Merlin’s weekly podcast with Dan Benjamin. We talk about creativity, independence, and making things you love.
Open thread: Favorite spam blocker service?
Merlin Mann | May 21 2006
I've been relatively fortunate with filtering spam over the past couple years (knock on wood). But despite a kickass three-tiered system that includes the world-beating server-side Sieve, plus Mail.app's pretty good client filtering, it's inevitable that even my best-loved private email addresses would find their way into the wrong hands (it's why I recently created "ThanksNo.com" -- an experiment in social re-engineering that you are free to use as well). So, now that the spelling-impaired Lords of The Dark Side have such renewed interest in my investment options and genital proportions, I'm considering joining a service like Spam Arrest or the apparently deceased Knowspam. I mostly plan to run this on the addresses I use for strictly personal stuff, so I'm satisfied I can start with a "whitelist" to ensure I don't generate loops or dead ends for the "good" senders. But, you tell me... Apart from running smart filters on your server and in your mail client, what's the best way to protect a mydomain.com-type email address from becoming compromised and punked-out? What are the dangers and cons of using a challenge/response service like Spam Arrest? Apart from abandoning it wholesale, what's the most effective and non-annoying way to rehabilitate a compromised address? 57 Comments
POSTED IN:
 I've been using a multi-layer...Submitted by Ariel (not verified) on May 24, 2006 - 3:04pm.
I've been using a multi-layer spam filtering with a free software stack for a few years. Spam to my domain has been increasing and is now over 10,000/day. My domain has been up since 1995 and I encourage people to write to me so not much hiding is possible. Of those 10,000/day, I see about 2 spams/day that manage to make it through all layers. False negatives happen but they are very rare. Rare enough that I can live with them. Here's how it works: My domain has a catchall set-up, nothing is dropped, nothing is bounced. In practice this enables me to have an infinite number of honeypots. Any incoming email goes through a series of procmail recipes. First, a white list is applied. The remaining (unsure) emails go through a series of filters (this is where CR system would kick in, but I think CR are too difficult to get right, so no CR for me). The most effective of the spam filtering layers is the honeypot detector. Email to honeypots, which is by definition spam, gets analyzed further and some header and body signatures which I don't like to reveal to spammers, get stored in a series of flat files. This includes the obvious source IP which is almost always an open relay. Any email that follows, even to a legal address, that matches any-one of the signatures is marked as spam. All signatures age and decay quickly so they are effective only for a few hours. In addition a process looks at recent signatures and goes back to mark previously accepted email as spam. This way even if spammers hit a good address before the honeypots, they get cleaned later. Finally, I apply 'dspam' (a bi-gram bayesian filter) to those that happen to be sent only to one good address. 'dpsam' is very good in learning using train on error which is bound to a 'this is spam' key in mutt (my mail reader). The spam problem is solved for me. I'm now a little bored with how little email I have to sift through each day :) Ariel » POSTED IN:
|
|
| EXPLORE 43Folders | THE GOOD STUFF |
