[Spambayes] Beyond Spambayes

Richard B Barger ABC APR Rich at RBarger.com
Tue Feb 21 22:00:56 CET 2006


I've been a very pleased Spambayes user for a couple of years.  Because
we have a bunch of public business email addresses, I receive a huge
volume of email, mostly spam.

I've been delighted with Spambayes, so I wanted to describe what my
local ISP, Skyway Networks, is doing that is like Spambayes On Steroids
(I was a beta tester):

The Skyway Anti-Spam approach -- actually a cluster of five servers that
behave as a single system for redundancy -- filters everything from
spam, worms/viruses, and phishing attacks, to Outlook/Outlook Express
vulnerabilities, as well as protecting against a multitude of additional
unsafe email content.

Here's a brief overview of the process it goes through:

- Before accepting a message, the system checks if the email address is
valid. This protects against directory-harvesting attacks by spammers.
- When the message is accepted, it is next checked for worms/viruses,
using three different anti-virus programs.
- Next, the message is checked for dangerous file attachments or
Outlook/Outlook Express vulnerabilities.
- Each email account holder's personal whitelist and blacklist is
consulted to check whether the message matches.
- Outside blacklists are checked to see if the message matches.
- The characteristics of the message are then evaluated by thousands of
rules known to detect spam.  Each time a rule matches, a numeric score
is assigned.  When the score reaches at least 6, the message is
considered to be spam. [This is the Spambayes-like part of the
operation.  Each night, the system reanalyzes the clues database,
tossing once- or seldom-seen clues, and otherwise keeping the macro
database fresh.]
- Outside spam-tracking databases are consulted to determine if this
message has been seen before.  If it has, the numeric spam score is
incremented accordingly.
- If the message has a score of 6 or higher, or is identified as having
a worm or banned file attachment, the system quarantines the message,
and it is not delivered.
- If the message passes all of the above tests, the mail scanning
cluster passes the message on for normal delivery to the user's mail
server.  The entire process never takes more than a couple of minutes,
even in busy times; most of the time, the delay is imperceptible.

The system has an easy-to-use control panel that allows the user to
review message contents in a safe environment, learn all the message
clues, reclassify messages as ham and spam, just like Spambayes, and
release messages from quarantine (if needed).  Messages are color-coded
by classification, and easily sortable, and the system maintains
statistics.  Since I've been using it on 09 Jan, the system has
processed more than 52,000 messages.  On my CornerBarPR.com account,
only 6 percent of the messages are "clean"; on RBarger.com, 43 percent
are clean.

For those that slip through, I still use Spambayes POP3 Proxy Version
1.1a1 on my local computers, which works like a charm.

I'm not trying to sell Skyway's services, but several folks on this list
have wanted a Spambayes solution that has whitelists and other features,
so I wanted to tell you my experience with what I'd call the next
generation of anti-spam approaches.

Keep up the good work!

Rich Barger
Kansas City, Missouri





More information about the SpamBayes mailing list