Hopeless Geek

“To the last I grapple with thee; from hell’s heart I stab at thee; for hate’s sake I spit my last breath at thee.” — Moby Dick

That’s 24 hours of spam, that is. I tag my spam with POPFile and Apple Mail’s Junk Filter and that’s the end result of two folks on my side. The number skyrockets when I don’t use .Mac for mail (up to 600 a day). I’m going to approach this from another angle now…I’ve used PoBox for my personal mailing address for quite some time now (1997?). They’ve always had a spam filter and at one time it was pretty decent. Something happened in 2002 that made me turn it off; I forget if it tagged some good mail or if I did so when I installed POPFile. At any rate, I’d forgotten about it. Recently, however, I think Nissan or their dealer sold my email address (and home address, and type of car) to the marketing world because I’ve been inundated with emails about getting a warranty for my car and they’re starting to arrive in the postal mail as well. As such, my spam has increased ten-fold.

It ends, tonight. — The Matrix: Revolutions

I went to PoBox’s site today to look at their spam filter (free to users) and all I can say is … wow. This is what a spam filter from a mail provider should be. It allows you to pick-and-choose which rules to use (and you can set each rule to hold the mail for review or just bounce it) and then get statistics on each one after-the-fact.

There’s two default settings groups for those without an understanding of how mail works: Standard and Advanced. Standard omits some of the higher-false-positive rules (which they track the success of) and Aggressive uses them all (neither include the rules that ban whole countries, more later).

And the rules:

• Bad HELO hostname
• Looks like broadband
• Require PTR Record
• Sender address verification
• Sender Policy Framework

• Composite Blocking List cbl.abuseat.org
• Distributed Server Boycott List list.dsbl.org
• Distributed Server Boycott List Multihop multihop.dsbl.org
• Easynet/NJABL Dynablock dynablock.njabl.org
• Five-ten-sg Blackholes blackholes.five-ten-sg.com
• MailPolice Bulk bulk.rhs.mailpolice.com
• MailPolice Porn porn.rhs.mailpolice.com
• Not Just Another Bogus List dnsbl.njabl.org
• Spam and Open Relay Blocking System dnsbl.sorbs.net
• Spamcop bl.spamcop.net
• SpamHaus SBL sbl.spamhaus.org

• All mail from Argentina argentina.blackholes.us
• All mail from Brazil brazil.blackholes.us
• All mail from China china.blackholes.us
• All mail from Hong Kong hongkong.blackholes.us
• All mail from Korea korea.blackholes.us
• All mail from Malaysia malaysia.blackholes.us
• All mail from Nigeria nigeria.blackholes.us
• All mail from Singapore singapore.blackholes.us
• All mail from Taiwan taiwan.blackholes.us
• All mail from Thailand thailand.blackholes.us
• All mail from Turkey turkey.blackholes.us
• All mail from Japan japan.blackholes.us
• All mail from Mexico mexico.blackholes.us
• All mail from Russia russia.blackholes.us

• If _ or more flags are raised

The last one is the most interesting. Set the rules you question to flag the message and then set the last one to say that if a message has so many flags then do something with it. I’m using a four flag rule with eight questionable rules so that should generally nail the fun stuff.

For those items I tell PoBox to hold on the server, they send me a mail each (hour|day|week), at my option, with a list of the senders and subjects of each mail being held. I have about a week to claim it before it disappears. It never, ever, hits my mailbox. Ever.

Now this is all based on SMTP rules. This covers the mail servers and the probability that they are sending spam, but it’s not covering the content of the messages themselves. For that, I use POPFile still. It’s well-trained and has hit a 98% reliability rate with me and never deletes a mail (just flags). As such, I’ll two-prong this problem with mail server filtering, and mail message filtering.

I’ll give this a few days and see what happens. This should prove interesting.