- PeterMoulding.com
- Author
- Trainer
- Speaker
- Business Coach
- How to write a How To book
- PHP Courses
- Speaking
- Web Architect
- Australia
- Books
- Authors
- Akkana Peck
- Alex Berenson
- Andrew Nugent
- Ben Sanders
- Brock Clarke
- Chris Simms
- David Mercer
- Dianna Mullet
- Don Winslow
- Dori Smith
- Harlan Coben
- Jack McDevitt
- James Wines
- Jerry Yudelson
- John Grisham
- Kevin Mullet
- L. E. Modesitt Jr.
- Laurell K. Hamilton
- Marshall Karp
- Martina Cole
- Michael Marshall Smith
- Michel Roux Jr
- Nadia Sawalha
- Philip Pullman
- Raymond Khoury
- Richard North Patterson
- Robert Masello
- Sally Roth
- Sarah Langan
- Stella Rimington
- Stephen Booth
- Stephen King
- Stephen Leather
- T.C. Boyle
- Tom Negrino
- Tony Hillerman
- Urban Waite
- Val McDermid
- Valerio Massimo Manfredi
- Beginning GIMP
- Beginning Visual C++
- Culturalism
- Fiction
- A Drink Before The War
- A Talent for War
- Bag of Bones
- Blood and Ice
- Burn
- Dark Lady
- Dead Line
- Eclipse
- Empress of Eternity
- Exley
- Flipping Out
- Just One Look
- Nightfall
- Pet Sematary
- Savage Moon
- Skinwalkers
- Starvation Lake
- The Fallen
- The Gardens of the Dead
- The Jump
- The Last Templar
- The Mermaids Singing
- The Midnight Mayor
- The Secret Soldier
- The Summons
- The Terror of Living
- The Testament
- The Tower
- Under the Dome
- Virus
- AJAX and PHP
- Aging with Grace
- Food books
- Green Architecture
- Life Is So Good
- SQL: The Complete Reference
- The Backyard Bird Lover's Ultimate How-to Guide
- The Garden Gurus
- Authors
- Sustainability
- -18 hours left to decide the future of Australia
- Campbells vegetable stock or Massel vegetable stock?
- Carbon Sequestration
- Carbon tax for Australia is a fraud
- Copenhagen will fail
- Cost of living in Australia
- Dick Smith jumps on the population bandwagon
- Dry Run: Preventing the Next Urban Water Crisis
- Energy Saving Lights
- Garlic
- How many people can live in Australia?
- Its obsolete, throw it out!
- Julia Gillard offers 9.9 billion dollars bribe to Rob Oakeshott
- Laundry detergent
- Petrol or Diesel?
- Reflective foil batts kill
- RoHS
- Sea level to rise 3mm due to climate change
- Solar power
- Spring again in Sydney
- Sustainable fuels
- The CRUD Tax is back
- The people who make building regulations do not own houses
- Water efficiency
- Which insulation is safer, foil or wool?
- Will Australia reduce greenhouse gas emissions?
- Technology
- Android or Blackberry or iPhone or a flip phone?
- Apple versus Google 2011
- Cameras
- Cars
- Colour
- Burgundy
- Colour Blindness
- Colour Names
- Dulux colours
- Pantone colours
- Safe Colours
- Seculine ProDisk Mini colour balance card
- What Causes Colour Blindness?
- Hardware
- Batteries for the Digital Age
- Cables
- Cases
- Computer reliability
- Computrace
- Disks
- Astone ISO Gear 481E
- Best SSD for your notebook computer
- Disk block size
- Hitachi disk HDS722020ALA330
- LaCie USB 2.0 250 GB mobile hard drive design by F.A. Porsche
- SMART disk
- Samsung 2 TB HD204UI quiet low power disk for mass storage
- Seagate and Samsung merge disk business
- Select the right disk for your RAID array
- USB disk speed
- Western Digital WD20EARX 2 GB SATA 3 disk
- How long should computer hardware last?
- Keyboards
- Mainframe
- Memory cards
- Monitors
- Netbooks, notebooks, tablets, and xPads
- Network Attached Storage
- OLED Displays
- PC's are a thing of the past
- Printers
- Quiet
- Samsung Galaxy S
- Speed
- Television
- Tools
- USB
- Worst computer movies
- Xserve is dead. What next?
- Your backup will not work
- Z68 motherboards
- iPad or Acer Aspire One?
- IQ
- LG Intello Washing Machine
- Lack of a challenge
- Networks
- 802.11n wireless networking
- D-Link DIR-655 wireless router
- D-Link DWA-160 Xtreme N dual band USB adapter
- D-Link DWA-556 Xtreme N PCI Express desktop adapter
- MIMO
- NBN spends another $12 billion of our tax money on nothing
- National Broadband Network
- Netgear wireless modem router DGND3300 with 300 Mbps 802.11n
- Refrigerator kills wireless broadband
- Small Wireless Network
- TP-LINK TL-SG10005D 5 port gigabit switch
- TP-Link TL-WR1043N wireless N gigabit router
- Telstra Pre-paid Mobile Wi-Fi
- Where are the router plus proxy server combinations?
- Open Source documentation
- Software
- 7-zip
- Accounting
- Asterisk
- Audacity
- Backup software
- Bloat only in Windows
- CAD
- CDex
- Disk imaging software for copying and backup
- Exact Audio Copy
- Filezilla
- Firefox
- Java
- LibreOffice or OpenOffice?
- Linux
- 1 in 5 servers will ship with Linux
- Android phones outsell iPhone
- Another Move to Linux
- CentOS 5.5 installation on SSD and RAID 5
- Debian
- Debian 5.0.5 AMD64 installation
- Debian 5.06 installation
- Fedora
- Fedora or Ubuntu?
- Gnome or KDE?
- K9copy
- Linux 2.6.38
- Linux Gnome login settings lost
- Linux Mint
- Linux RAID, a rant
- Linux Speed
- Linux Time
- Linux reliability as demonstrated by Ubuntu 10.10
- Linux reliability as demonstrated by Ubuntu 11.4
- Linux still a struggle in 2011
- Linux workstation disk RAID 1
- Linux, NT, Windows, and SETI
- Linux, three years of progress
- London Stock Exchange switches to Linux
- Mandrake Linux 9.2
- The partition is misaligned by 48128 bytes - warning from Linux RAID
- Ubuntu
- How to fix the scroll bars in Ubuntu 11.4 Gnome
- Kubuntu 10.10 alternate installation on desktop with RAID 1
- POWbuntu
- Ubuntu 10.10 after 6 months use
- Ubuntu 10.10 alternate installation
- Ubuntu 10.10 desktop RAID 1
- Ubuntu 10.10 desktop RAID 5
- Ubuntu 10.10 desktop install on a netbook
- Ubuntu 10.10 desktop installation
- Ubuntu 10.10 netbook install on a netbook
- Ubuntu 10.10 server AMD64
- Ubuntu 10.10 upgrade to version 11.4 beta 2
- Ubuntu 10.4
- Ubuntu 11.10
- Ubuntu 11.10 first upgrade
- Ubuntu 11.4 after one month use
- Ubuntu 12.04 beta1 desktop amd64
- Ubuntu One
- Ubuntu by Microsoft?
- Ubuntu desktop upgrade 10.4 to 10.10 failed because I did not check the media
- Ubuntu strikes again
- Upgrade Ubuntu to Linux Mint 12 LDXE for extra speed
- Yes, use Linux but not that distribution!
- Nero
- OpenOffice
- OpenOffice is now Apache Office
- Project management
- Scribus
- Software for Windows and Linux
- Text editors
- Time
- Todo applications
- Tomboy notes
- Top text editors
- Version control
- VideoLAN VLC media player
- Visio
- Webmin
- Webmin installation on CentOS for Web development
- Webmin installation on Ubuntu
- What is the most popular open source software today?
- Windows
- Another Windows person goes Linux
- BAD_POOL_CALLER
- Cygwin
- Microsoft Malicious Software Removal Tool cannot find a common virus
- One of the developers of Windows XP is criminally insane
- There are unused icons on your desktop
- W32time
- Which Windows version?
- Windows 7 Home Premium
- Windows XP Stop 0x0000007B during installation
- Windows XP is a disaster
- Windows processes
- XML
- Zip, bzip, gzip, or 7zip?
- configFree
- Technology Succession Planning
- VoIP
- Web Sites
- Drupal
- Do Drupal themes have to use the GPL?
- Drupal 7
- A better search facility for Drupal
- Drupal - performance or flexibility
- Drupal 7 Fields are hard to fix
- Drupal 7 new features
- Drupal 7 ships on January 5
- Drupal 7.14
- Drupal 7.4 hits PeterMoulding.com
- Drupal function sequence
- The evolution of a module
- Undefined index: headers in DefaultMailSystem->mail() (line 54 of /modules/system/system.mail.inc).
- Undefined index: to in DefaultMailSystem->mail() (line 83 of /modules/system/system.mail.inc).
- implode(): Invalid arguments passed in DefaultMailSystem->format() (line 23 of /modules/system/system.mail.inc).
- Drupal 8
- Drupal Code Load Cut
- Drupal How To
- Drupal Modules
- Backup and Migrate
- Browscap
- CKEditor with Drupal WYSIWYG
- Captcha
- Cel
- Colorbox
- Content Construction Kit
- Content type
- Devel module for Drupal
- Drupal Rules as an automation language
- Drupal Spam add-on module
- Form alter to node
- IMCE
- IMCE Wysiwyg bridge
- ImageAPI
- Jdog
- Lightbox2
- Module variable
- Node Gallery Access
- Node_Gallery
- Path
- Path redirect
- Pathauto
- Pet
- Search
- Service links
- Session Variable
- Statistics
- Taxonomy
- Token
- Token ex
- Transliteration
- Trigger
- Watch
- Other modules
- Drupal Training
- Drupal access controls need a major rewrite
- Drupal coding tricks
- Drupal performance
- Drupal themes for the future
- Drupal.org colours
- Import existing data into Drupal
- Multiple Web sites made easy using Drupal multisite and the right start
- drupal_lookup_path()
- Adobe PDF
- Apache
- Apache Mahout
- Audi.com
- Bleet
- CSS Strikes Again
- CSS or xCSS
- Can you believe Facebook or email?
- Content Management Systems
- Databases
- Facebook scam
- Font
- Fonts
- HTML
- Install Apache, MySQL, and PHP 5 in Ubuntu 11.4 using the Ubuntu Software Centre
- Language Codes
- Marketing
- Memcache
- Nginx
- Open source development hits another roadblock
- Oscars
- PHP
- SPDY
- Search software
- Techoni.com.au
- Theme themes
- Things to hate on Web sites
- U.S. Patent No. 6,985,875
- Virtual Private Server
- Visible Improvement
- Web 4.0
- Web browser usage
- Web browsers
- Web site development
- Bluefish
- Crying over spilt code
- Eclipse and PHP
- Getting a Git client, a story of ancient technology and pain
- HTTrack
- MVC
- Netbeans
- PHP or ..., CakePHP/Symfony/ZF versus ...
- Programming
- Superfish
- Web browser emulators for testing your Web site
- Web development frameworks
- Web site books
- Web site development on your own computer
- Webmin or phpMyAdmin or cPanel for creating databases?
- aiki framework
- jQuery
- Views development - Learn Fields first
- Views development - Learn Actions and Rules
- jQuery .each()
- jQuery .has()
- jQuery .is()
- jQuery and Firefox Firebug
- jQuery children
- jQuery for people not using Drupal - Installation and getting started
- jQuery hover
- jQuery hover de-duplication example
- jQuery or CSS?
- jQuery performance
- jQuery tests
- Web site hosting
- Westpac Web site still broken after two years and ten months
- Wordpress wins another CMS survey
- Drupal
Why SpamAssassin does not work
Submitted by Peter on Tue, 2008-01-01 00:00
The SpamAssassin spam filter does not work. it rejects legitimate email and accepts spam. Why does it fail? Here are several reasons and alternative approaches.
Experience
The best spammers have more experience at writing email than your family, friends, colleagues, and most marketing people. Professional spammers subscribe to the same anti spam services as you and practice writing spam that gets through. Your family, friends, colleagues, and marketing people accidentally include links, keywords and other things that trigger the spam rejection in SpamAssassin.
Most marketing people focus on bling, features, benefits, fashions, fads, and forget to test their not-spam© through anti spam software. You get mail from professional
marketing people that includes the same junk gimicks used by non professional spammers. Who will get through first? The professional spammers. Who will fail? The marketing people.
Keywords
Some anti spam software learns by the spam you reject. The software matches words across several rejected spam and finds words that repeat. The software rejects future email containing those repeated words. The keywords for rejection are often innocent words used in non spam email.
Look at one example. Visit my.imisfriendraising.com.au/personalPage.aspx?SID=87336. The page is about a six year old girl shaving her head to raise money for a special charity. Can you find anything in the page that would trigger a spam rejection? No. But.... Some adult content refers to women/girls/girl and shave/shaved body parts. If you reject several spam items containing the word shave, your anti spam service might reject all email containing the word shave, including email from your female friends who participate in fund raising by shaving their head.
Anti spam services reject email for a really weird collection of keywords that are in common use. Professional spammers change the keywords slightly and their email gets through. You friends send you jokes containing references to body parts and the jokes are rejected because they look like adult content spam to spam filters. Americans refer to one body part as butt
. Professional spammers know that in most cases they can replace butt
with but
, an acceptable word, but one that reads the other way within the context of their email. Your email filter rejects mail form for friends and lets through the mail from spammers.
Phrases
Phrase rejection is more accurate because you can decide the meaning of some words by their context. Phrase rejection is harder because a simple phrase can be written in several sequences without making the phrase difficult to understand. Professional spammers are good at rearranging text to sound harmless.
Adjoining words
Looking for adjoining works and words in close proximity gives you the opportunity to pick up phrases written in different sequences. Now you know why professional spam has the spicy words spread out over several lines. That spread overcomes proximity tests.
Links
Spam filters look for those email with just a link. Usually it is spam inviting you to download a virus. Now think about another sequence. Fred sends you an email telling you about Fred completing a new Web site. You send the reply Fred you forgot to include a link to the Web site
. Fred sends you a reply containing just the link. You never receive the reply because SpamAssassin assassinated the email.
Images
Repeat the Links example with an email containing just an image. SpamAssassin eats the email. Think of all those times a friend sends you photographs of his new kid or her new Harley Iron 883™. The photographs will not go through because they are too big. Your friend then sends you an email containing the text followed be several email with one picture in each email. The single picture email is assassinated.
Mail clones
You register on a mailing list. A professional spammer registers on the same mailing list. They receive the same email you receive. The change their copy slightly and use as the base of their next spam. If you receive the original, you will receive the clone. You might receive the spam clone but not the original because the original contained an accidental combination of things to trigger a SpamAssassin assassination but the spam clone has some of the tricky keywords removed because the professional spammer knows they will cause problems.
Solutions
Turn of SpamAssassin and test these alternatives. You need SpamAssassin off because SpamAssassin will confuse your test results.
Catch all address
You have a Web site with the contact email address set to contact@example.com. Someone sends you an email using webmaster@example.com. Will you receive the email or not? you can set up a catch all
address to receive all the incorrectly addressed email. I did that once for a small site and received 14000 spam email per hour.
A better approach is to switch the catch all address off and set up only common email mistakes as aliases to a local address. webmaster@example.com could be an alias for contact@example.com.
The following description assumes you manage your Web site with cPanel. There are a lot of alternatives to Cpanel and you should be able to an equivalent action for your site. Ask your Web site hosting service for help if you do not find the right setting.
Go to Cpanel, mail, Default Address. Under Send all unrouted e-mail for:, select Discard with error to sender (at SMTP time).
Go to Cpanel, mail, User Level Filtering. Select Manage Filters for the account that needs an alias. Select Create a new Filter. Under Actions, select Redirect to email. Fill in the other fields as appropriate. Set Filter name and the field after Redirect to email to the alias, webmaster@example.com in our example. Set the empty field after Rules to the target email, contact@example.com in our example.
SPF
SPF is Sender Policy Framework and is described in www.openspf.org/Introduction. SPF is an open standard already used by 20 percent or more of the Internet.
Microsoft produced something different named Sender ID that confuses the issue because Sender ID is based on SPF but does something different and clashes with SPF. You can set up a fake Sender ID specification to make Microsoft sites not use Sender ID for your email. You can also change your email headers slightly to pass the Sender ID test without damaging the SPF test.
A test of SPF on a site receiving 1000 email per hour, 2 legitimate and 998 spam, reduced email to 4 per hour, 2 legitimate and 2 spam.
Thunderbird
Switch you email client to Thunderbird. use the email filtering in Thunderbird. You can manually mark mail as spam and Thunderbird will learn to mark the email as spam in the future. Of more importance is the fact that you can add email addresses to your contact list and have those addresses automatically accepted even if they look like spam. If you are already using SPF to make sure you accept only email from legitimate sources, the email passed because of the contact list should be legitimate email.
One serious advantage of using Thunderbird to filter your email after you kill most of the spam using SPF is that Thunderbird can move the spam to a special mail box you can review. If mail you want arrives and is marked spam, you can add the mail address to your contact list and always receive future mail from that address. You need this when your contacts change their email addresses and their new email is marked as spam.
Captcha
Captcha is something you can add to your Web site to reduce spam sent through Web site contact forms and comment forms. Captcha stops most automated spam and a lot of human spammers cannot be bothered with sites that use Captcha.
There are alternatives to Captcha including services you pay for but the paid services run into a problem problem with professional spammers who register for the same paid service then test ways to bypass the service.
Conclusion
External anti spam services do not know what mail you want and what mail is spam. Do not let them destroy your mail. The best they can do is mark your mail as possible spam then let you decide. SPF and other approaches kill most of the spam and you can teach Thunderbird to reject the rest.
