LISTSERV 16.0 - MSUNAG Archives

David A Gift wrote:
> I'm not the expert on this and someone from the mail.msu team who is 
> needs to jump in, but it is my understanding that (a) we have been 
> using SpamAssassin on mail.msu since day-1,
I haven't been on the mail.msu.edu team since day one... however, I have 
worked here since '98 in some capacity and I recall there always being 
the option to filter spam since pilot.msu.edu became mail.msu.edu (if 
I'm wrong I'd ask that some of the original admins step in and correct 
me because most of them still work here).
> (b) spam filtering is turned off by default and most users have NOT 
> turned it on, 
I don't think we've run the numbers on this in quite awhile, but it is 
true that spam filtering is turned off by default (this had to do with 
resources and policy questions).  The best I can recall is the 
percentage of people using our default SpamAssassin rules (not including 
Mail Filter Rules) is much lower than *I'd* like to see.  I wouldn't 
even want to make up a number at this point though.
> (c) our spam-threshold settings are somewhat conservative  --  i.e., 
> we tend toward more false-negatives (letting spam through) to avoid 
> too many false-positives (trapping content that people actually want 
> to receive).  In fact, SpamAssassin is only one of several layers of 
> spam filtering deployed in mail.msu.
We have our threshold set to a score of 5.0, now numerous factors 
contribute to the score.  For example an MLUI, or Michigan Land Use 
Institute (who consistently gets marked as spam) shows this as their 
scoring:

X-Spam-Report:
    * 2.7 DEAR_FRIEND BODY: Dear Friend? That's not very dear!
    * 1.5 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of 
words
    * 0.0 HTML_MESSAGE BODY: HTML included in message
    * 1.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

Every single newsletter they send started off with "Dear Friend"  Well 
right away, boom!  That's 2.7 points against your spam score.  The 
message was only sent via HTML, there's another 1.7 points.  Including 
the embedded image in the HTML another 1.5 points.

Now unfortunately this isn't spam, this is a legit newsletter that 
someone on campus here was having trouble receiving.  The way around 
this was to setup a list of "Trusted Senders" within the confines of 
your MSU Webmail preferences.  The trusted sender's list had some small 
issues of its own, but they were not very common and not worth 
mentioning here.

So I'd say that, yes, a score of 5.0 is fairly conservative considering 
how low a point value other attributes can be.  Lets say for example, 
that we changed the threshold to 7.0.  I'd guess that easily you'd see a 
10% increase in spam (to those who have filtering turned on).  You could 
lower the threshold to something like 2.5, but then we'd have to assign 
lower point values ourselves to things like "HTML ONLY BODY" in order to 
avoid so many false positives.

We do have other methods in place for fighting spam.  We have our 
greylisting server in front of all inbound @msu.edu email, which has cut 
spam in half across the @msu.edu domain.  We have some extra definitions 
included in our Anti-virus software that help in fighting known phishing 
attacks or other (419) scams.  We have mail filters, which can be 
difficult to create and manage but do provide some additional filtering 
based on rules you provide.  And of course we have a Blocked Senders 
List for those annoying people who are sending threatening emails to 
you, and the antonym of that, the Trusted Senders List (Do not be 
confused, blocked senders is typically not a method to fight spam).

> Point C is important:  the broader the user base the more conservative 
> spam threshold settings need to be to make sure that people get the 
> mail they want to get.  The more local and narrowly-defined the user 
> base, the more specific the spam settings can become and the more 
> effective the filtering.  If one sets filtering just for oneself, it 
> could be made to work almost perfectly, but few other people would 
> accept the same definition of perfection.  I think this 
> spam-management trade-off issue is often missed when people compare 
> the relative effectiveness of spam filtering at different levels of 
> user scale and scope.
I don't have too much to add here other than to say I couldn't agree 
with you more on this point.  :-)
> - Dave
>

Hope all this information was useful, but I will gladly try to answer 
any more questions.
./brm