On Mon, Jan 20, 2003 at 04:56:58PM -0000, Angel Gabriel wrote:
I was nosing around the SpamCop website, because I was trying to report some
b*stard that keeps spamming my main address, adn I found the following
In order to avoid spamming, mailing lists must implement a secure opt-in
procedure. Many so-called "opt-in" lists are nothing of the sort. Beware
anyone who wants to sell you lists. You will be disappointed.
I cannot stress strongly enough the need for secure opt-in. Many web-sites
now feature "click-through" confirmation, or checkboxes which must be
unchecked. However the initial sign up is accomplished, whether on a web
site, or by email - the final confirmation phase must include a random code
which is emailed to the intended recipient. If that code is not returned by
the user, you must not add the address to your list. If you do not follow
this procedure, you will inevitably spam somebody, whether or not that is
If you implement this type of secure opt-in, and one of your subscribers has
still reported your mailing as spam, please gather all the data on the
incident and report it.
If you do not have a working opt-in process, you should clean your list by
reconfirming all subscribers using a secure opt-in procedure as described
above. The most important part of this confirmation is that if a subscriber
takes no action, then that subscriber is de-listed.
The bit that intrested me, was the final part, how can I reconfirm all my
Send email to each list advising that you'll unsubscribe everybody on
xx day and they'll need to re-subscribe. Set up a procmail front-end
on each list that saves copies of all list-request mail.
Or ignore Julian Haight and his SpamCop site. He's trying to set himself
up as legislature, judge, jury, and executioner all rolled into one.
Nobody's benevolent and fair enough be allowed to do that. Let him get
his kicks by purchasing an old police car and driving around town in blue
khakis wearing dime-store tin badge, instead.
If spam is troubling you, consider installing SpamAssassin (but
configure it not to use SpamCop's lists). SpamAssassin does pretty
well all by itself by just looking for patterns, and it calls on
several blacklist services in addition. Actively maintained,
it is doing a pretty good job here at screening out spam from
several very actively-spammed mailboxes: 8:1 incoming
spam to substance ratio in two of them. Better, it gets very few
SpamAssassin uses Vipul's Razor, a blacklisting service also known as
SpamNet. Individual spams are quickly cataloged and a cryptographic
hash of the body of the spam propogated to numerous Razor servers.
Your incoming mail is checked by SpamAssassin against known hashes,
and scored as possible spam on a match. If other factors also
suggest it is spam, SpamAssassin will add a header which can
then be filtered on.http://razor.sourceforge.net
Duplicate incoming mail can be detected and sidelined using a
filter I recently published in this forum. I'm testing an updated
version whose database doesn't grow without limit. If you're getting
a lot of the same spam, you can eliminate all but the first copy
with this filter, and eliminate those annoying multiple CCs of other
Procmail is your friend with respect to all this. Everybody here
uses a procmail recipe to sort incoming mail, calling filters as
desired, sidelining mail from particular senders or sites. The
manpage is a bit formidable but once you get the hang of it,
procmail recipes are quite easy to write and maintain.
There's some interesting work going on with Bayesian filters. These
score spam based on word frequencies. I've tried a couple, but so
far found the results much inferior to those of SpamAssasssin.
Dan Wilder <dan at ssc.com> Technical Manager
SSC, Inc. P.O. Box 55549 Phone: 206-782-8808
Seattle, WA 98155-0549 URL http://www.linuxjournal.com/