revjim.net

Since SpamAssassin is getting me nowhere fast, even after I added in all the silly Network based tests, I've decided to evaluate a few other Spam Killing Machines.

Now, of course, none of these comments are in regard to how well it catches SPAM. I haven't used either of them long enough to know. I'm simply evaluating their ease of use, etc.

First, DSPAM. DSPAM is SPAM filtering done right. The setup with a piece of cake. The rules were easy to understand. The documentation was good and plenty. I enjoyed all of the interesting statistics I could pull from my SPAM database. It is very easy to train on Uncaught SPAM and False Positives. There was only one large problem. In every message you get, whether you like it or not, there is a DSPAM tag embedded at the bottom of the message text (or appended to the subject, apparently, in the event that you should receive a PGP/SMIME signed message). This is annoying. Users will hate it. I hate it. It's just silly. The site claims that it MUST put the tag there for training purposes. If the tag were placed only in the message header, and a user forwarded in SPAM to train the system, it's possible that that header would not be included in the forwarded message.

So here's how you fix it. You put the DSPAM tag in the headers only and you look for those tags in the headers only. Then, you alter your training program to look for an attachment on the forwarded mail it trains from. If the attachment is present and the actual message body is blank, MIME Decode the attachment and run your process on that — the headers are fully intact. If an attachment is not present, attempt to find the forward separator (by looking for things that look like headers), and look for the DSPAM tag somewhere below it. If it is not found, return an error to the user informing them that they should forward with an attachment (vs. inline). The users I know would be much more capable of dealing with forwarding a message as an attachment than they would with this odd looking tag thing at the bottom of every message. Even if users don't see it or notice it or complain about it, what happens when they reply to someone and leave the TAG in their reply, and then that person replies back and now there are two tags in the message? It's just annoying. And this solution is a very silly way to solve a problem. Fix that, and DSPAM is by far the winner.

Now, CRM114. I am currently running CRM114 on all of my mail. You may have noticed a bounce or two from me if you sent me mail in the past hour or so. That's because this thing is very HARD to install. There are many requirements, and many files have to be in exactly the right spot. When it finally does run, it seems to do okay. Training is much more difficult. You can either forward a message to yourself (inline only), scrape off the headers and add a command on the top line, or handle everything by piping messages to a UNIX command.

So, to summarize. DSPAM gets an A+ in installation and ease of use and a F- in operation. CRM114 gets a D+ in installation and ease of use and a B+ in operation. The most important factor — how well it catches SPAM — won't be determined for a few more weeks.