{"id":256,"date":"2008-01-21T23:46:04","date_gmt":"2008-01-21T22:46:04","guid":{"rendered":"http:\/\/daniel.haxx.se\/blog\/2008\/01\/21\/my-antispam-measures\/"},"modified":"2008-01-21T23:46:04","modified_gmt":"2008-01-21T22:46:04","slug":"my-antispam-measures","status":"publish","type":"post","link":"https:\/\/daniel.haxx.se\/blog\/2008\/01\/21\/my-antispam-measures\/","title":{"rendered":"My Antispam Measures"},"content":{"rendered":"<p>I get a fair share of spam. I have something like 10 working private email addresses, I&#8217;m listed as recipient in numerous email aliases and they all end up in the same physical mailbox where I read them. I&#8217;ve also had my existing emails for many years and I&#8217;ve shown and used them publicly on the internet all the time. I&#8217;m a major spam email target now. A good day I get just 2000 spams, but bad days I&#8217;ve been well over 13000 spam emails.<img decoding=\"async\" src=\"http:\/\/daniel.haxx.se\/blog\/wp-content\/uploads\/2008\/01\/spamcan.jpg\" alt=\"A can with spam\" align=\"right\" border=\"0\" hspace=\"10\" vspace=\"10\" \/><\/p>\n<p>My biggest friends in this combat are: <a href=\"http:\/\/spamassassin.apache.org\/\">spamassassin<\/a> and <a href=\"http:\/\/www.procmail.org\/\">procmail<\/a>.<\/p>\n<p>I&#8217;ll describe how I have things setup, not as much as to inspire others but more to be able to get feedback from you on how I can or perhaps should improve my setup to get an even better email life.<\/p>\n<ul>\n<li>I consider all mails with spam points &gt;= 3 to be spam. I&#8217;ve also tweaked my spamassassin <em>user_prefs<\/em> to be harsher on (pure) HTML mail and a few other rules, and I&#8217;ve added a couple of my own rules to catch spams that previously did slip  through a little too easy.<\/li>\n<li>First, I filter out mail from trusted mailing lists that have their own antispam measures.<\/li>\n<li>I catch what appears to be bounces (I have a huge regex) and if it looks like a bounce to an address I don&#8217;t send email from I nuke it immediately (and those could be a true bounce are saved in a dedicated mbox)<\/li>\n<li>I have a white-list system that marks all incoming mails from previously marked friends as coming from a friend.<\/li>\n<li>Mails from non-friends are passed through spamassassin. Those with spam points higher than N are put in the &#8216;hispam&#8217; folder &#8211; of course with the intention that these are very very very unlikely to every have any false positives and can almost surely be deleted without check. N is currently 10 but I ponder on lowering it somewhat. Spams with less points than N are put in the &#8216;spam&#8217; folder, and I need to check that before I kill it because it happens that I get occasional false positives that end up there.<\/li>\n<li>So, mails that aren&#8217;t from friends (or from a trusted mailing list) and aren&#8217;t marked as spam are then stored in the &#8216;suspicious&#8217; mailbox<\/li>\n<li>Mails from friends or from trusted lists go directly into my mailbox, or into a dedicated mailbox (for lists with somewhat high traffic volumes).<\/li>\n<li>Oh, a little additional detail: I &#8220;mark&#8221; my own outgoing mails with an additional custom header with no point whatsoever but to be able to detect when someone\/something sends me mail using my own address&#8230;<\/li>\n<\/ul>\n<p>My weakest point in all this right now is the fact that I don&#8217;t spam-check white-listed mails at all, so spams that are sent to me using my friends&#8217; email addresses go through and annoy me.<\/p>\n<p>BTW, I did use <a href=\"http:\/\/bogofilter.sourceforge.net\/\">bogofilter<\/a> in the past and for a while I actually ran both in parallel (both trained with rougly the same spam\/ham boxes for the Bayes stuff) but quite heavily testing I performed at that time (a few years ago) showed that spamassissin caught a lot more spams than bogofilter, while bogofilter only caught a few extra so I dropped it then.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I get a fair share of spam. I have something like 10 working private email addresses, I&#8217;m listed as recipient in numerous email aliases and they all end up in the same physical mailbox where I read them. I&#8217;ve also had my existing emails for many years and I&#8217;ve shown and used them publicly on &hellip; <a href=\"https:\/\/daniel.haxx.se\/blog\/2008\/01\/21\/my-antispam-measures\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">My Antispam Measures<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16,6],"tags":[40,423,19,41,38,39],"class_list":["post-256","post","type-post","status-publish","format-standard","hentry","category-mail","category-floss","tag-bogofilter","tag-mail","tag-open-source","tag-procmail","tag-spam","tag-spamassassin"],"_links":{"self":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/256","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/comments?post=256"}],"version-history":[{"count":0,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/256\/revisions"}],"wp:attachment":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/media?parent=256"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/categories?post=256"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/tags?post=256"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}