In article <telecom24.334.6@telecom-digest.org>, TELECOM Digest Editor
noted in response to jmeissen@aracnet.com:
> [TELECOM Digest Editor's Note: But I do the essence of challenge
> response right now, as many other mailing list publishers do. You
> (or some spammer or other idiot) writes to me. When it gets here if
> Spam Assassin detirmines it to be spam it goes into one file. The
> allegedly _legitimate_ letter writers get back an auto-ack from me,
> but since Spam Assassin lets so much garbage through, a lot of
> spammers get an auto-ack also.
But spammers DON'T get the auto-ack. Spammers almost universally use
forged sender addresses, so the auto-ack goes to some innocent
bystander.
> (3) then it goes on to say "If you
> were not the writer of what I received, then someone apparently took
> control of your computer; please get help as needed in cleaning out
> the viruses, etc.
The computer that was taken control of is almost always *not* the one
you notified. Repeat after me: "Spam uses forged sender addresses."
A's machine is a spam zombie, and sends out mail from B and C.
Bounces and challenges go to B and C, who have no way of fixing A's
machine, and probably can't even figure out who A was.
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
[TELECOM Digest Editor's Note: First of all, I do not send auto-ack
to 'known (by Spam Assassin) spammers'. Those four to five hundred
letters I receive daily just get dropped in a separate file. Its
the two or three hundred letters which did not meet the Spam Assassin
'point score' which go in the regular mailbox who get the auto-ack.
Trouble is, many of those (which slipped past Spam Asssassin) are also
in fact spam. I cannot refine it any closer without throwing out good
mail, which happens sometimes anyway. There are 'control copies' of
each issue of the Digest which are sent out in the mail and looped
back to me to test this with. I have the point scoring set as low as
I possibly can without getting legitimate stuff tripped up. When an
issue of this Digest (a controlled mailing) returns in the loop and
falls into the spam pot then I know the point scoring is a bit too
low and I set it up a little. I use Bayesian scoring and Spam Assassin
learns a little from its own experience. The system admin here at MIT
is going to install a newer version of Spam Assassin for me as time
permits; he has a busy schedule also.
And I have to disagree at least a little with your recitation above
that 'spam uses forged sending addresses'. Yes that is true a little,
but it is very rare (maybe four or five each day [out of about 300
auto-acks] which are sent out automatically) that I get back a
mailer-daemon from postmaster here with an auto-ack which bounced; and
I have _never yet even once in twenty years_ gotten a letter of
complaint from some person who had been 'accused' of sending spam or
who was 'annoyed' by getting the auto-ack. I get a lot of those
myself, where an auto-ack from someone tells me welcome to their
group, or thanks me for writing them, etc, and if they did not fall in
the spam file and get automatically tossed out when I first log in
here each day, then I toss them out by hand when I comb through the
so-called legitimate mail file. PAT]
Barry Margolin (barmar@alum.mit.edu)