Spammers LUV SpamAssassin

Discussion in 'Linux Networking' started by Alan Connor, Aug 31, 2003.

  1. Alan Connor

    Alan Connor Guest

    Spammers LUV SpamAssassin


    I no longer have any doubts about this.


    I have written a simple program that eliminates spam completely

    and find myself under attack by people who *claim* to be ordinary SpamAssassin

    users.


    Now WHO is it that would have reason to hate a program that makes sending the
    user spam a waste of time?


    SPAMMERS, that's who.


    Why do they love SpamAssassin?


    Think about it:


    You have an SA user with, among other things, what amounts to a list of
    prohibited strings in the subject header and body.


    Does he or she send this list to anyone likely to be sending them mail?

    No. But they discuss it in public and semi-public forums with other SA users,

    don't they.


    So where do the spammers hang out? Care to guess?


    And they end up being the only people in the world outside of the legitimate
    SA experts themselves that have this magic list of prohibited strings and
    all the other tests that will cause mail to be tagged as spam.


    Want a list of spammers? Hit the archives and begin with searching for the
    string "MSP" and then "elrav1" which is what msp became after a major rework.

    Focus on comp.mail.misc

    Copy the headers from any posts that contain obviously unfair and unreasonable
    attacks on yours truly.


    You will then have a list of some of the worst scum on the Internet.


    And guess who is teaching them how to get spam into your mailbox?


    The same people who are allegedly keeping it OUT of your mailbox.


    And they are fairly often the SAME people.


    If you want spam, then use SA and its relatives. If you don't, use elrav1
    and its relatives.


    It's this simple: If you are going to accept anonymous mail you are going
    to be at the mercy of spammers and trolls.


    Alan C
     
    Alan Connor, Aug 31, 2003
    #1
    1. Advertisements

  2. Alan Connor

    Whoever Guest

    Actually, contrary to popular belief, it is easy to stop spam. Just stop
    using email!
    Errrr... SpamAssassin is open source and written mostly in Perl. Anyone
    can look at the tests SpamAssassin makes.
     
    Whoever, Sep 1, 2003
    #2
    1. Advertisements

  3. Alan Connor

    Doug Laidlaw Guest

    If you are serious, let's see it. If it is that thing where you decide not
    to receive any mails from people that won't do it twice, be prepared to miss
    out on a lot. Business doesn't have the time to waste that you obviously
    have. They can't even answer their phones within a reasonanble time frame.

    Doug.
     
    Doug Laidlaw, Sep 1, 2003
    #3
  4. Alan Connor

    Ed Murphy Guest

    You didn't provide URLs. I can't imagine why; in your shoes, I
    would stick 'em in my .sig, and otherwise trumpet them with alarming
    regularity. Anyway, here they are:

    http://home.earthlink.net/~alanconnor/elrav1/elrav1.html
    http://home.earthlink.net/~alanconnor/elrav1/files.html

    Ack! Why isn't it downloadable in .tar.gz format? Your poor
    presentation has just lost 90% of your potential audience!

    Anyway, it appears to be a set of front-end scripts to procmail
    that implements the following:

    1) Whitelisted senders are allowed
    2) Non-whitelisted senders are sent "Please reply to this with <key>"
    3) Messages with <key> become whitelisted

    This is a valid approach (mostly, see next paragraph) - but look at
    how you present it! You could calmly explain the different approaches
    used by SA and elrav1, and why you believe elrav1's approach is better;
    but instead, you keep writing apoplectic rants. Your poor presentation
    has just lost another 90% of your potential audience!

    This is a valid approach (mostly, see below) but IMO your /terrible/
    attitude causes lots of people to refuse to listen to you. Sorry, dude,
    but stamping your foot and insisting the world come to your doorstep is
    just /not going to work/. You're going to have to actually learn a
    modicum of diplomacy. This is possible (provably; I did it). No, it's
    not always pleasant (I speak from experience there as well), but the
    alternative

    Some Windoze viruses look at the victim's address book when forging a
    From: line. Such From: lines have a reasonable chance of being on
    your whitelist. (If you are their friend, then they might be yours as
    well.) Does elrav1 have any ability to detect forged From: lines? (I
    don't know; I'm asking.)
    If any of my friends triggered enough of SA's heuristics that their
    messages registered as spam, (a) I'd be very surprised and (b) I'd
    re-evaluate whether they are still my friend.
    I assume you are referring to the publically disclosed list of heuristics
    used by SA:

    http://www.spamassassin.org/tests.html

    Sure, a smart spammer could read that list and figure sneaky ways around
    at least some of the rules. But do they /actually do so/? A quick
    eyeballing of the rules, and of some of the spam I've received lately,
    seems to indicate that they do not!

    Have you *actually tested* SA on a plausible volume of e-mail? How
    about SA with Bayesian filtering activated? You may still be able
    to say "SA is not as good as elrav1" and be correct, but currently
    you are saying "SA is terrible" and I suspect that's just not true.
    Unfair and unreasonable by whose judgment? Yours? You're biased. First,
    you have a direct interest in elrav1 (you're the author). Second, at
    least based on the posts of yours that I've seen in comp.os.linux.misc,
    you are in a near-constant state of apoplexy. "Follow my orders, you
    idiot, or I'll subject you to the worst fate imaginable - I'll *killfile*
    you!" Terrible attitude, like I said earlier, and it's poisoning any
    chance of elrav1 being given serious consideration.

    For the record, I don't use any spam filter whatsoever. I don't
    particularly need one. My typical daily mail volume consists of
    several dozen messages from various mailing lists (which are sorted
    into folders) and perhaps one or two dozen spams (which are left in
    my inbox, and which take less than a minute to delete by hand).

    I also haven't written any software comparable to either SA or
    elrav1; it would take me at least a week to train up to the level
    that I could do so. If I did write such software, though, then
    rest assured that I would pay the *utmost* attention to good
    presentation - because my goal would be to write a program worthy
    of widespread use, and actually get it into widespread use.

    Maybe your goal is for elrav1 to be used only by those select few
    users willing to ignore your apoplexy, overcome your lack of succinct
    this-is-the-basic-concept explanation, and jump through your
    wheel-reinventing hoops to unpack it. If that is indeed your goal,
    then your current approach is guaranteed to achieve it.

    Oh, and if you feel like killfiling me, then don't waste your time
    threatening me that you may do so. (Unless you take pleasure in
    writing such threats. I suspect that this is the case.) Just do
    it and get it over with. I'd consider it an honor.
     
    Ed Murphy, Sep 1, 2003
    #4
  5. I don't use SA. I use a program called SmiteSpam which is built into my
    mailserver directly. It works fantastically and the integration to the
    mailserver and its webmail component is good news for my clients.
     
    George Hewitt, Sep 1, 2003
    #5
  6. Alan Connor

    Alan Connor Guest


    Nice little commercial utterly lacking in substance.


    Alan C
     
    Alan Connor, Sep 1, 2003
    #6
  7. Alan Connor

    Alan Connor Guest

    No, Sam Whoever, I am not reading your post.


    To repeat for the thousandth time: grow up and get a life


    Alan C
     
    Alan Connor, Sep 1, 2003
    #7
  8. Alan Connor

    Alan Connor Guest


    What the HELL are you talking about?






    Business doesn't have the time to waste that you obviously

    I recommend changing your medication.



    Alan C
     
    Alan Connor, Sep 1, 2003
    #8
  9. Alan Connor

    tony Guest

    ...stuff trimmed..
    ...stuff trimmed..
    I agree. I do some extra procmail filtering pre-SA seeing it,
    and some Bayesian afterward, but that's just to save me a little
    extra bit of time. SA works fine without it.

    I don't like the elrav1 type approach because it is annoying to
    have to go through some extra step for someone to send me mail, and
    while I'll annoy my friends, annoying my customers isn't a good
    idea. But it might be a FINE idea for someone else, though I
    would still recommend that they use SA too. Nothing in elrav1
    PREVENTS using SA, and if he were smart enough to understand that
    he'd be better off.

    ...stuff deleted ..
    Or being reviewed. If he had calmly explained his product as
    you suggested, I might have written a little blurb about it at
    my site, and so might other folks. I probably would have mentioned
    that SA should still be in there, but so what?
    :)
     
    tony, Sep 1, 2003
    #9
  10. It's called open source developement. Keeping the list secret may sound
    like a good idea but would probably be the first example of successfull
    security through obscurity if it worked.
    Well, up to now SA does a pretty good job to keep my inbox clean. So
    apparently the spammers are not investing too much effort into getting
    around it.

    Actually, it's not that surprising:
    People who use spamfilters hate spam (duh!) and thus are extremely
    unlikely to generate any revenue for the spammer. So the effort of
    circumventing their filters is probably not worth it.

    Spamfilters used by large webmail services are a totally different
    story! Blocking all spam from hotmail etc. generates a big problem for
    the spammers - this is where they are most likely to look for ways
    around the filter. I don't know how many big sites use SA but as I
    said: up to now it works fine for me ...
    Are they? I'm sure you have evidence to back this accusation. And
    if so - why does SA still work?
    I don't know your program and if it's any good but shouting at your
    potential users and wild accusations against your competitors are
    generally not considered a good marketing strategy at least in the open
    source community...

    cu
    Philipp



    PS: Please use reasonable formatting - ragged postings full of empty
    lines are very uncomfortable to read...


    --
    Dr. Philipp Pagel Tel. +49-89-3187-3675
    Institute for Bioinformatics / MIPS Fax. +49-89-3187-3585
    GSF - National Research Center for Environment and Health
    Ingolstaedter Landstrasse 1
    85764 Neuherberg, Germany
     
    Philipp Pagel, Sep 1, 2003
    #10
  11. Excuse me, commercial? I'm just a user giving my experience. The author of
    this thread seemed unhappy with SA so I gave an alternative.
     
    George Hewitt, Sep 1, 2003
    #11
  12. Alan Connor

    Peter Jones Guest

    Indeed. Oh, and http://spamassassin.org/tests.html -- the tests are hardly
    secret. Furthermore, while Alan will never allow himself to see the sense of
    this, a quick perusal of the list of tests described at the above URL will
    quickly show you that SpamAssassin is a little more selective than a
    straight-forward "list of forbidden words".

    I know that none of my *friends* sends me emails with a "Click to
    Unsubscribe" link, or with forged headers, or -- well, it's a fairly
    comprehensive list. By default, individual words such as "Viagra" (to choose
    one of the few) do not contribute a whole lot to the score anyway. I wonder
    if Alan can spell "holistic"?

    Pete.
     
    Peter Jones, Sep 1, 2003
    #12
  13. Alan Connor

    Peter Jones Guest

    And/or heuristic.

    (I did *mean* to say 'holistic' originally; honest!)

    Pete.
     
    Peter Jones, Sep 1, 2003
    #13
  14. Alan Connor

    Alan Connor Guest

    You misunderstand: They have an obligation, IF they have any sense, to
    tell the people who send them mail what they CANNOT put on the subject line
    or in the body.

    That's only part of the picture, and you know it.

    Do you send the mail that *might be* spam to /dev/null or put it in a
    directory to look over later?

    Do you always review your mail logs to see if non-spam got classified as
    spam?

    Do you spend time regularly up-dating your filters?

    Do you lose non-spam mail?


    No. I think that's not true at all. Anyone using SA and its siblings

    likes spam, or they would use a different system.

    Maybe you are the exception, but I have been following SA posts for quite
    a while, and almost every SA user FREAKS if they LOSE spam before getting
    to look it over.



    Enough to convince me. I don't care what YOU think, unless you can
    offer contrary evidence.

    I know for a fact that many of the apparently normal SA users are
    spammers.



    SA (etc) doesn't work, if one's object is to rid one's life of spam and worrying
    about it and messing with it.


    I base my assessment of SA on the hundreds of posts I have read by SA users
    on the Usenet.

    If you are being honest, and SA has eliminated spam, and worry about spam
    and worry about whether non-spam is being discarded, and if you don't save
    spam in another directory to look over,

    then you are an exception to the norm.


    One becomes what one hates and attracts what one hates.

    I don't hate spam, I just won't tolerate it in my life, at all.

    Nor will I put up with programs that can't actually tell spam from non-spam
    and need constant oversight.




    I format like I do for reasons that seem valid to me.

    You may format YOUR messages as you wish.


    Alan C
     
    Alan Connor, Sep 1, 2003
    #14
  15. Alan Connor wrote (in part):
    Mostly it gets silently deleted.
    Usually, but not always.
    Probably. My friends know I use pretty tough e-mail filters.

    I used to say that, due to spam and virii, the e-mail will be completely
    useless in five years. That was a couple of years ago. I think I was
    right. Unless something much more effective is done, there are only
    three years to go before I just stop using it. Perhaps I will have to
    delete ALL incoming e-mail except for a very short whitelist of people,
    and the checking will have to be done on the Received: headers, not the
    From: field.
     
    Jean-David Beyer, Sep 1, 2003
    #15
  16. Alan Connor

    tony Guest

    And if they actually did, most of it wouldn't be spam anymore: just
    sensible text from a real sender hawking their wares..

    Real solicitations don't bother me. You usually only get
    them once (real advertisers don't want to waste their time
    annoying you and would give you a real method to opt-out) and
    sometimes they are actually something I want to know about. Those
    kind of ads usually pass through SA unscathed, as they should.
     
    tony, Sep 1, 2003
    #16
  17. Alan Connor

    Alan Connor Guest

    Thanks for your honesty, Jean-David.


    I have already taken the leap that you see yourself taking in the near
    future, with a few refinements added. You really should at least look
    over my little program. I'd love to hear any ideas you might have for
    improvements. Will send you a mail that contains a password in the body
    that will get you right through my filters.

    Alan C
     
    Alan Connor, Sep 1, 2003
    #17
  18. Alan Connor

    tony Guest

    Point system. Point system. How many times does it need to be said
    before this moron gets it?

    I put it in a directory.
    Not always.. SA has yet to classify something as spam that I think
    is not, so I don't look all that often and when I do it's just
    a cursory once-over.
    Maybe once in a great while. Recently, because of SoBig, I got
    thousands of "Mailer Daemon" type messages and had to put in a filter
    for them temporarily. I knew that would be a problem because
    I also have opt-in mailing lists and like to keep dead addresses
    out of them. I wrote my filters to account for that, but then
    a customer forwarded one of his "Mailer Daemon" messages asking
    why he'd gotten it, and I filtered it out. He was smart enough to
    send another message asking why I hadn't replied (I tell my
    customers that if they don't get a timely response on email or
    voice mail, there is something very wrong so please try another
    communication method!). He was also smart enough to understand
    WHY his email got dropped and was neither surprised or upset.

    I wish you were smart enough to understand that nothing prevents
    you from using multiple methods. Whitelist are fine for some folks,
    but don't compete with SA and in fact the two methods can work
    well together - if you want to use whitelists, SA can make them
    work even better.
    SA doesn't need "constant oversight" :)
     
    tony, Sep 1, 2003
    #18
  19. It would also appear that spammers harvest e-mail addresses from Usenet
    not only as targets for their spam, but also to use as return
    addresses. (I have seen spam with my own e-mail address in the From:
    field. I don't use Windows at all, so it is not a Windows virus that
    put it there.) I've heard from others here c.o.l.misc who've had the
    same thing happen, too.

    Now imagine what happens when a spammer sends out a million spams with a
    valid but forged return address. An innocent third party could
    potentially be innudated with thousands of address varification requests
    from users of the elrav1 software. That seems like a pretty serious
    flaw!

    These are good reasons why spam should never be bounced. The address
    validation stage is essentially the same thing.
     
    John-Paul Stewart, Sep 1, 2003
    #19
  20. Alan Connor

    Ed Murphy Guest

    And what, pray tell, might those reasons be? I'm inclined to assume
    that the primary reason is "because I'm a loudmouthed net.kook", but
    you may certainly attempt to prove me wrong...
     
    Ed Murphy, Sep 1, 2003
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.