|Home||Reviews||Tools||Forums||FAQs||Find Service||ISP News||Maps||About|
how-to block ads
8. Spam Assassin
The spam-identification tactics used by Spam Assassin include:
Once identified, the mail can then be optionally tagged as spam for later filtering using the user's own mail user-agent application.
SpamAssassin requires very little configuration; you do not need to continually update it with details of your mail accounts, mailing list memberships, etc. It accomplishes filtering without this knowledge, as much as possible.
You should whitelist the e-mail addresses of well-known legitimate senders to avoid the chance of them being mis-identified by the SpamAssassin default rules.
For example, SpamAssassin might mark a newsletter that you receive as spam, so if you want to continue to receive that newsletter, just add the "From" address of that newsletter to your whitelist box.
Or SpamAssassin might prove to be too sensitive, so you can increase the score a bit more. (the default setting is "5".)
Or you might discover that one of the tests (like, "contains html" - normally a good spam sign) isn't too good for your situation because all these girls keep sending you html love notes in different colors as email, and SpamAssassin marks these as 'sex spam', so you can find the name of the test that is adding to the score, and adjust that score entry specifically to be zero.
Set your email program options to filter on
or a Subject of
When "rewrite_subject" is on, the subject stamp is *****SPAM*****.
This can be used to change it if you desire.
Vipul's Razor is what you now commonly know as SpamNet. For nearly two years, Razor has been successfully fighting spam with the help of the Unix community and is the technology that has enabled build its windows counterpart, SpamNet, currently in use by more than 100,000 users.
Razor, or SpamNet, is a distributed, collaborative, spam detection and filtering network. It establishes a distributed and constantly updating catalogue of spam in propagation. This catalogue is used by clients to filter out known spam. Upon receiving a spam, a Reporting Agent (run by an end-user or a troll box) calculates and submits a 20-character unique identification of the spam (a SHA Digest) to its closest Catalogue Server. The Catalogue Server echoes this signature to other trusted servers after storing it in its database. Prior to manual processing or transport-level reception, Filtering Agents (end-users and MTAs) check their incoming mail against a Catalogue Server and filter out or deny transport in case of a signature match. Catalogued spam, once identified and reported by a Reporting Agent, can be blocked out by the rest of the Filtering Agents on the network.
Taken from SourceForge.
The format would be:
You can also use wildcards in your blacklist entries, for those spammers who include random numbers in their alleged email addresses:
Including an address in your Blacklist doesn't mean that you will no longer receive email from that address, just that the email received from that address will now be tagged as spam.
You can make use of this by creating a rule in your email client. Go to the Mail Control from the top of the forum, then Settings, and click on the Anti-Spam Preferences. Check off "Re-write subject" in the mail handling panel, and leave the next box blank if you want to use the default.
Now make a rule in your email client that if ****SPAM**** is found in the Subject line then the message will be moved to your spam folder, or your folder of choice.
Now when you put an email address in your Blacklist, any email received from this address is tagged as spam and ends up in your spam folder.
Most spam is sent from infected home PCs in private homes. The spambots running on a PC do not have any logic for resending a failed message. These applications appear to adopt the "fire-and-forget" methodology. A decent mail server however, will try to deliver a message for at least three days.
Mail is transfered between mail servers using the protocol SMTP, defined in RFC2821. During delivery the receiving server will respond with three-digit codes:
While a real mail server will retry after the reception of a 421-message, spammers will not!
The mail server will reject a message the first time it is seen. After 3 minutes a message from the same sender and host to a local user will be accepted. After this reception all further mails will be accepted with no further delay.
There is more in-depth info at:
Normally, eight hits is a good target to use. Fewer than that risks normal email being tagged as spam when it isn't.
For some discussion of this situation, see this thread.