spam avoidance (was Re: cpu speed problem)

[Tim]

Aaron Konstam:
> You are asking a lot form a spam filter.

Not really, it's the computer, not me...  ;-)

> But let me share with you this:
> 1. For the first time spamassassiin really works with evolution in f7.
> I get no more that 1 spam message a week out of maybe a 1000 messages.

I picked on that one as just an example, but it's the only one available
from my various mail hosts.  As I said before, it needs to be done on
the server.  Else *YOU* are still getting spam (wasting storage space
and downloading it), and lost mail gets silently discarded or you have
to manually check.  And that's the problem, where it's remotely
installed, its not modifiable enough by me to be worth it.

> 2. It is impossible to run a spam filter without checking the junk
> folder since you will lose a few files that you wanted to see. Training
> in this regard is everything.

Yes, and no.

You can run spam systems that do the poison bait test that I outlined,
and nothing more.  If anything posts to my bait address, it gets marked
as spam, 100% error free.  The same message posted, separately, to my
other accounts is identified as spam, also with 100% certainty.  Such
tests can be done without further care.

You can also do other tests, giving them less certainty, but I found it
not necessary.  The spam I was getting was always addressed to all of my
contacts.  Sometimes as separate messages, sent at the same time,
sometimes as one message addressed to a few of them.

> 3. Asking your spam filter to notify the spam senders is crazy. Why
> would I want all the cialis vender's and Nigeria con men to know their
> mail did not get through.

You're thinking about this from just one point of view.

Firstly, let's look at killing spam:  If it's spam, you don't want it,
obviously.  If you *reject* at the input stage, it's like firewalling.
They fail.  And it's better that they know that.  Auto spam systems can
give up on your address, giving the world a bit less traffic to deal
with.  Scattergun spammers, not caring about the response, aren't given
anything more useful to them than your system silently accepting their
spam.  They already have your address.

Secondly, let's look at not killing non-spam (ham):  You have someone
trying to mail you who should be able to, but for some reason their
message triggers the spam detector.  If that was your long lost brother,
your boss telling you something important, your potential client asking
you something or accepting your quote, etc., and it's silently rejected,
you've lost out something important, perhaps permanently.  If you have
to check your junk mail, personally, why bother having an anti-spam
system in the first place?  And you might check it too late to be any
good.  But, if your system rejects the message, with a notification,
that sender has the chance to try resending it, differently, so that it
gets through.  Think of making phone calls; if it's busy, the caller
tries again; if it rings and rings, they don't know what to do; if it
takes a message, they expect that someone will listen to it.

This is at the SMTP level.  It doesn't backfire onto some faked address,
spamming yet another person.  If they'd connected directly to your SMTP
server, part way through *trying* to send it'd abort and pop up a
warning (just the same as you'll see on some systems if you try to post
to a non-existent address).  If they'd sent through their ISP's SMTP
server, they'd send it, and moments later their ISP mail system would
bounce it back to them, to their mailbox, not to someone else's address
fraudulently written in the spam's "from" field.

The notification would be of this sort:  Your message could not be
delivered, because the anti-spam system has determined the message to be
spam.  If this is not correct, you can try re-sending your message, but
in a slightly different manner.  e.g. Turn off HTML, send it as plain
text, send your message without a 20 meg file attached to it, send your
message without an executable file attached, send your message without
content similar to many spams (i.e. don't quote spam content to us),
telephone us if you are having trouble, etc.

A real person will see that, and make some adjustments and try again.
Most spammers will not see that, and not hand craft a spam for one
person in a million.  Some spammers may look at the rejection notices
that they get back, but those that are going to try again are still
going to spam you with the something that triggers the spam detection,
just about all their attempts at obfuscation are detectable.  And again,
they're not going to do this just for you, but for all their victims,
increasing the chances that anti-spam system updates will also catch
them.

> 4. I guess being a New Yorker I have a thicker skin. I have never gotten
> a message from a crazy that I felt would damage my equilibrium. If one
> appears I put him in my blacklist and he disappears.

I'd simply rather not have to bother.  Though, at times, I've sent their
replies back to the public list.  They don't usually pull that stunt
again, on anyone.  Some even unsubscribe.

I find blacklists mostly a waste of time.  I've got to fiddle around on
more than one client, usually, and those sorts of people will change
addresses so they can continue to be a pain.  And there's a certain
level of satisfaction in hitting the delete button.


I will also respond to the following, despite your feeling about it
drifting away from topic, as it's a topic that needs occasionally
bringing up, the separation of public and private mail, in general.  It
goes beyond the two of us, at this stage it's pertinent, and I don't
think the thread has dragged on hideously (like some tangental posts
do).  Not yet, at least.  ;-)

> The real thing is communication channels are designed to communicate.
> And some communication does not belong on a public list. To tell people
> they can't communicate with you except if they know the secret code word
> to me is rude. I have no good examples in e-mail communication but If I
> could e-mail you directly to give you examples why having an unlisted
> phone number can be between disastrous to life threatening in some
> situations.

Since email is rarely a life and death situation, particular in this
list's case, I don't find it a compelling argument, and I only apply
that hard rule to this address, which is only used with list mail.  And,
of course, the primary communication of this list is through it.
You're, in no way, impeded from using the list in its normal way by how
my mailbox works, so no communication is prevented, that way.  I do
something similar on usenet, posting from an impossible to reply to
address (e.g. like: user at localhost.invalid).  Again, it doesn't impede
the group.

The signature informs people the mailbox is ignored, so they should be
able to work it out, and anybody who fires off an email without reading
the whole thing that they're responding to has other problems, or will
have.  I think someone who wanted to contact me off list would have to
be pretty stupid not to think of asking, on the list, "please contact me
off list," without me explicitly explaining that to them.  At that
point, I can accomodate them, in one way or another, or decide not to.
Just the same as I can continue any other conversation, or terminate it,
whether that be e-mail, the phone, or someone knocking on my door.  None
of us are obligated to respond, no matter what the other person thinks.
Remember that when you next see a troll, you can turn your back on them,
you are allowed to, you don't have to be polite.

Sometimes you get things that should have been on the list, and it
disadvantages everyone when some people only reply privately, even
though its not private material (e.g. they have the answer for stopping
your X from crashing, and it's information that someone else would use,
too).  I've seen forums and usenet groups where all you read are
questions, and replies saying "FAQ sent privately."  There's no useful
information to be read, there.  I like to discourage that.

I'm not sure that I'd want communication that didn't belong on a public
list, certainly not without some inkling about it.  For instance, I have
exchanged private mail with Gene about television production related
issues, but knowing about *why* beforehand.  Think of that *password* in
this manner:  You work at a shop, and you have a client that has spoken
to you a few times.  You're happy for them to contact you at work, like
we do on this list, and they can do so at their pleasure.  But you don't
give them your home number or address without a compelling reason.

It is my little bit of privacy still remaining, that I'd generally
prefer not to receive private mail.  And plenty of others prefer not to,
either.  Some find it quite confronting that posting to a list results
in some surprise private mail.  Rather like finding that shopkeeper
knocking on your door at tea time, to tell you that things would be
easier if you just did this...  Or the school bully catching up with you
after school, knowing there'll be no witnesses.  It feels like stalking.
You weren't expecting that sort of response.  For those reasons I'm
loath to contact someone privately, especially someone I hadn't already
established a rapport with.  I know some people find it quite daunting.
I think that private mail is something best kept private, or
arrangements made beforehand.

-- 
[tim at bigblack ~]$ uname -ipr
2.6.22.1-33.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5.  Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

Spamming the postmaster, that's a paddling...