Re: [Exim] Local users spam filtering

--On Thursday, December 18, 2003 20:53:06 +0000 "Alan J. Flavell" <a.flavell@???> wrote:

> [..]
>> user know that their message had a high spam score, and if allowed
>> through might run afoul of the recipients' filters. If the bounce
>> also contains the Spam Report from SpamAssassin, they will be
>> able to see what they did that caused the high score; and attempt
>> to correct it.
>
> OK. This, however, tacitly assumes that sites will be applying very
> similar spam-rating rules. Not only is that not the case, in our
> experience: sites that we deal with have some very different ideas
> about mail abuse controls - but also, it wouldn't even be a good idea,
> since if everyone was using the same set of rules, the spammers would
> have a very easy life bypassing them.

Yep, there is a lot of variation; but there also tend to be quite
a few rules in common. The per-rule scores may differ, but the
basic rules are still nearly universal across sites using the same
filtering program. For example, people using SpamAssassin generally
start with the default set of rules, decide whether or not to use
or adjust the RBL related rules, tweak other scores, and often set
up a method for training the Beysean filters. So if you're using
SA, there's a good chance that the results of your tests will at
least give a local sender some idea what they've done that leads
to high scores in typical installations.


And, in general, you are right about the effect of universal rules;
but some of them are pretty difficult for the spammers to bypass;
particularly if they want to maintain the anonymity of actual origin.
(Which, by the way, becomes a federal crime in the US on 1 Jan.)
It is also very difficult for spammers to bypass well-trained personal
Beysean filters without altering the content of their message to the
point where it no longer contains the info they want to convey.



-Pat