Re: Is running spamassin on a home server a waste? (was ... Re: TCP/IP over Bluetooth)
On Wed 27 Apr 2016 at 11:14:15 +0200, email@example.com wrote:
> On Wed, Apr 27, 2016 at 09:53:31AM +0100, Brian wrote:
> > On Wed 27 Apr 2016 at 20:31:17 +1200, firstname.lastname@example.org wrote:
> > > On Sat, Apr 23, 2016 at 12:57:08PM -0500, John Hasler wrote:
> > > > > Thanks for making me think of that and the fact that over the last 10
> > > > > years, the only ham its seen are its mistakes. So this question might
> > > > > have had the seeds of something to help. :)
> > > >
> > > > My scripts copy all new non-spam to a ham directory which is fed to
> > > > sa-learn every night and then the contents of both the ham and the
> > > > spam directories are deleted.
> > >
> > > IIRC, it seems pointless feeding your mail through a spam filter
> > > if you're downloading it from your ISP/email provider.
> > I think you are assuming the ISP provides a spam filtering service and
> > you are happy to entrust the deletion of your mail to it.
> There is still some truth to the above:
> The most effective measure against spam these days is rejecting
> the mail up front (i.e. while the SMTP session is active). This
> way a (hopefully rare!) false positive is rejected in a way the
> sender can act on it.
I'd agree with this but would suggest the (vast) majority of users have
their mail delivered to a POP3 or IMAP account. Any rejection at SMTP
time is left up to the ISP and a user is usually unaware of this or has
no control over it.
> Once you got the mail it's too late. Either you have to generate
> a bounce (not a good idea these days, because real spam will have
> bogus headers and the bounce will hit a poor unsuspecting victim),
> or you have to look into the spam anyway, or the spam disappears
> in a black hole (again not a good idea, since in the false
> positive case the sender will newer know).
> Therefore once your ISP has accepted the mail for you it's kinda
> "too late" -- they better have a good spam filtering setup in
> which you have some influence (the spam filter will only work
> if it has a notion of what *you* consider to be spam/ham).
Indeed, the transaction is complete and the mail delivered once the ISP
accepts it. All a user can do is try to avoid downloading unwanted mail.
Leaving filtering to the ISP is fraught as many offer only a "take it or
leave it" service, again with no user control. Even more do not allow an
opt-out and no matter what the quality of the service a deleted mail is
a deleted mail. I'd rather make my own mistakes. And have. :)