I don’t think a personal attack on someone who’s not here to
defend himself is very helpful or appropriate. I don’t know if you
actually read it all the way through, but the article refers to
problems a number of different people have had with Spam
Assassin and similar programs, plus the program’s
documentation and a talk with one of the developers, so it’s
certainly not based on any single incident.
I haven’t read the article recently (it makes me too mad, for one thing), but I read it a couple of times a while back (mainly when you linked it in a kbase article, which I also responded to).
He may have read the documentation, but I don’t think he really understands how the scores actually work, or why they’re effective.
He’s also complaining about some peoples’ specific implementation of SA - as used to actually reject incoming mail. I don’t think anyone here is advocating that. I don’t /dev/null any mail marked by SA (although anything with a score over 15 or 20 is almost definitely spam).
If he wanted to get mad at a particular ISPs use of the tool and / or their configuration, that’s one thing, but blame the appropriate people here. SpamAssassin is a tool that can be helpful to some people when configured / used properly. As with any piece of software, it can be configured improperly, or used for things it’s not really designed to do, but you can’t really blame the authors of the software for that.
His objections are mostly to tests that have low positive or even negative scores, and the scores (again) are based on actual spam, and the liklihood that they contain a certain element. Whether or not you agree with the tests on paper, they’re very effective.
[quote]"Talks about bulk email: I LOVE this one. Every email that
discusses STOPPING spam is subject to various filters in this
guy’s list. Including a lot of spam complaints to ISPs that use
Hey! Spammers! Want a safe haven? Sign up for accounts at
ISPs that use this software! They’ll probably never see the
ISPs almost never filter abuse@ or postmaster@ accounts for obvious reasons. For instance, we use some internal blocklists, but postmaster@, abuse@, etc. aren’t blocked; neither is my personal address as it’s also an ARIN contact (which occasionally receives spam complaints and the like). I don’t use any content filters at all on the abuse mailbox either… obviously that would be stupid, as one expects to receive spam at this address.
Now if a spammer does send spam to our abuse address, I am almost certain to report it, and very possible to add the originating IP address to our internal blocklists. Spamming abuse@ or postmaster@ is a really stupid thing to do.
We do use SA a little bit on our support box, although the scores have been heavily modified and mail from any email address that’s in our customer database is accepted regardless of the score. That’s because the amount of spam (especially spam with foreign character sets) was making it very difficult to get work done.
[quote]“Talks about opting in: Ah, what the hell. No publisher ever uses
that phrase, right? And online business publications that
espouse proper marketing practices never admonish you to stick
to opt-in vs spam, do they?”
I don’t know about you, but I’ve rarely / never received an email talking about opting in that wasn’t spam.
[quote]“Of course, the programmers of this type of software suggest
that the software be used in “conservative” ways. This is
somewhat akin to saying that you should shoot people gently.”
I dont’ think this analogy really makes sense; I think that the authors of the software are sincere in wanting it to be used in a way that’s appropriate to the application.
Is SA appropriate for naïve users? Probably not, which is one reason we haven’t made instructions for setting it up / using it widely available. Anyone using any type of spam filtering system should be responsible for using it properly and checking caught messages once in a while.
If you can. If your ISP installs it, and particularly if they set it up > to delete suspected spam, then you can’t.
I don’t think anyone here is advocating this type of behavior. No filter which blocks based on content is 100% effective, and I don’t think many responsible ISPs use such a filter to completely prevent mail from reaching a customer.
If we were ever to implement server-side content filtering, the strongest action we’d take would probably be to tag messages with some sort of score.
[quote]It’s just getting to the point where I’m not sure which is more of
a headache, spam or spam filters…
For me, I’m 100% sure of what the answer is… Without spam filters, I’d go completely insane. I’ve received over 1500 pieces of spam to my main email account sine Jul 31, and lots more at other accounts. Having this type of mail end up in my inbox totally messes up my organization scheme. I go through my spam folder 3 or 4 times a day and doublecheck that there aren’t any false positives in there.
I would like to check out some of the newer pseudo-bayesian spam filters when I have some spare time.