perl script - bogofilter /smtp daemon
Tom Anderson
tanderso at oac-design.com
Thu Nov 18 16:14:29 CET 2004
From: "Matthias Andree" <matthias.andree at gmx.de>
>>> Yes, if you can avoid false positives. If flawed concepts such as
>>> "SPF" or "DUL" or revengeful black lists are used, the whole concept
>>> of email via SMTP is in danger.
>>
>> Personally, I think it is anyway. As long as mail can be sent via smtp
>> with little or no cost to the sender then the spam problem will just get
>> worse and worse until the whole infrastructure collapses.
>
> We're way past the point where we could do anything about it without
> purging all inherently insecure systems (those that were designed in
> times where security was not a concern) from existence. What does a
> spammer care if it's going to cost the sender if he can launch his spam
> attack via hijacked computers?
>
> Even the more useful kind of filtering (content-wise, rather than the
> usual "where does it come from" junk filters, such as blacklists[*]) is,
> I believe, just pushing the point a bit where _we_ as users
> collapse. It's there, but we hide it.
Some dire predictions there. I'm not nearly so pessimistic. At a time, I
was seeing exponential growth of spam in my inbox. I got to the point of
over 100 spams per day (and at least 20 minutes per day manually filtering
and deleting them) before seeking a solution. Then I found bogofilter, and
while the spams kept growing, I was filtering almost all of them, to the
point where I only receive about 1-2 false negatives a day and about 3-4
unsure spams. Still, my filtered folder kept filling up with over 200 spams
per day sometimes which is a drain on resources, so I implemented DNSBLs and
RHSBLs, and now my filtered folder only gets about 20-30 spams a day, saving
me lots of bandwidth, memory, disk space, etc., on both my server and
workstations. It also saves me a few extra seconds and hassle each day not
having to scoll all the way up and down that list to delete them all and
wait for my mail client to finish doing so. Plus, any spammers who care at
all about wasting their own resources should probably remove me from their
lists when all they receive is bounces; but of course, that is very few of
them.
So, I compare where I was when I started using bogofilter and what might
have been today if I hadn't, to what I've actually got today, and I'm rather
optimistic. The fact of the matter is that spammers cannot defeat this
defense. They may get in a few lucky shots, but a war of attrition is in
our favor. Spammers rely on sheer bulk to make any money, and as long as
they can only get 1 or 2 past every day, they're screwed. Even though
spammers pay nothing in theory to send spam, in practice that's not the
case. They have to have machines sending these spams. They need to spend
time collecting lists, finding relays, finding offers, researching spam
blocking, crafting emails to attempt to get around the filters, etc., and
sending these offers through these relays to these lists. This all costs
money, for the spammer to eat and buy stuff, and for the machines, parts,
ISP, and electricity to send spam. Eventually, sending spam will not be
profitable enough to even cover the costs of doing so let alone justify
branding oneself a loathsome spammer. And in the meantime, while they still
have net newbies to target, they mostly aren't reaching me personally
anyway.
I feel as if we are winning this war, and that email will prevail as the
most popular communications medium. Yes, some spam solutions are
destructive and should be avoided. But those which are benign and useful
should be promoted. And this includes DNSBLs which list known insecure
machines such as open relays and open proxies. It also clearly includes
bogofilter. And I'd like to see bogofilter able to be used to reject
certain ~1.0 spamicity spams at smtp time in the near future. That would be
a very useful weapon to keep our servers from having to store and deliver
these rather obvious spams.
Tom
More information about the Bogofilter
mailing list