November 23, 2004

Spamcans of Hanoi

Quick calculation re: corporate spamfiltering. Novell uses a central spamfilter, which reports spam that it has trapped at regular intervals via email digests. Those emails contain lists of the subject lines and senders of said spam, along with links for each to release the message or delete the message. If you choose to delete the message, the resulting webpage offers a link which will add the sender to a personal blacklist, 'preventing further spam from that sender.' Um, okay. Let's have a quick look at that.

I am fortunate that my Novell account does not (as yet) receive an enormous quantity of spam. Probably because I don't use it much outside of the company. My Ximian account, however, does - and I am migrating to my Novell address as per the Integration Marching Orders received from on high. On average, I have found that I receive something like thirty to forty messages per day which make it past our currently-outdated SpamAssassin+Bogofilter install on the Ximian mailserver. I have noted similar messages making it into the Novell 'You've got Spam!' mail alerts. Assuming (for the nonce) that I end up with a roughly similar spam load, let's see what that will do to me.

I just got an alert. I clicked on the 'Delete Message' link. A browser window popped up, and churned for twenty=nine seconds (at 0921 Eastern, when most folks in Provo - where the servers are - aren't working yet). Then it gave me the 'add sender to blacklist' option. I clicked that. That churned for thirty-three seconds before returning. One minute two seconds, then, not counting browser launch time and reading time for the digest, to deal with one spam message. Even if I ignore the blacklist option (a good bet, since the 'from' addresses are usually one-time-spoofs) that's still a half-minute-per) then I have fifteen minutes of browser churn to cope with a day's average spam load, as opposed to maybe ten seconds of select-and-delete in a mail client.

I fail to see the point.

Posted by jbz at November 23, 2004 9:26 AM | TrackBack

Comments

A nit: for better or for worse, mails in your Novell spam quarantine only stays there for a relatively short amount of time. After they've been sitting in the spamtrap for a week (or something) they're automatically deleted.

I've stopped bothering to check it, because the notification mail they send is really hard to read. Nicer would be having the spam quarantine be a special folder, with the autodeletion configurable.

Posted by: maw at November 23, 2004 9:04 PM

You don't have to delete it-- it stays in a queue for a couple days and then is automatically flushed. Each digest shows you what's new, and then everything left in the queue you haven't addressed. So, you only have to go through one digest even if you're away for a couple days, and scan the subject lines. Nothing positive? Delete digest, do nothing, it all goes away.

False-positive, which tend to be evolution-hackers posts from blacklisted domains, in my experience, take about ten seconds to "release from the quarantine" and you can also whitelist the senders-- but again, you don't have to wait for confirmation, just pop open the browser and leave it to churn while you keep scanning the digest.

It's really not so bad.

Posted by: verbal at November 23, 2004 2:50 PM
Post a comment









Remember personal info?