Re: [Mailman-Developers] Feature Request - Plain Text Only
On Sat, 5 Jan 2002 00:26:38 +0100 fil <fil@rezo.net> wrote:
Here's something that would be most useful against spam: somewhere in the pipeline check the message against the "razor" (**) spam database, and send it to the trash if it matches.
I've been running Razor in test mode here on my personal mail account for about 5 weeks. To date the false positive rate is about 8%. That's far too high for deployment as a system service. It also has a very high false negative rate (worse than any of the other's I'm testing).
SpamAssassion conversely has a false positive rate (over the same period) of 3 messages out of 93,648 (yes, I get a lot of mail at home).
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw@kanga.nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
Wondering if you're also testing SpamCop, http://www.spamcop.com. The work of a Seattleite named Julian Haight, http://www.julianhaight.com, and have any comment.
I haven't evaluated it, but I'm afraid I've a bit of a bone to pick with it. False positives are not unknown. Worse, it sends automatic anonymous complaints to upstream providers of anybody even mentioned in the putative spam.
For example, apparently there's a California Linux user group, one of whose subscribers (I've no way of telling who) has SpamCop installed. When a post goes out to that user group mentioning one of our websites, our upstream providers get anonymous complaints about "spamvertised website". They then waste their time relaying these to me, and I waste my time explaining, for the nth time.
For another example, one of our mailing lists had a subscriber who apparently decided he didn't like us. Instead of unsubscribing, he began making SpamCop complaints. I wasted about an hour on that one, until I eventually determined what domain the complaint had come from, and solved the problem by deleting everybody from the domain (the number was small) from all of our lists.
Yet another. "Forgot my password" on our Mailman lists apparently trips at some SpamCop content filter; I've fielded at least one spam auto-complaint thus generated.
Complaints about false or frivolous reports to SpamCop, which operates the anonymous remailer, have so far been ignored. At this point I've personally given up on expecting reasonable behavior from them, and added a "deny" to our MTA setup, for all mail from their domain.
The SpamCop site has verbiage implying that a mailing list had better be able to prove it is double-opt-in, and had better maintain proof of opt-in for each individual subscriber, or else. The "or else" isn't specified, but apparently Mr. Haight has had some record of success in arranging loss of internet connectivity. No doubt some of those affected have been actual spammers, but with one man serving as judge, jury, and executioner, I'm afraid I don't see much about this effort to reassure the rest of us.
On Fri, Jan 04, 2002 at 04:42:51PM -0800, J C Lawrence wrote:
On Sat, 5 Jan 2002 00:26:38 +0100 fil <fil@rezo.net> wrote:
Here's something that would be most useful against spam: somewhere in the pipeline check the message against the "razor" (**) spam database, and send it to the trash if it matches.
I've been running Razor in test mode here on my personal mail account for about 5 weeks. To date the false positive rate is about 8%. That's far too high for deployment as a system service. It also has a very high false negative rate (worse than any of the other's I'm testing).
SpamAssassion conversely has a false positive rate (over the same period) of 3 messages out of 93,648 (yes, I get a lot of mail at home).
-- J C Lawrence
---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers
--
Dan Wilder <dan@ssc.com> Technical Manager & Editor SSC, Inc. P.O. Box 55549 Phone: 206-782-8808 Seattle, WA 98155-0549 URL http://embedded.linuxjournal.com/
I have enjoyed this discussion about spam filters...I personally use a mixture of a bunch of client side filters along with procmail and another unix based procmail filter called junkfilter which works pretty well, but needs a bit of hacking to prevent quite a number of false positives...it does get some FP's, but the amount of spam it does catch is pretty good...
I also just installed and configured razor...so we shall see how well it works...so far it hasn't caught anything...
My personal setup along with links to junkfilter is mirrored here:
http://www.whichever.com/junkfilter/
I get *a lot* of spam. :-(
-jon
Wondering if you're also testing SpamCop, http://www.spamcop.com. The work of a Seattleite named Julian Haight, http://www.julianhaight.com, and have any comment.
Dan Wilder <dan@ssc.com> replied:
I haven't evaluated it, but I'm afraid I've a bit of a bone to pick with it. False positives are not unknown. Worse, it sends automatic anonymous complaints to upstream providers of anybody even mentioned in the putative spam.
In addition to this, they also have another way for wasting your time...
They also have a blackhole list of mailservers that relay spam. For example if you have a list-owner who reports a spam which has come to him through the list-owner address, then your mailing list server qualifies for the blacklist. Well, maybe they've changed the system in the meantime, but when they blacklisted one of my servers, that happened because of just one single spam report. Of course the list-owner was just trying to be a good netizen. (This was a backup server which doesn't normally process lots of mail, but it is not acceptable for it to be on any blacklists, since it might possibly be necessary to move a large number of active lists to that server on short notice.) I wasted half a night on figuring out how to get it off that blacklist without waiting for a whole week. (That is supposed to be impossible, but I eventually found a way that worked.)
I'm normally friendly to all and every effort to combat spam, but SpamCop really got on my nerves by blacklisting that backup server for no good reason.
Greetings, Norbert.
-- A member of FreeDevelopers and the DotGNU Steering Committee: dotgnu.org Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland) Tel +41 1 972 20 59 Fax +41 1 972 20 69 http://thinkcoach.com Your own domain with all your Mailman lists: $15/month http://cisto.com
On Fri, Jan 04, 2002 at 05:57:39PM -0800, Dan Wilder wrote:
For example, apparently there's a California Linux user group, one of whose subscribers (I've no way of telling who) has SpamCop installed. When a post goes out to that user group mentioning one of our websites, our upstream providers get anonymous complaints about "spamvertised website". They then waste their time relaying these to me, and I waste my time explaining, for the nth time.
I receive abuse@sourceforge.net, so I'm very familiar with those too :-(
Basically, the person at fault is the user who is reporting the spams and who includes the URL of your list archive in the spam as a spamvertised website.
What I do is reply back to the user telling them to learn how to use the damn tool and stop wasting postmasters' time, and Cc appeals@spamcop.net so that they can take action against the user. In your case, I'm pretty sure they'd ban the user from spamcop, I've found the spamcop folks very nice and helpful.
If you use mailman or some MLM that always includes your URL at the bottom, and you get many bogus reports, you can also ask the spamcop guys to add a regex to exclude your URL so that users don't get the option of reporting this as a spam website.
Marc
PS: Spamcop was always nice and helpful, even before they were hosted on sourceforge.net.
Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key
On 1/6/02 2:35 AM, "Marc MERLIN" <marc_news@vasoftware.com> wrote:
of our websites, our upstream providers get anonymous complaints about "spamvertised website". They then waste their time relaying these
I receive abuse@sourceforge.net, so I'm very familiar with those too :-(
I hate to say it, but I effectively blackhole spamcop stuff. It's pretty useless to me as a postmaster of large mail list systems. I got tired of people using it as a tool to unsubscribe from mail lists because they're too lazy to read the instructions in the message, and since spamcop hides all useful data in the message they send to me, I toss them.
On the other hand, my favorite problem with this stuff is the time I ended up on the MAPs blackhole for hosting spam. It turned out that a subscriber to one of my mail lists (one with e-mail confirmation, I'll note) happened to be on a site that MAPs used an automated sniffer to find spam, and someone on that mail list sent out a message dsiscussing what she was going to do on vacation, and the MAPs sniffer decided it was a "you won a free vacation" spam, and wrote me up. So I got blackholed because two subscribers sent a legitimate piece of email to each other that was appropriate for the list they were on. Eventually, after having a discussion with Dave Rand, he figured out what was happening and promised to whitelist my site from further annoyance by the MAPs servers (what finally got me honked was that MAPs was testing my site for open relays about once a week. It turned out that the mail sent to my subscriber on that MAPs sniffer site was having the mail reported as spam or open relay about that often, and was actually losing a significant chunk of email to this "spam blocker"). They did whitelist me, for about three weeks, then the relay checks started again. At that time, I told my subscribers to move or get off the list (they moved), and put blocks up to prevent MAPs from contacting my server without permission, since I considered by that time their repeated scans an attack on my server.
So if you see me make comments about how I'm not a big fan of these blackhole systems, there are any number of reasons. This is just one of them.
On Sun, Jan 06, 2002 at 02:35:09PM -0800, Chuq Von Rospach wrote:
On 1/6/02 2:35 AM, "Marc MERLIN" <marc_news@vasoftware.com> wrote:
of our websites, our upstream providers get anonymous complaints about "spamvertised website". They then waste their time relaying these
I receive abuse@sourceforge.net, so I'm very familiar with those too :-(
I hate to say it, but I effectively blackhole spamcop stuff. It's pretty useless to me as a postmaster of large mail list systems. I got tired of people using it as a tool to unsubscribe from mail lists because they're too lazy to read the instructions in the message, and since spamcop hides all useful data in the message they send to me, I toss them.
On the other hand, my favorite problem with this stuff is the time I ended up on the MAPs blackhole for hosting spam. It turned out that a subscriber to one of my mail lists (one with e-mail confirmation, I'll note) happened to be on a site that MAPs used an automated sniffer to find spam, and someone on that mail list sent out a message dsiscussing what she was going to do on vacation, and the MAPs sniffer decided it was a "you won a free vacation" spam, and wrote me up. So I got blackholed because two subscribers sent a legitimate piece of email to each other that was appropriate for the list they were on. Eventually, after having a discussion with Dave Rand, he figured out what was happening and promised to whitelist my site from further annoyance by the MAPs servers (what finally got me honked was that MAPs was testing my site for open relays about once a week. It turned out that the mail sent to my subscriber on that MAPs sniffer site was having the mail reported as spam or open relay about that often, and was actually losing a significant chunk of email to this "spam blocker"). They did whitelist me, for about three weeks, then the relay checks started again. At that time, I told my subscribers to move or get off the list (they moved), and put blocks up to prevent MAPs from contacting my server without permission, since I considered by that time their repeated scans an attack on my server.
So if you see me make comments about how I'm not a big fan of these blackhole systems, there are any number of reasons. This is just one of them.
I agree with you. I block mail claiming to come from spamcop with
550 Blocked due to excessive frivolous or false complaints
Spam is a distressing problem, and there are days I (as a postmaster) feel inundated, despite taking several measures. The sites I administer do DNS lookups, and decline to accept mail claiming to come from places that don't have some sort of valid DNS record. Using a 450, so they'll retry for a while. In case it's just a DNS screwup. This seems to dispose of quite a bit, and so far hasn't gotten me any angry phone calls. Everybody who cares at the sites I administer has individual procmail filters of varying strictness, and I sometimes spend a fair amount of time tuning them.
I can see how some people would feel desperate for a solution.
But I sure can't see letting automatic systems invoke sanctions. I guess I see this as somehow more reprehensible even than spam.
-- Dan Wilder <wilder@eskimo.com>
participants (7)
-
Chuq Von Rospach
-
Dan Wilder
-
Dan Wilder
-
J C Lawrence
-
Jon Scott Stevens
-
Marc MERLIN
-
Norbert Bollow