I have enabled Spam Assassin on my email settings. I have the required score set to 4, the subject gets tagged with ***SPAM***, and I have turned on the bayesian classifiers. The problem is that I am still getting a ton of junk mail delivered into my inbox. Does anyone have any configuration suggestions for Horde or Spam Assassin that I could try? Thanks for the help.

Why not try making Spy Assassin a little more aggressive? It will only flag something as spam if it has 4 hits - try setting it to 3.

If that doesn't help is there not something you can use to manually mark emails as spam? [not familiar with Spam Assassin]

If you know the email addresses the spam is sent TO, add those names to your blacklist. I've recently done that and the spam was cut by almost 95%, no kidding!

Most of the spam I was getting was addressed to one of three addresses. They are now blacklisted. Problem nearly solved.

Most of the spam I was getting was addressed to one of three addresses. They are now blacklisted. Problem nearly solved.

Better yet, edit your email default address to :fail: any emails addressed to non-valid email addresses. That way there's no way to receive it. Use Spam assassin to catch spams that come to your valid email address.

What are your thoughts on using the :blackhole: default instead of :fail:?

I tend to think that the fail, although very good at its job, will only give spammers the ability to know the domain at least is active because it bounces the unrouted email. Blackhole on the other hand, simply puts the unrouted email in the great bit-bucket in the sky.

It has its drawbacks too, though.

Any thoughts?

~regards,
Shadmego

I tend to think that the fail, although very good at its job, will only give spammers the ability to know the domain at least is active because it bounces the unrouted email.

Don't give the spammers that much credit.

A typical spam run sends hundreds of thousands of emails and a large majority of them bounce. While it is possible to capture the bounces and clean the list, there is all kinds of reasons for bounces and spammers couldn't care less. They just go an harvest more email addresses.

Don't give the spammers that much credit.

A typical spam run sends hundreds of thousands of emails and a large majority of them bounce. While it is possible to capture the bounces and clean the list, there is all kinds of reasons for bounces and spammers couldn't care less. They just go an harvest more email addresses.

I just read some great articles in a Linux magazine last night that talked about how spammers harvest email addresses.

They basically do it in two ways:

1. They use bots and spiders to crawl websites for email addresses. This is why you should NEVER publish a plain email address to your website. You should obfuscate, or change it, in some way so humans can read it, but spiders cannot. The article suggested putting spaces between each character: u s e r @ s o m e w h e r e . c o m. There are actually great javascripts that will encrypt your email address so spiders can't read it, but when the page is rendered, will show up as a normal email address. I've been using one for the past several months and it seems to have worked very well.

2. Spammers also SMTP conversations with mail servers to figure out which email addresses are available. They pick popular domain names, like yahoo, gmail, hotmail, excite and more, and log into their mail servers via SMTP. They then go through a list of addresses (bob, bob1, bobby, etc) to see which ones the server returns as "user does not exist" and which ones the server accepts. The ones that don't return the error get spammed and put on an active list, burned to a CD and sold to other spammers.

There is a ton of other very interesting information in that article and I would love to share it with you all some other time, but for now, I think it would be safe to say that spammers are incredibly intelligent. Their smarts is seen in how they always seem to be one step ahead of the technology to stop them. As far as :fail: or :blackhole: goes, I prefer :blackhole: because of number 1. Spammers use automatic filters to discard inactive email addresses and accept ones that come back either bounced or alive.

~regards,
Shadmego

anyone notice HM has disabled Catch All yet or not ?

anyone notice HM has disabled Catch All yet or not ?

They are suppose to start today. Which is very good I have mine turned off I can't figure why it would ever be needed.

Here's a great tool for hiding your email on webpages:
http://acme-web-design.info/free-web-email-cloaker.php

This company makes available free tools without spyware, malware or any other junk. I've used the email cloaker for a couple of years and haven't seen a spam email addressed to it yet.

If you turn on Spam Assassin, it only marks the subject line with the word "spam". It will still let the email go to your inbox. This is as it ought to be because I will still scan through the emails in case it incorrectly caught a legitimate email. What I recommend is to setup Outlook to have a rule that says "if you see the word spam in the subject line", move the email to a spam folder. Then at least your inbox will not be cluttered and you can still scan through the "spam" folder for legit mails from time to time. That is what I do. Here is a tutorial on how to setup Outlook filters (http://learnwebdesignonline.com/misc-tutorials/outlook-filter-spam.htm).

As for how to prevent spam-bots from havesting your email address in the first place, I use Javascript to dynamically write the email address on my site instead of having it as straight text. Here (http://webmarksonline.com/content/dynamicemaillink.htm) is how.