I’m so tired of this e-mail that I usually ignore it. Occasionally, I respond and the first question I ask is, “What does your solution do to solve the deliverability problem?” Answer nothing. Case in point? I’m still arguing with one anti-spam solution provider and, irony of all ironies, most of the e-mails that he’s sending to me, telling me about how his system is so much better than everyone else’s, are showing up in my junk mail folder.

He does however admit that there’s one way to solve the problem; everyone needs to run the same system. In his case, he just thinks it should be his system. In my case, the answer is to make sure the fundamental technologies are baked, as standards, into all e-mail systems. It’s simply unrealistic to think that every e-mail administrator in the world is going to go out and buy the same system. But if the so-called system involves standards that are baked into every solution that’s out there, then, we stand a chance of rectifying the problem.

It isn’t just one standard either. Fixing the problem requires layers of standards just the same way that retrieving e-mail today involves layers. For example, when e-mail servers transmit or receive e-mail from across the Internet, those servers must comply with the Simple Mail Transfer Protocol (SMTP). But for you to get your e-mail into your PC from one of those servers usually requires your e-mail client (Outlook, Thunderbird, etc.) to connect with an SMTP-compliant server over a different protocol. It might be a proprietary protocol like the one Outlook uses to speak with Microsoft’s Exchange Servers (for both mail and calendering) or it might be the POP3 or IMAP standards for e-mail retrieval. The point is that layers are involved and that bit of complexity, which will be required here, shouldn’t deter us from going after the right solution.

For example, going back to my bit of manual labor over the weekend where I wrote back to a bunch of people telling them that their e-mail had been falsely classified as spam, there’s no reason the system could not have done that. In other words, over the SMTP protocol, there could be a variety of error codes that the suspicious system sends back to the suspect to let them know that (a) the e-mail didn’t get to it’s intended recipient and (b) why. Imagine for example if all the people who received my manual generated “non-delivery e-mail” received the same sort of non-delivery message for every e-mail that was falsely categorized as spam from all the other recipients? At least they’d know they have a problem and with whom. They might even be able to zero in on the problem and eliminate it, thereby increasing the chances of deliverability this time.

Arm-chair anti-spam quarterbacks will tell you that this sort of automated response is a terrible idea because it notifies the sender that they’ve found a active inbox. They talk about this like it’s the equivalent of letting the spammer have one foot in the door. This is pure BS. Does it really matter? The system is so broken today that we’d be conceding very little in exchange for something that long term stands a chance. That’s because this would simply be a layer in the system. Other layers (for example, authentication) would take care of spammers’ other means of flying below our radars and weaseling their way into our inboxes.

Finally, as I have said many times before, we can’t make this sort of progress on anti-spam standards (or layers of anti-spam standards) until the world’s largest e-mail solution providers Microsoft, AOL, Google, and Yahoo (MAGY: pronounced “Maggie”) decide to work together to (1) agree on what the anti-spam protocols should be, (2) get their systems interoperating over those standards, and (3) announce a date in the future at which point non-conforming e-mail will be refused entry into their systems. Why they can’t come together to a least take a stab at this on behalf of everyone who is plagued by both spam and non-deliverablity (heck, nothing else is working) remains a mystery to me.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Berlind's Testbed”

Topics

Folder, Anti-spam, Gartner Inc., E-mail, Spam, Viruses And Worms, Security, Online Communications, Spam And Phishing, David Berlind

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
47
Comments
Add Your Opinion

Join the conversation!

Just In

Whitelists have limited uses
xrxca 5th Nov 2007
I your running a business you may have no idea where your next important email is coming from, that email that you didn't get because you rely on a whitelist could be the one the puts you in the black this year.

They can be useful, but they are not the magic bullet. And the idea of flagging one item as spam results in that email coming off a whitelist is naive, and only possibly valid if your talking a single user and only then if the user gets notification of such a change. In a larger organization what one user regards as spam may be legitimate to another user.

And there is one of the biggest problems, the definition of spam, I think we can pretty well all agree that certain emails are spam. However there is a pretty big gray area out there.
View in thread
0 Votes
+ -
False positives
Yagotta B. Kidding 29th Oct 2007
Hmmm.

I get more than 2,000 spam per day, and that's after the DNSBL filtering weeds out most of it. The automated filters might flag an occasional false positive, but I know that I, personally, have been responsible for falsely flagging more messages as spam than they have.

Ask Dana Blankenhorn abou the 'TOVA' (Test of Variable of Attention) test -- when you're punching the eject button for fifty messages in a row, not punching it for #51 is hard. Five hundred? Pretty near impossible.
0 Votes
+ -
Signed mail and anti-virus like technology is probably the way to go
XP user 1st Nov 2007
Unfortunately, not all anti-span solutions respect signed email, which should solve a lot of problems; as forging large amount of signed mail can't be done (well, at least will be hard). And, it's possible to set up Outlook/Outlook Express to default to signed (and encrypted as well) email (S/MIME), slightly involved but anybody should be able to do it with proper instructions. Unfortunatly, the only big Webmail system that supports it today is Gmail/Firefox with the Gmail S/MIME plugin, and the alternative OpenPGP can't be made the default in Outlook/Outlook Express. Look here for how to setup S/MIME, the switch on the checkbox to sign all outgoing messages in Tools->Options->Security:
http://blogs.zdnet.com/Ou/?p=635

Then, as false positive makes a spam filter useless, the only real way to avoid them (while allowing unsigned messages) is with spam signatures, the same way as virus signatures. This could be (or rather is, I think this technique is already in use) done by honeypots and filtering services that use data collected from these honeypots in real time. This is likely to work very well as it uses a unavoidable property in all spam, that the same content is sent to a huge amount of recipients, and this fact can't be worked around by the spammers. Filtering viruses based on heuristics has been tried and basically failed, I believe the same applies to spam.

I have been testing IronPort's spam signature filter, which seems to work very well; I have yet to see a false positive (while throwing out 98-99% of the spam), but I have not tested it enough to say that it never generates a false positive; however, it's better by far than anything else I tested.
0 Votes
+ -
Technical detail
Yagotta B. Kidding 29th Oct 2007
In other words, over the SMTP protocol, there could be a variety of error codes that the suspicious system sends back to the suspect to let them know that (a) the e-mail didn?t get to it?s intended recipient and (b) why. Imagine for example if all the people who received my manual generated ?non-delivery e-mail? received the same sort of non-delivery message for every e-mail that was falsely categorized as spam from all the other recipients?

When SpamAssassin rejects a message, this is exactly what happens. The 5xx error codes allow both encoding details in the error code itself and appending a comment that the senders' logs can record [1].

What you're describing is another matter entirely: returning errors from the MUA (mail client.) The problem is that the client may not even be online at the time the MTA (SMTP) transaction occurs -- which is exactly the situation you started by describing.

That leaves bounce messages, which are a BAAAD idea because spammers have figured out how to use them to distribute spam. Once they muck with the headers, you can't count on the return address, "Errors-To:" address, etc. The sending IP address is also useless for whole hosts of reasons, BTW.

Bottom line: the very point that the "anti-spam crazies" were making (and being ridiculed for) ten years ago is still playing out: it's a race between e-mail becoming useless for spam and spam making e-mail useless.

For now, nothing fundamental has changed: never count on delivery of an e-mail message. That was never part of the design requirements.

[1] Of course, that implies that the sending MTA admin has time to actually read those logs. If you think that clients are busy ...
0 Votes
+ -
There is no guaranteed proof of delivery.
pmcgrath@... 29th Oct 2007
Great post, but your message got lost in the details. As I tell my users with the fax machine, just because you sent the fax, does not mean the person on the other end got it. This goes for email as well. If it is THAT important pick up the phone, call and get a verbal confirmation of receipt. We will sooner eradicate poverty through world peace then get the holy grail of spam filters with no false positives. It ant gonna happen.
0 Votes
+ -
If everyone makes the same mistake...
Anton Philidor 29th Oct 2007
... then it's not a mistake, it's a standard.

Quoting the comment:

"It?s simply unrealistic to think that every e-mail administrator in the world is going to go out and buy the same system. But if the so-called system involves standards that are baked into every solution that?s out there, then, we stand a chance of rectifying the problem."

Let's say that the way Outlook handles e-mail is the way every anti-spam handles e-mail. Then every error of classification Outlook makes will be universal. Not that there will be no more errors of classification.


The problem is, the software must read the mail and decide on the basis of rules whether the e-mail is spam or not. I'm surprised such an approach works as often as it does.

After all, the spammers have access to the same software we do and are motivated to study it more closely. All they have to do is meet the rules the same way a legitimate piece of e-mail meets the rules. Fixed targets can be defeated.

What Mr. Berlind adds to identifying false positives is knowledge of senders and background knowledge to apply to the contents. The best spam filter for Mr. Berlind would know what Mr. Berlind knows and think the way Mr. Berlind thinks. Mine would be slightly or very different.

The situation can be made better. But I don't think it can be solved.
0 Votes
+ -
Evolution
Yagotta B. Kidding 29th Oct 2007
After all, the spammers have access to the same software we do and are motivated to study it more closely. All they have to do is meet the rules the same way a legitimate piece of e-mail meets the rules. Fixed targets can be defeated.

Actually, the "rules" are data-driven for most systems (can't speak to Microsoft's; theirs are secret.)

Thunderbird, for example, builds a database from the user's "spam/nonspam" button pushes. The result is like cryptography: there's no secret to the algorithm used, but the attackers don't get much from knowing it.
0 Votes
+ -
Spammers know...
Anton Philidor 29th Oct 2007
... which words are likely to be flagged to increase the total, even how much words must be changed to be unrecognized by the anti-spam software, but recognizeable with the odd human skill that allows people to read my prose despite the typos.

They also note oddities such as acceptance of strings of characters in the subject and the use of images for the text. These are solved, but work for a while.

The people who don't know the rules are the senders of legitimate e-mails. If the spammers work well enough to imitate the usual style of legitimate notes, they can induce false positives while preserving their own efforts as Not Spam.
0 Votes
+ -
Wrong approach Dave
Bozzer 29th Oct 2007
Is how come resources are being poured into catching illegal p2p users, and throttling, blocking and and traffic shaping of p2p in general and nothing is being done about the owners of botnets, or even the victims of botnets.

It is from botnets that spam originates. There is no point in faffing around changing protocols until we tackle the proliferation's of botnets. And this involves all parties working unison to achieve this.

Someone, somewhere should be in Jail for creating these botnets. And jailed for a long time. They are a significant threat to business on the Internet, and it appears that not much is being done about them.

Until we tackle them, and this includes ISP's cutting of the service of compromised machines. Oh, they might cry foul about being cut off. But so what? Vehicles have to be a roadworthy condition before they are allowed on the highway. So should computers.

Believe me, there is no better education for users than a couple of hard knocks to make them think twice about opening that suspect email attachment or visiting those dodgy "free" mp3 and "warez" sites.
0 Votes
+ -
OpenPGP
D T Schmitz 29th Oct 2007
Seriously Dave. Think about it.
We have a 'free-for-all' going on with clear text SMTP.

As long as there are exploits which allow spambots to exist, which forge sender email addresses and users stay with the 'status quo' email SMTP we will have spam. SMTP has to be replaced and use deincentivized by strong mandates.

Put a choke hold on the channel with 'some' form of encryption that can be filtered by ISPs and MTAs that will reject spam from the outset at the originating host and you have a solution.

How does that get accomplished?

Simply by using encryption private/public encryption keys.

OpenPGP offers the solution and supports CAs with S/MIME, PGP, and OpenPGP support and guarantees that mail will get to its intended recipient.

On the encrypted private/public OpenPGP channel, nothing else exists.

A public mandate that cryptography compliance a requirement with fines/criminal prosecution for non-compliance will shunt spam into oblivion.

When a mandate exists, an ISP only needs to test email for a valid key to determine whether a forward to the next Mail Exchange or deny should occur.

In the meantime, for personal use, I rely on Gmail with IMAP and on my home system Linux with KDE and Kmail and SpamAssassin.

Google's innovative spam technology (Gmail) eliminates most spam, (less than .1% actual spam reaches my inbox annually, I've statisically analyzed this with SpamAssassin) and those which get by are caught by my local client's spamassassin (spamd).

The only long-term solution is encrypted email (think VPN).

Oh bla dee. Oh bla da. Life goes on.

Bra.
Really David. wink
0 Votes
+ -
Hmmm, I have found that the best defense
Linux User 147560 29th Oct 2007
against SPAM is to use a non-dictionary address. My private address for close friends and family only has been in service since 1998. I have bogo-filter as my SPAM client and of course the ISP under which the e-mail runs has their stuff. BUT I notice a couple of things by using this address:

1. Even with NO SPAM filters on, I MIGHT get four or five SPAM letters a year! With bogo-filter, I see maybe 1 a year. And it doesn't automatically move it to trash but does mark the message for me to examine.

2. By using a non-dictionary address, it's harder to cull into the SPAM engines. I really do believe this is why I have managed to dodge the SPAM hell others seem to have. This is also born out by other family and friends that have taken to using my style of e-mail address. They too have noticed a large drop in crapmail.

3. If you are going to do anything that requires an e-mail address, use a bogus one specifically for that purpose. Yahoo, GMail and Hotmail are excellent for this. I have a GMail and Yahoo account specifically for this reason. Even so, I tested the non-dictionary address theory out on Yahoo and it seems to hold true.

4. Be blunt and ask your friends or family NOT TO STORE your address in the Outlook address book. This may no longer be true, but I still hold people to that. It seems to work as well.

Bottom line, smart usage of e-mail will prevent 90% of the problem in the first place. And since I have an address that is still clean, when compared to others out there, that is 9 years old. Well, I must be doing something right! devil
0 Votes
+ -
Test your Client Email: GTUBE
D T Schmitz 29th Oct 2007
If your email client doesn't flag the GTUBE as spam then it isn't doing its job!

Put this in an email to yourself in the body text with no spaces or line feeds:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

If you see it in your client's inbox then you have a some work to do.

Thank youz.
0 Votes
+ -
That's why I don't bother with spam filters.
SniperCT 29th Oct 2007
I hate them, about as much as I hate firewalls and anti-virus programs.
0 Votes
+ -
1 false positive
beamnup14@... 30th Oct 2007
I gotta laugh at the people who claim to get hundreds of spam messages a day. After considerable flaming to MS, I now get about 5 a week. I was even suprised to see the million dollars deposited in my name in a london bunko acount scam spam recently. I used to get alot of spam. But they seem to have given up on giving me a 2007 laptop, or "Sexually Explicit" malsite pointers. Maybe if you cleaned up your junkmail box a little more often it would be easier to spot that one false poisitive message. So quit whining. At least my email programs are wqorking to catch at least some of the spam, and even though hotmail put a msnbc alert in the junk folder, I just had a good laugh and got on with my life.
Scott
0 Votes
+ -
Outlook's latest filter is BROKEN!!!
TekzMekz 30th Oct 2007
If you rely on Outlook's builtin spam filters you have probably noticed that since Microsoft's last update, none of the incoming spam gets blocked. I have seen this happen on several computers. I notified Microsoft, but got no answer.
0 Votes
+ -
Easy fixes but why are they not used?
brittonv 30th Oct 2007
Please tell me how I am wrong here!

The problem with the anti-SPAM movement is there are to many players. And to many of them are trying to monetize things, if we are going to pick ???One that works??? we just need to pick one and universally deploy it! No need to pick one that costs money! DNS, HTTP, FTP are all free protocols that work.

Here is my free Kill-SPAM Solution:
SPF (Sender Policy Framework) via SPF you basically publish in DNS which IP addresses are allowed to send email for a domain.

(Q) Why is this the answer?
(A) Of all the hosts connected to the internet only a handful should actually be an SMTP Server. SPF is free method of telling the internet who is allowed to send email from my domain. I have mine published such as to hard fail all email that doesn't come from my SMTP Server IP Address.

If this was universally deployed, botnet's spoofing my domain name or any other domain name would their connections to SMTP Servers denied. Emails sent from domains without SPF records will be denied as well.

Now spam will still be possible. If a spammer owned a domain and configures SPF then he could send spam BUT it will be traceable and easily blacklisted. Blacklisting will also be necessary for SPAM that comes from countries that don???t have anti-SPAM laws. We already have laws against spam. SPF in addition to the following will make SPAM highly traceable and make the existing laws more enforceable.

On the subject of botnets, ISP's should (and most do) block all port 25 traffic that isn't to their own SMTP Servers and those SMTP Servers should require authentication. I control my own domains and my ISP blocks port 25. No problem, I have simply configured my SMTP Server to listen to another port. If a computer was infected by a virus/botnet email could only be sent from the users real email address, and then only if their mail client was old enough to allow programmatic control. And still even that SPAM sent would still be traceable.

Blocking port 25 is a problem for people who want to run SMTP servers from their homes. Well, residential customers shouldn???t be able to run SMTP Servers from their homes, this should require a business account. Even with a business account, ISP???s should disable port 25 by default and enable it on a per IP as requested basis with the proper SPF controls in place of course.

Dave was absolutely correct in that the first step in controlling SPAM is for the big 4 to do something. SPF is implemented already by AOL, so we are 25% there!
0 Votes
+ -
Its one thing for a message to end up in the Junk folder
bzim05@... 30th Oct 2007
but quite another when your ISP filters it before that point and you have no clue anyone ever tried to send the message in the firstplace. Comcast has been terrible about this for the last 4 or 5 monthns. I ended up getting a g-mail account to insure I get all of my incoming legitimate mail.

I attribute this to the general "dumbing down" of the Comcast ISP. No useable user controlled whitelist other than an all or nothing solution (not useable).
0 Votes
+ -
RE: What's worse? The spam itself? Or how anti-spam solutions block legitim
walter_reinhart@... 30th Oct 2007
I agree with you on Outlook and it's spam filter. I get a couple of online zines every week and every week I have to go to junk mail and select add senders' domain to the safe list and it does get tiring. I use FireTrust's MailWasher, which allows me to see my mail at the server, thus allowing me to read mail and decide if it's spam or not, if so I can blacklist, delete and even bounce it back.
Walter Reinhart
0 Votes
+ -
I'm the guy David is referring to in his story
Steve Kirsch 30th Oct 2007
I've had numerous discussions with David on this topic.

The setup they use is terrible. It's no wonder my messages get tagged as spam.

I said that if most everyone upgraded to ANY solutions that was effective, that it would shift the current economics for spammers. A spammer who can make $100,000 a year doing spam is going to keep doing spam. If he makes $1,000 a year, he's going to look at other ways to make a buck.

I asked David if I could absolutely prove to him that our system (Abaca) is 99.9% effective in filtering the spam and makes only 1 false positive mistake a year, would he switch to it?

He said "No".

Can you believe that?

That solves nothing. It actually makes the problem worse because his refusal helps spammers make money on the spam they send to ZDNet. That keeps the problem alive.

I don't really expect to change his mind even if our system was a perfect spam filter. In fact, he should just admit that even if a vendor came out with a perfect spam filter that NEVER made a mistake, he'd still refuse to use it!!
0 Votes
+ -
RE: What's worse? The spam itself? Or how anti-spam solutions block legitimate mail?
nomoreemails 30th Oct 2007
Sorry David, I got to the bullet points and was overwhelmed by your sea of text. Not one of your most succinct articles I must say. I will set aside a day or two to see if I can read to the bottom to read your conclusion, soon, I promise.
0 Votes
+ -
Why non-delivery e-mail would not work
scott1329 30th Oct 2007
Spam is delivered by zombie Windows machines, mostly, so people would get a flood of these. It's like spam now, where the errors-to header is forged with a random e-mail not in the Received: headers' path, and my server is used to process bounces from spam it had nothing to do with. Imagine drowning in the flurry of these spurious messages every time your e-mail address was forged to receive these not-delivered e-mails! We'd drown in them. Spammers would have every incentive to break this system by overloading it to make it useless.
0 Votes
+ -
let's address your bullet points one at a time....
jmelnik 30th Oct 2007
Bullet 1: should have been solved with entry into the whitelist (unless their email recently changed)

Bullet 2: also should have been handled by a whitelist entry.

Bullet 3: not enough info, if this was someone or a vendor you routinely correspond with, than a whitelist entry should have been used.

Bullet 4: legit, nothing to be done here.

Bullet 5: not so much a spam as a phishing problem. not sure why it's included. Bank should be whitelisted, phishing is phishing. I never ever answer anything account related to anything via email. just go to the website. again tho, not spam related in the context of this particular article.

Bullet 6: also should have been whitelisted.

So we are left with bullets 3 & 4 only. You could have handled a great deal of your problem by keep whitelists up to date.

Don't misunderstand me-- I agree with the main point of your article, just not the degree of it. It is a problem and it does need to be addressed.

OMG we have multiple human beings in space at this very minute assembling an international space station-- you mean we can't find an international cure to spam? something is wrong somewhere.


BUT... we are where we are. The problem is manageable. I maintain 2 emails accounts: my official work one (on an intranet so they handle the spam) and a hotmail public one. There's really no need for anything more. I have several others for various stupid reasons, but I just forward them all to the main hotmail one and do all the control from there.

Yes, maintaining a whitelist can be somewhat time consuming-- but it's well worth it. And once you spend in the initial time populating it the maintenance isn't really that bad.

I noticed a HUGE reduction in the amount of false positives -- to the point I only bother scanning my spam folder every week or two. Been a long time since one appeared-- and it's usually my fault for not adding an entry for something i've subscribed to.

Funnily enough, most of the spam that makes into my inbox is from other hotmail.com addresses-- can't really fix that though I do religiously forward them to the appropriate complaint address at hotmail support.

Anyway, yes SOMETHING MUST BE DONE but it is manageable in the meantime.
0 Votes
+ -
Agreed
CobraA1 30th Oct 2007
"So we are left with bullets 3 & 4 only. You could have handled a great deal of your problem by keep whitelists up to date."

Agreed. Using whitelists - especially when combined with digital signatures to prevent spoofing - can greatly reduce the amount of false positives.

IMHO, positively identifying people you already know is a solved problem. It just needs to be implemented and kept up to date.

A few things that can alleviate having to keep a white list up to date:

- Automatically add users that you send messages to to the white list. Chances are, you aren't going to send messages to a spammer.

- Have an "add to whitelist" button in an easily accessible location.

- Address books are obvious whitelists. I doubt you'd put spammers in an address book, so the addresses in the address book should be added to the whitelist.

- If the user throws something into the spam folder, it can be checked and if somehow the sender was on the white list by accident, it can be taken off the white list.

I think that with a bit of automation, maintaining a whitelist can be easy.
0 Votes
+ -
Whitelists have limited uses
xrxca 5th Nov 2007
I your running a business you may have no idea where your next important email is coming from, that email that you didn't get because you rely on a whitelist could be the one the puts you in the black this year.

They can be useful, but they are not the magic bullet. And the idea of flagging one item as spam results in that email coming off a whitelist is naive, and only possibly valid if your talking a single user and only then if the user gets notification of such a change. In a larger organization what one user regards as spam may be legitimate to another user.

And there is one of the biggest problems, the definition of spam, I think we can pretty well all agree that certain emails are spam. However there is a pretty big gray area out there.
0 Votes
+ -
RE: What's worse? The spam itself? Or how anti-spam solutions block legitim
@ShaneX 30th Oct 2007
"they???ll boast that their systems make the fewest number of mistakes when it comes to misclassifying a legitimate e-mail as spam. To me, this would be like an amusement park bragging about the fewest number of deaths."

David.. I just wanted to highlight that you equated misclassifying an email with someone dying at an amusement park.

I couldn't read much past that, I knew it to be ventful rant.
0 Votes
+ -
This is why digital signatures and cryptography are so important.
CobraA1 30th Oct 2007
"That is, so long as there isn???t a chance that a critical e-mail may have ended up there."

Yup. Now - how many of these critical emails are from people you already know? I'm willing to bet most, if not all, all of them.

The technology exists today to guarantee that people you have already contacted cannot be put in a spam folder. It's digital signatures combined with white lists. Digital signatures ensure the sender cannot be spoofed, and the white list ensures the sender cannot be accidentally placed into the spam folder.

"Occasionally, I respond and the first question I ask is, 'What does your solution do to solve the deliverability problem?'"

It's a very good question and one that needs to be asked. The big problem is that everybody is separating white lists from digital signatures and other encryption technology. They simply see them as separate problems and don't realize that when they are combined they fill the weaknesses of each other and create a very powerful solution. The result? Nobody implements them, and we're stuck with our current spam situation.

"we can???t make this sort of progress on anti-spam standards (or layers of anti-spam standards) until the world???s largest e-mail solution providers . . ."

IMHO It's time we re-invented email altogether.

Forget the email providers, they'd rather implement their own "solutions" that don't play well with others.

Forget playing around with SMTP. It's broken beyond repair, and many of the people who maintain SMTP servers are hard headed and refuse to implement new standards.

Quite frankly, we're on our own. What we need to do is to implement a new non-SMTP solution that involves digital signatures and encryption. That's the only way this is going to get fixed.
0 Votes
+ -
OpenPGP Cryptography
D T Schmitz 30th Oct 2007
handles the CAs, digital signing, and establishing 'web of trust' is your personal decision.

Spammers cannot 'spoof' digitally signed CAs nor can they decrypt an OpenPGP encrypted email.

Only the recipient who has shared his/her signed certificate with you can open your mail and visa versa.

No changes are needed for SMTP--OpenPGP is encapsulated into the SMTP message body which ISPs can validate to determine if a message should be denied/forwarded. No infrastructure changes are needed. This is mostly a mandated 'policy' change that can be followed and enforced.

SMTP alone is clear text and so spammers forge the sender's id with impunity!

The solution is here but it won't be used unless mandated.
0 Votes
+ -
Yup!
CobraA1 30th Oct 2007
"Spammers cannot 'spoof' digitally signed CAs nor can they decrypt an OpenPGP encrypted email. "

Yup. That's why it's so powerful, and that's why it needs to be implemented.

"No changes are needed for SMTP--OpenPGP is encapsulated into the SMTP"

Okay, so wrapping it up IS an acceptable solution - what I was mainly revolting against is an attitude I found in another forum where people were people were thinking that digital sigs were unnecessary and shouldn't be implemented because they thought that they could solve spam at the SMTP level without sigs.

I agree that digital signatures are great for this.
0 Votes
+ -
Roger that!
D T Schmitz 30th Oct 2007
(My earlier thread)

Thanks CobraA1!!
0 Votes
+ -
Sorry, Dave. I'm not getting it (your point, not your email)
ejhonda 30th Oct 2007
Normally I'm a big fan Dave, but I think you've laid down some shaky points in support of your legitimate beef.

The one that has me scratching my head the most is the notification back to the sender as to whether their email was blocked and why it was blocked. How does that help? Shouldn't the fact that my legitimate email was blocked be between you and your chosen spam filtering product? Am I supposed to use a limited dictionary of words in order to tippy toe around filters, or am I supposed to wholesale move my mail operations to some other platform because either a small minority of intended recipients, or even one recipient, is having my email blocked?

I'm with you on the false positive rant, but how the notification back to the sender (other than to let them know you probably didn't get the original message) is going to improve things is beyond me.
0 Votes
+ -
We've been though this...
Resuna 30th Oct 2007
I agree with you. We've been through this years ago. Notifying people that their spam was rejected ends up creating more spam, since many spammers routinely forge the source addresses. Several years back I got hit by a $750 bill for excess bandwidth from just handling and rejecting mail to addresses on one major spam where the return address was set to randomly generated names "@" my domain. Many of the rejections were second level bounces, where my "no such address" response got listed as spam and sent back to mailer-daemon "@" my domain.

The most effective anti-spam tool I have found is a combination of greylisting (where you temporarily reject a message the first time, and only accept a message when the second identical source and destination show up) and eager-writer blocking (where you wait before posting the banner line and reject messages where the sender starts sending before the banner). These together block 75% of incoming mail, and will not block any mail at all from any mail server that isn't badly broken.
0 Votes
+ -
Why does your ISP accept so much spam?
verbila 30th Oct 2007
You can rant and rave about mail filtering all you want because you are right - mail filtering is NOT the solution. It amounts to mopping up the floor after the faucet has spewed raw sewage into your house.

YOU HAVE TO TURN OFF THE FAUCET!

Your ISP should be REJECTING SPAM AT THE SMTP LEVEL. If the mail server never accepts it in the first place you will never have to filter it our of your Inbox. I am stunned that CNET accepts so much spam. Aren't you using Spamhaus's DNSBLs? At our company we get like 2 spams a day, and they are ALWAYS correctly tagged and put into my spam folder. I glance at it like once every few weeks, highlight all of them and delete them. Takes me literally 5 seconds.

The problem is here:
http://www.spamhaus.org/statistics/networks.lasso

And it's AWLAYS BEEN there - the networks that sell spammers network services. Until we boycott them to hell and back they will never change their ways. All they care about is money. If they can make money off of spammers AND WE LET THEM GET AWAY WITH IT they will continue to do so. Until we put our collective feet down and say "we're not going to take it anymore, clean up your network or Welcome to your Intranet" we'll get spam bombarded at our mail servers until kingdom come.
0 Votes
+ -
We cannot trust ISPs to fix it.
CobraA1 30th Oct 2007
"Your ISP should be REJECTING SPAM AT THE SMTP LEVEL."

Except the ISP has no more idea what is spam and what is not spam than anybody else - not to mention that ISPs' filtering can and often does block legit email also - did I mention a lot of ISPs are friendly to spammers? Sorry, this is a non-solution.

We've been trying these "solutions" for years. They don't work.

Notice how Verizon is at the top of the list of spammer-friendly companies - can we really trust our ISPs to fix our problems at the SMTP level? WE CANNOT!

Messing around with SMTP and trying to get ISPs to cooperate is not working. It's time to try a new solution.

You're right - we do let them get away with it. And as long we have our heads stuck in the sand pretending we can do something with SMTP, they will continue to get away with it.

We MUST create a solution that does NOT rely on the ISP to solve our spam problem. Otherwise, we're stuck with it forever.
0 Votes
+ -
We don't have to trust ISPs - we can have control over our own mail.
verbila 30th Oct 2007
>Except the ISP has no more idea what is spam and what is not spam than anybody else

They don't have to figure that out. Spamhaus has already figured that out. They should use the Spamhaus DNSBLs. If your incoming mail provider does not use it, you can switch ISPs for your incoming mail. I don't know why anyone puts up with an ISP that allows completely obvious Viagra spam, phishing scams, mortgage & stocks spams to get through to their Inbox. Those ISPs are incompetent.

>did I mention a lot of ISPs are friendly to spammers?

That's why we should block mail from spam-friendly ISPs and NOT PATRONIZE THEM.

>Notice how Verizon is at the top of the list of spammer-friendly companies - can we really trust our ISPs to fix our problems at the SMTP level?

Why would anyone use Verizon for incoming mail services? It's like $7 a year to register a domain and POP mailboxes from ISPs that are not spam-friendly are amazingly cheap as well.

>Messing around with SMTP and trying to get ISPs to cooperate is not working.

We don't have to "get them to cooperate" by asking nicely and hoping. We simply do not accept mail from them until they do. When people forced racist bus systems to stop making black people sit on the back of the bus they did not ask the bus systems to play nice. They said, "We're not riding your buses until you stop your bigoted policies." They took control and stopped patronizing unethical businesses.

>We MUST create a solution that does NOT rely on the ISP to solve our spam problem.

But the ISPs ARE the problem. As long as ISPs allow spammers to use their networks, spam will be sent.

If you give control of your Inbox to a spam-friendly ISP or an incompetent one that does not do blocking at the SMTP level DON'T COMPLAIN ABOUT SPAM. You do not have to use your connectivity ISP (which I know often are monopolies) for your incoming mail ISP.

TAKE CONTROL!
0 Votes
+ -
We sure can.
CobraA1 30th Oct 2007
"We don't have to trust ISPs - we can have control over our own mail."

Completely agreed.

"They don't have to figure that out. Spamhaus has already figured that out. They should use the Spamhaus DNSBLs."

Except that Spamhaus isn't as effective as it can be. The list needs constant updating, and spammers change addresses constantly. Not to mention that they're preferring zombied computers now, which completely circumvents blocking of major spammer domains. You can bet that Verizon spammer isn't launching spam just from Verizon's domain.

And oh, yeah - you do have to trust Spamhaus to do their job, of course. Personally, I *would* like some control of my own rather than relying on some third party. After all, they are a catch-all solution and may not be tailored to my email needs.

"Why would anyone use Verizon for incoming mail services?"

I dunno, ask their customers. Chances are, they're just using the email that came with their internet, which came with cable or phone. Their other choice might've been Comcast, which isn't any better. These ISPs do tend to be monopolistic.

"I don't know why anyone puts up with an ISP that allows completely obvious Viagra spam, phishing scams, mortgage & stocks spams to get through to their Inbox."

Because they're not trained in running an email server, so their ISP does it for them.

"Those ISPs are incompetent."

Agreed.

"That's why we should block mail from spam-friendly ISPs"

You're right. Throw the baby away with the bathwater, and tell Grandpa that you're never going to accept his emails because he chose the wrong ISP. Somehow, I doubt that's going to get a lot of support.

"It's like $7 a year to register a domain and POP mailboxes from ISPs that are not spam-friendly are amazingly cheap as well."

That's great. Now all Grandpa has to do is to learn how to set up his MX records, SPF records, and of course the POP/SMTP/IMAP account(s). In addition, he has to figure out how to tell the domain registrar to use the Spamhaus blacklist. I myself don't know how to do that.

We need a solution we can all embrace, not just the techies.

"But the ISPs ARE the problem."

Agreed. That's why I said we can't rely on them to solve the problem.

TAKE CONTROL!

Agreed. We just need a way for the average user that doesn't have a clue what an MX record is to take control like we do. If we can create a solution that the masses can use, we have a lot more leverage.
0 Votes
+ -
Why does your ISP accept so much spam?
verbila 30th Oct 2007
You can rant and rave about mail filtering all you want because you are right - mail filtering is NOT the solution. It amounts to mopping up the floor after the faucet has spewed raw sewage into your house.

YOU HAVE TO TURN OFF THE FAUCET!

Your ISP should be REJECTING SPAM AT THE SMTP LEVEL. If the mail server never accepts it in the first place you will never have to filter it our of your Inbox. I am stunned that CNET accepts so much spam. Aren't you using Spamhaus's DNSBLs? At our company we get like 2 spams a day, and they are ALWAYS correctly tagged and put into my spam folder. I glance at it like once every few weeks, highlight all of them and delete them. Takes me literally 5 seconds.

The problem is here:
http://www.spamhaus.org/statistics/networks.lasso

And it's ALWAYS BEEN there - the networks that sell spammers network services. Until we boycott them to hell and back they will never change their ways. All they care about is money. If they can make money off of spammers AND WE LET THEM GET AWAY WITH IT they will continue to do so. Until we put our collective feet down and say "we're not going to take it anymore, clean up your network or Welcome to your Intranet" we'll get spam bombarded at our mail servers until kingdom come.
0 Votes
+ -
Silence the Zombies - block port 25 at the ISP.
ahaveland 30th Oct 2007
Blocking port 25 would be a significant step forward to force the zombies to use the ISP's mail gateways. They can identify and act on ignorant users.
Still doesn't protect users' data and privacy. Many millions of user's machines are completely owned by unscrupulous scum while the lawmakers are still totally clueless, impotent or indifferent.

Open port 25 on demand. Anyone requesting this to send mail through their own server is likely to have enough upstairs not to be owned, or get blacklisted unless they are a spammer.

Reject connections from any machine in zen.spamhaus.org BL
They have no right to be sending to a foreign smtp server, unless they are verifiable users.

Report every incidence of a zombie to its abuse address. Yes, I know it's >10,000 mail notification a month, but it does have a 5% success rate and enough to bother the criminals enough to launch dDoS attacks at me.
Give them more targets, report more zombies and their resources will dry up.

Ban dynamic IPs.

Ban IRC!

99.99% of the zombies are windows machines.
Isn't it more profitable now to sell antivirus/ antispam/ antispyware/ antimalware than operating systems?

There is still no effective policing nor unified reporting system and the whole business just stinks.
0 Votes
+ -
Doesn't work. They just use proxies and redirect the port.
CobraA1 31st Oct 2007
"Blocking port 25 . . ."

Doesn't work. They'd just use proxies and redirect the port. Getting around a port block is very easy. Almost anybody with even a little bit of networking experience can do it.

In addition, I use GoDaddy for sending email via SMTP. Now you're blocking my legitimate email in addition to spam - and you're not really blocking the spam because they'll just use a different port anyways.

Not a solution. Not effective. Not even close.

"Reject connections from any machine in zen.spamhaus.org BL
They have no right to be sending to a foreign smtp server, unless they are verifiable users."

Actually, Spamhaus blocks a LOT of addresses in the USA, because actually most spam is coming from the USA.

Also, there are legitimate reasons to contact foreign people - a lot of companies have offices worldwide, a lot of people immigrate from foreign countries and want to maintain contact, a lot of military members may be in foreign countries, etc etc. A blanket country block is irresponsible - and ineffective. Since they're using zombie machines, they can easily change the countries they're sending email from.

Using Spamhaus is fine - but its effectiveness is questionable. Spammers are constantly changing addresses and using zombie machines. Spamhaus is reactive, and there's a time between when the spammer gets a new IP address and when Spamhaus discovers it and adds it to the list, allowing spammers to circumvent it by changing IP addresses quickly. There needs to be a better solution - one that is more proactive rather than reactive.

"Report every incidence of a zombie to its abuse address."

We need an automated way to do this. If we are to gain true leverage, we need tools the average user can use. The more people that can be involved in this fight, the more effective we can be.

"Ban dynamic IPs."

The vast majority of people surfing the Internet are on dynamic IP addresses. What does this accomplish, other than banning the entire internet?

We need a better approach that discriminates between trusted and untrusted people better. These blanket approaches won't work and often hurt more people than they help.

"Ban IRC!"

They'd just change protocols. Not effective.

"There is still no effective policing nor unified reporting system and the whole business just stinks."

We don't need something centralized - we need something that works.

The ultimate problem is whether you can trust people sending you email. Since the problem is one of trust, the solution must be one of trust. Digital signatures help to establish trust relationships, since they verify the identity of the sender. Encryption also helps establish trust, since it prevents tampering. Digital signatures and encryption are IMO the way to move forward.

Blocking ports only addresses a symptom, not the root cause.
0 Votes
+ -
RE: What's worse? The spam itself? Or how anti-spam solutions block legitimate mail?
bio2com2@... 30th Oct 2007
Two comments:

a) the 7 bullets when the Anti-spam vendors "makret" their solution basically are applicable for all technology vendors.

b) Re the last paragraph regarding on the cooperation of MAGY, I can share my experience. I have 2 email accounts in one of the service providers (i.e. MAGY). I found the most frequent used email account always receives junk mails (99% are advertisement). Another one I only logon once a month never has such irritation ... I then think, who knows which email account I always used but not the other? what is your guess?
0 Votes
+ -
RE: What's worse? The spam itself? Or how anti-spam solutions block legitimate mail?
chihian@... 31st Oct 2007
ha ha. i almost wanted to offer my managed services to counter your spam problems (and false positives). but i fear a scathing article such as this one in retaliation; just in case my system does get one miserable false positive. anyway, here's a shot - try www.websense.com
0 Votes
+ -
Okay, a couple of questions.
CobraA1 31st Oct 2007
1) What does your system do to prevent false positives?

If you can't answer the question of false positives in a clear way that can be implemented everywhere, then I have no choice but to assume that nothing is being done about them. "We have a secret patented algorithm" is IMHO the same as saying you have nothing. Everybody says that.

Cooperation and public standards are going to be key, because the solution has to be global and available to everybody. If the solution is not available to everybody, then you're leaving people out in the cold without a solution and spammers the opportunity to spam them. Secretive technologies will not fix this problem.

2) Do you offer solutions for individuals?

I find the weakest link is that most of these "solutions" are for businesses that run their own mail servers. This leaves the average joe that just happens to have a sucky ISP out in the cold with no way to use the solution.

Any solution that is only for businesses and fails to address the needs of individuals with sucky ISPs will fail. Because, frankly, a large percentage of people fall in this category. Most of us have little choice who our ISP is at home, and most of us don't know how to run a SMTP server.

I need a solution that my mother and grandparents can use. It has to be simple, accessible, and shouldn't need anybody to set up a complex mail server.
0 Votes
+ -
RE: What's worse? is the lack of laws to fix this!
vmeck@... 31st Oct 2007
After years of our government telling us they are going to do something about this, and just like their Telemarketing Promises very little has been done and the problem still exists. Telemarketing, Spam and Spamming should ALL BE ILLegal, but the big businesses of our country continue to win out over the rights of individuals. (Our Government Sucks!)

I pay for my phone, My OS, and My email accounts/clients so I can use these services the way I want to. I pay for these services not for others to use and abuse any way they want , whenever they want . When I get tons of Telemarketing calls at all hours that consume my time and Toms of Spam that also consume my time then this a form of trespassing and a violation to me.

If a ???car salesman??? was waiting in your home, uninvited, to sell you a car this would be trespassing and there are laws to protect you from this. Just because he was there to sell you a car doesn???t exempt him from trespassing, so why isn???t the same type of protection afforded me when uninvited people call me on my phone or send me unsolicited email. Aren???t both of these examples of my rights being violated (as I don???t what this happening) and why don???t laws not apply as well? Both are part of my private life and should be protected information? If not, then why are so many companies today requiring email addresses and phone numbers? If they can require these things, then I should be able to protect them like my SSN# and today we can???t and our laws and government aren???t helping at all!

And,

Most of us private citizens are now sitting around wondering if I???m next for ID theft, yet this is how our laws are. Remember ID Theft starts with pices of information and our government makes it easy for business to require these things of us and then makes no effort to protect these things.
0 Votes
+ -
You all miss the real point!
vmeck@... 31st Oct 2007
Niether "Call blocks" for Telemarketing or "Filtering Software" for Spam should be needed my Telephone and Email address shouild be protected by law from this abuse just like my SSN# and FDL# is! These are all private ID's for me and my use not thiers and I should have the say in these maters no them!

Until our government get off its ass and dose somthing about this we are all in grater danger for abuse and ID theft!
0 Votes
+ -
Here's what you need:
CobraA1 31st Oct 2007
Here's what you really need, then: Invitation-only email. Set up your client to refuse all emails except those on a white list. Then only people you want to send you emails can send you emails.
0 Votes
+ -
it is illegal to have an open port 25, ask the FBI!
vmeck@... 31st Oct 2007
It is already illeagal to have open relay on port 25, just ask your ISP or the FBI!
0 Votes
+ -
Changing ports is networking 101.
CobraA1 31st Oct 2007
Blocking port 25 is ineffective. Newtworking 101: One port not working? Try another. Just because port 25 is common doesn't mean that it's the only legit port you can use for SMTP.
0 Votes
+ -
Why dosen't ZDNET become proactive for laws to fix this?
vmeck@... 31st Oct 2007
You guys write these columns then wait for us to duke it out with each other with commentary and then you do nothing as well!

ZDNET has enough voice in the industry that they should be proactively seeking legislation to fix this and you don't.

You think its enough just to raise the issues then sit on your laurels and do nothing!

My respect for ZDNET wanes severely when you do this and not that!
0 Votes
+ -
Spamassassin
JDThompson 31st Oct 2007
David Berlind wrote:

Here at CNET Networks, we use Spam Assassin at the server level and Outlook?s built-in filtering at the client level. When Spam Assassin catches something, it adds an attachment that tries to explain why the e-mail in question passed the corporately set ?Is this spam?? test. [...] When Outlook 2003 thinks something is spam, it doesn?t tell you why the way Spam Assassin does.

Thunderbird is similar to Outlook 2003 in that it doesn't tell you why it thinks something is spam. What I do is purge the false positives from Thunderbird's Junk folder and feed the rest back into Spamassassin's Bayesian filter via "sa-learn." False positives are now very rare, perhaps one or two a week.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix