[Gllug] Whitelist-only spam filtering

Jake Jellinek jj at positive-internet.com
Thu Sep 12 10:25:41 UTC 2002 

Hi,

I haven't had a single false positive using Spam Assassin on mail boxes
which were previously 80% spam (getting around 500 to 1000 mails a day
in the box). I do get the odd spam still slip through, but this is down
to about 4 spam messages a week out of around 6,000 messages which for
me is very acceptable.

Spam Assassin is good because it takes so many different factors and
blacklists into account and then scores each mail. You then set a score
limit for spam. Being in a single blacklist isn't usually enough reason
to consider a mail spam. It takes into account quite clever things such
as common phrases, URL forms, from headers etc.etc. as well as using
Vipul's Razor. It also uses whitelists in that once you have accepted
mail from an address a few times it doesn't run it through all the
checks again.

As for how to install it, it's a bit fiddly (best under debian with
apt-get really!) and under qmail I did end up having to hack my own
script which isn't perfect because I only get to see the scoring for
rejected mails and not accepted ones at the moment (so I can't tell how
close to my score limit the ones that got through were.)

Anyway, I resisted any filtering at all for some time, because I don't
like the idea of having to do it, but when it gets to the point where
you are spending more time deleting spam than reading mail something has
to be done.

Thanks,

Jake.

P.S. Thanks Thom for getting me to use it in the first place!

P.P.S. http://spamassassin.org

On Thu, 2002-09-12 at 10:46, Rev Simon Rumble wrote:
> A discussion took place about spam last night at Dorkbot which got me
> thinking.  I've now had too many false-positives from all the various
> blacklists.  I'm also spending too much time maintaining spam blocks.
> I'm thinking of experimenting with whitelist-only email.
> 
> As far as I can see, there are two approaches to this kind of system:
> 1) Filter anything that isn't in the whitelist to a box and manually
>    maintain the whitelist every so often. (Perhaps even with a
>    temporary whitelist for addresses that I have emailed in the past x
>    unit of time.)
> 2) Use a challenge-reponse system for addresses that aren't in the
>    whitelist so they can get themselves into the whitelist without my
>    input.
> 
> So can anyone recommend some whitelist code that has thought through
> the problems inherent in such a system?  Ideally any such system
> would be able to hook into mutt so I can whitelist the address at the
> press of a key.
> 
> -- 
> Rev Simon Rumble <simon at rumble.net>
> www.rumble.net
> Send email with subject "send key pub" for public key.
> 
> Why sir, there is every possibility that you will soon be
> able to tax it! 
> 
> - Michael Faraday 1791-1867: to Gladstone, when asked about
> the usefulness of electricity



-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list