Order of the Bath

My hosting company are trialling a central spam blocking option on my domain. Actually it is a marketing exercise to get me to buy it but it was interesting enough to accept. It is a reputable system using Barracuda which incorporates a rule based algorithmic scoring system with user whitelisting and blacklisting plus, after a while, a Bayesian component. It is all web based and quite easy to use and seems to be effective.
The reason I won’t be continuing after the trial is that I now get as many “quarantine” messages from the system as there used to be spam and I have to read them. The reason is subtle and one that they didn’t think of.
One of the “features” of own-domain email is that you have the potential of a nearly infinite number of email addresses. The hosting people encouraged this by providing a “nobody” facility—a mechanism that sends any mail for which there isn’t a designated box or alias to a single address. I exploit this by giving every (organisation) that I deal with a unique address when I sign up; e.g. for mailing lists, payment accounts etc. That way I can tell if they forward it to “partners” or sell their address list. It has only happened to me once but was useful to prove the case.
A side effect of this is that if a spammer does a random name type of attack then I get it all in my inbox, not a huge amount but enough to notice. Unfortunately the new spam block system doesn’t recognise this so opens a quarantine management box for every new address it sees and sends me a summary and a password for it.
What it ought to do is activate the forwarding rules BEFORE processing the mail, then I would only get one box for the whole lot and it would start to get a significant amount of data for the Bayesian algorithm to kick in—but I can’t convince them of that so I will continue to process my own spam. Popfile is good enough and there is no bandwidth problem.

This entry was posted on 20 Oct 2006 at 12:08 by Rick and is filed under email, Technical. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.