[BBLISA] State of spam filtering?

Tue May 21 00:31:00 EDT 2013

Tom Metro wrote:
> I imagine that the already small population of geeky people who ran mail
> servers for personal use has gotten even smaller.

I'm one of the holdouts who still runs a personal mail server, 20 years later.
 I use spamassassin with just the free dcc, razor2, and a handful of homebrew
rules for filtering.  But with the rise of port-25 filtering by cable/DSL
providers starting a decade ago I had to supplement this with a couple of the
following types of commercial and/or free services:

1) Inbound forwarders
2) Outbound relays
3) Spamassassin-compatible filtering-agent service
4) Inbound front-end services

The other two options you can choose are appliances (many of which are just
embedded systems with Linux and Spamassassin installed, tied to a filtering
database in the cloud), or commercial web hosting.  That last category has
captured about 99.99% of the market these days; I work at a company which uses
one, and my last job was at a fortune-500 company which also used one (most
are just glorified Microsoft Exchange servers).

A few comments about the services I use:

For item #1, forwarders, much inbound spam gets caught by the relatively
lightweight rules of the DNS provider I use, EasyDNS, which also includes
port-25 remapping as a free service.

For item #2, there are a whole bunch of companies which you can aim your
outbound postfix/sendmail config at via the smarthost/transport map rules. 
Many of them are in the same niche as Constant Contact and its ilk; they live
or die by the reputation of their outbound IP addresses, so they have to
manage all the "take-me-off" requests to maximize deliverability.  The beef I
have with most of these services is they don't strip the outbound Received
headers, which means the IP address of your outbound mail is visible to the
recipient.  Officially, that's not supposed to matter; unofficially, a
gazillion large webmail providers (read:  yahoo, aol, et al) include any IP
address they can see in the headers as part of their secret spam-control
methodology.  A couple years ago I sampled about a dozen companies in this
category, and found only one (MailJet) that strips outbound Received headers. 
You're reading this through that service now, so the headers of this message
should show you what I mean by that.

For item #3, I subscribed to one of these about 3 employers ago, and it worked
great.  I don't see that company listed at the Apache site anymore so maybe it
wasn't such a profitable niche.  You'd subscribe to their cloud service,
download their Spamassassin plugin, and let them deal with all the nuances of
spam control that the freebie rules can't keep up with.  I suspect they went
out of business because:  the freebie rules are quite good.  Just set up your
SA config in the recommended way, with a daily auto update of rules, and
you'll be pretty happy with the outcome.  (The free ruleset /is/ updated
constantly.)

For item #4, I don't need anything beyond the front-end service provided by
EasyDNS given that I've got a private instance of Spamassassin.  But if you're
running a small/medium company but want to keep a private email installation,
you might want to skip maintaining a local spam filter pay one of those
companies for the inbound forwarding service.  Tons of such companies can be
found, starting with the recommendations on the Apache spamassassin site.

The reason Spamassassin hasn't been updated since 3.3.2 is simple:  it's a
mature plugin-based technology that really doesn't need changes.  The whole
world settled on it years ago and there's an active ecosystem of providers who
rely on the platform to supply the rulesets needed.  And, it's hard to compete
with free:  that's why you don't see a whole lot of upstarts trying to come up
with a replacement core platform; it's unsurprising that most of the
commercial appliances are based on Spamassassin itself.

-rich