https://buy-zithromax.online buy kamagra usa https://antibiotics.top buy stromectol online https://deutschland-doxycycline.com https://ivermectin-apotheke.com kaufen cialis https://2-pharmaceuticals.com buy antibiotics online Online Pharmacy vermectin apotheke buy stromectol europe buy zithromax online https://kaufen-cialis.com levitra usa https://stromectol-apotheke.com buy doxycycline online https://buy-ivermectin.online https://stromectol-europe.com stromectol apotheke https://buyamoxil24x7.online deutschland doxycycline https://buy-stromectol.online https://doxycycline365.online https://levitra-usa.com buy ivermectin online buy amoxil online https://buykamagrausa.net

E-mail spam

I seem to have an actual working solution with spam here on my account. I get about 100+ pieces a day coming in, but I have to intervene with it…

I seem to have an actual working solution with spam here on my account. I get about 100+ pieces a day coming in, but I have to intervene with it very little. For the sake of sharing the wealth …

Step 1: Host-side protection

These are protection steps I’m able to take through my web host, Hosting Matters. Most hosts offer similar sorts of tools.

  1. My host has MailScanner installed, a version, as I understand it, of the classic SpamAssassin package. This system works pretty well as a first pass — and a second one, as we’ll see in Step 2.

    I have the Low threshold (maybe spam) set at 5, the default, and all of that gets still delivered to me. The high threshold is set at 17, slightly lower than default (20); after doing some testing, nothing that was 17 was anywhere near being innocent, so I’m not worried about false positives. This stuff gets auto-deleted. Note that all e-mail gets a score from 0 to whatever, based on how it passes various tests. I’ve also set up a small number of whiltelisted domains — commmercial companies whose posts were
    actually getting false low threshold positives. I don’t do this much, because it’s a PitA to go through cpanel and do it.

    Note that these settings apply to all accounts I host — so this hits Mary, the Ks, my folks, and BD. Anyone wants something different, let me know.

  2. I have my mail system set up to autoforward to my main mail account anything that arrives that’s not to an actual e-mail address. Now, that’s actually letting a lot of stuff in that’s nonsense — stuff that’s falsely spammed out and bounced back under my domain (“xyzqrs@hill-kleerup.org”), as well as stuff sent bogusly to “webadmin@hill-kleerup.org.” It is, honestly, a hole in the defenses.

    What it does allow me to do is create one-off or phantom accounts by just putting in an e-mail address (e.g., setting up “psi-clone@hill-kleerup.org” on a forum account to make the character seem more real, or filling in a form asking for an e-address with something I can follow up to see if the list has been sold, e.g., “dave-xyzmagazine@hill-kleerup.org”). To me, that’s a valuable convenience. It also protects against legitimate typos — someone sending something to “marjie@hill-kleerup.org.”

    This is true, presently, with almost all domains under my account — they all route through to me. That includes our domain, my folks, Mary, and BD. The Ks, interestingly enough, I set up to route through to them (largely because folks kept sending legitimate stuff to the wrong addresses and I would have to forward it on). There is a finite chance that this could lead to a breach of privacy (which you can, of course, trust me about), so if you’re one of those folks I’m hosting and would like me to either black
    hole this stuff or forward it on to you, please let me know.

Step 2: Client-side protection

This is protection I use on my client side (i.e., on my PC, where my mail gets downloaded to). It centers around my mail client, Thunderbird, a free e0mail client I heartily recommend to any and all Windows users.

  1. Thunderbird has a built in, if rather low-end, Bayesian spam filter on it. The Bayesian filter works on key words and phrases that I’ve trained it are associated with spam. This catches most text-based stuff, if not a lot of graphic-based ones. Things that arrive that the spam filter says are Junk go into a SPAM folder for review. I can also manually flag a few items for this. I know that my anti-spam measures are working pretty well because I have to do very little manual flagging vs. the overall
    amount of spam that comes in.

    I have a message filter set up in Thunderbird as well that looks at all messages as they come in. If a message has in its header in the field “X-HMDNSGroup-MailScanner-SpamScore” a string of “sssss,” the message get flagged as Junk and put in a “MAYBE SPAM” folder. This field gets an “s” for each point of the spam score (recall that the low threshold is 5 at the moment for “maybe spam”). So this lets me fine-tune the filter. In this case, anything 5 or more (“sssss”) may well be spam, and should be reviewed.

  2. So, once a day, I look at what’s in SPAM and MAYBE SPAM. Is there anything in there that’s not spam? Unflag the Junk status and (if necessary) pull it aside. I get maybe a false positive of that sort only once every day or so. Send the remainder to the Trash. Empty the Trash. Smile broadly.

As i said, this is working very well for me right now. I could look at a better Bayesian filter (e.g., the external spam proxy I used to run), or I could also bump up the abilities of Thunderbird with something like Spamato. But it’s working for the nonce.

My biggest beef at the moment with my mail is not the spam, remarkably enough, but the web access to it. Mail2web is better than nothing, but still annoyingly crude. The web front ends that come with the account are either non-functional or, again, annoying. What I’d love would be the GMail front-end to access my personal mail, but short of taking on the “Google masters your domain,” I’m not sure how to do that.

61 view(s)  

Leave a Reply

Your email address will not be published. Required fields are marked *