% Personally, my biggest concern is
> per-user configurability. I think that
> these tools can provide me with the
> level of flexibility that I need to help
> users fight spam. My problem then
> becomes scalability. In a large
> production environment, say upwards of
> 50k users, i can't afford for a spam
> filter solution to drop my CPU resources
> to zero. I can't (literally) afford to
> add 10 more MX servers because my spam
> solution hogs all of the resources.
Wow, 50,000 users puts you in a category far above most environments. Any global solution would have be very fast and likely span many incoming mail servers.
> PERL is nice. It has great flexibility
> and amazing text processing power.
> Unfortunately, it is slow. I would
> really love to see an open source spam
> fighting solution written in a compiled
> language to help improve scalability.
> Perhaps spastic can provide that to me.
Spastic is not compiled, per se, it uses native procmail commands and shells out to grep for regexps so I don't think it would scale to the level you need.
> I liked the article quite a bit. I
> would really have liked to see
> information about MANY spam solutions
> rather than just these two. Brightmail
> is a decent commercial offering.
> Fortinet makes anti-spam hardware based
> firewalls, and there are tons of others.
A complete examination of ALL the spam programs, commerical, open source, and hardware solutions would be daunting. There are probably 50-100 open source solutions alone. The most recent version of Imail Server 8.0 from Ipswitch (which is used at one of my clients with 500 users) includes a decent anti-spam filter. Even dedicated testing labs like at ZDnet/Cnet usually limit their testing to 8-10 products at a time.
I still think that current anti-spam solutions are more bandaids than cures. Until e-mail is metered like snail mail, the economics of spam will keep spammers in business. And I'm not sure I want e-mail metered.
>If it was anecdotical, you probably
shouldn't list the efficiencies with
four significant digits ;-)
Remember, I stated the results could not be generalized. What I reported was what actually happened to 4 significant digits ;)
> An important thing is being up to date
(you don't even mention the versions!).
The versions were in the original text (SpamAssassin 2.44 and Spastic 3.0), but removed by the editor.
>So, at least one more SpamAssassin note:
A weakness that definitely worths
mentioning is its speed -- or better
You have hit on what I think is one of the real harms of spam. It wastes resources, both computing and human. The more spam there is, the more resources are wasted dealing with it.
Although there are some U.S. state laws prohibiting spam, legislation can't be effective unless it can be enforced globally. A redesign of SMTP that ensures e-mail headers can't be forged would be very hard or impossible to implement and would take years or decades to roll out. This is why I believe spam will be with us for a long time.
The only way I can see to deal with it is to make it cost the spammer money. If it costs something to send a million spams, the spammers will be much more selective and targeted. It would not eliminate spam, but it would make it more like the junk mail you get in snail mail. The levels would drop to something more sane. How do you meter e-mail? I have no idea.