[Sderby] Procmail & Spam assasin

[David Jolley]

I sent this to the list earlier from the wrong address, if it appears
twice, mea culpa.  If you only see one, Dom - you can delete the other
one :)

On Fri, 27 Jun 2003 13:01:13 +0100, you wrote:

>At 11:03 25/06/2003 +0100, you wrote:
>>Eeek.  ExiScan is a great bit of kit, but unless you *need* to do an
>>SMTP reject based on whether it's thought to be spam is *hideously*
>>overkill.
>
>Actually bouncing, and returning the message is a good way of handling=20
>unwanted mail.  It helps you be a nuisance to the spammers - most of =
which=20
>maintain a "stoplist" of nuisances who they stop trying to email.

Ok, yes, my statement was a tad on the strong side.  But I stand by my
analysis that the bayesian filter needs to confirm that messages are
being correctly classified to be consistent in it's spam predictions.
I've now got a corpus of about 1000 spam messages, and spamassassin is
getting quite accurate these days - anything marked at 80% or over is
definately spam, 70-80% I have it marked as a good probably (and is
caught by the non-bayesian filters), and anything less is more than
likely to be the amazon & maplin mailings, which I actually want to
see.
Without having been able to train the bayesian filter that maplins &
amazon aren't spam, I'd be not seeing them because SA would be
reinforcing itself everytime it saw a maplin or amazon spam that they
*are* spam, which they aren't, because although they are advertising
type emails, they are actually stuff I've asked to get.

I find that the best way to be a nuisance to them is to contribute to
vipuls razor (letting other people know that this is spam, and thereby
increasing it's spam score for others), and to trace back to the
spammer's ISP, emailing their abuse department.  *That* annoys them.

It's also likely that the spammers are getting annoyed with the amount
of returned (bounced) spam - they are starting to put another poor sod
as the sender - I know of quite a few people who have had upwards of
10000 (ten thousand) emails punted at them because they have been used
as the "From" in the spammers email.  So bouuncing is not necessarily
upsetting a spammer, but annoying some poor, unsuspecting sod who's
ISP - think Tiscali, Freeserve - is creaking under the volume of
bounced spam.  One Tiscali's recent email outages was due to a spammer
using a Tiscali address as the From, and using a dictionary attack on
AOL/Hotmail as the To, and the volume of bounced mail killing their
POP3 server.
=46or this reason alone, I think you're being a better netizen by not
bouncing the spam, but filtering it off into an oft-unread maildrop
thereby lessening the load on the 'net.

So, I still advocate against the rejection of the email at SMTP,
although concede the point that if you *never* want to see your opted
in advertising emails, then you may as well do it, on the grounds that
it's not your bandwidth, but I think this is a selfish act.  Redirect
to /dev/null if you never want to see it.

I ought to add that I don't get that much spam on a daily basis, my
email address has been valid for the best part of 4 years, has been
posted to usenet on a number of occasions, and I get possibly 3 or 4
spams a day, nowhere near the 40 or 50 that some people report. My
reckoning is I'm already on their shit-list :)

Cheers,

Dave