perl script - bogofilter /smtp daemon

[Tom Anderson]

From: "Matthias Andree" <matthias.andree at gmx.de>
>>> Yes, if you can avoid false positives. If flawed concepts such as
>>> "SPF" or "DUL" or revengeful black lists are used, the whole concept
>>> of email via SMTP is in danger.
>>
>> Personally, I think it is anyway. As long as mail can be sent via smtp
>> with little or no cost to the sender then the spam problem will just get
>> worse and worse until the whole infrastructure collapses.
>
> We're way past the point where we could do anything about it without
> purging all inherently insecure systems (those that were designed in
> times where security was not a concern) from existence. What does a
> spammer care if it's going to cost the sender if he can launch his spam
> attack via hijacked computers?
>
> Even the more useful kind of filtering (content-wise, rather than the
> usual "where does it come from" junk filters, such as blacklists[*]) is,
> I believe, just pushing the point a bit where _we_ as users
> collapse. It's there, but we hide it.

Some dire predictions there.  I'm not nearly so pessimistic.  At a time, I 
was seeing exponential growth of spam in my inbox.  I got to the point of 
over 100 spams per day (and at least 20 minutes per day manually filtering 
and deleting them) before seeking a solution.  Then I found bogofilter, and 
while the spams kept growing, I was filtering almost all of them, to the 
point where I only receive about 1-2 false negatives a day and about 3-4 
unsure spams.  Still, my filtered folder kept filling up with over 200 spams 
per day sometimes which is a drain on resources, so I implemented DNSBLs and 
RHSBLs, and now my filtered folder only gets about 20-30 spams a day, saving 
me lots of bandwidth, memory, disk space, etc., on both my server and 
workstations.  It also saves me a few extra seconds and hassle each day not 
having to scoll all the way up and down that list to delete them all and 
wait for my mail client to finish doing so.  Plus, any spammers who care at 
all about wasting their own resources should probably remove me from their 
lists when all they receive is bounces; but of course, that is very few of 
them.

So, I compare where I was when I started using bogofilter and what might 
have been today if I hadn't, to what I've actually got today, and I'm rather 
optimistic.  The fact of the matter is that spammers cannot defeat this 
defense.  They may get in a few lucky shots, but a war of attrition is in 
our favor.  Spammers rely on sheer bulk to make any money, and as long as 
they can only get 1 or 2 past every day, they're screwed.  Even though 
spammers pay nothing in theory to send spam, in practice that's not the 
case.  They have to have machines sending these spams.  They need to spend 
time collecting lists, finding relays, finding offers, researching spam 
blocking, crafting emails to attempt to get around the filters, etc., and 
sending these offers through these relays to these lists.  This all costs 
money, for the spammer to eat and buy stuff, and for the machines, parts, 
ISP, and electricity to send spam.  Eventually, sending spam will not be 
profitable enough to even cover the costs of doing so let alone justify 
branding oneself a loathsome spammer.  And in the meantime, while they still 
have net newbies to target, they mostly aren't reaching me personally 
anyway.

I feel as if we are winning this war, and that email will prevail as the 
most popular communications medium.  Yes, some spam solutions are 
destructive and should be avoided.  But those which are benign and useful 
should be promoted.  And this includes DNSBLs which list known insecure 
machines such as open relays and open proxies.  It also clearly includes 
bogofilter.  And I'd like to see bogofilter able to be used to reject 
certain ~1.0 spamicity spams at smtp time in the near future.  That would be 
a very useful weapon to keep our servers from having to store and deliver 
these rather obvious spams.

Tom