Spam-Fighting Tricks

Here is my spam-fighting setup. Using this, I would estimate that I spend about twenty to thirty seconds a day on spam (if that) amongst probably 300 messages on average per day. I use fetchmail as a mail fetching utility, procmail for filtering, SpamAssassin for the actual spam checking, and Mutt for mail reading.

Brief Overview

Basically, I fetch mail on a regular basis (currently every ten minutes) from my mail sources. Messages pass through SpamAssassin and then on to my filtering rules for mailing lists, etc. Mail that is tagged as potential spam is put into a "junk" folder, and when I go there in Mutt, all messages are deleted by default. I need only give the subject lines a quick glance, then switch folders and the spam is gone forever. I can also easily report spam that was missed so that I and others don't get it the next time around.

Necessary Software

You need to get either an MTA or a mail fetching system in place. You also need to have procmail installed, and I'm assuming that you use Mutt to read mail. The trickiest part will probably be getting SpamAssassin installed, as you will need several Perl modules in order to get it up and going.

Configuration

You will need to get incoming mail to go through SpamAssassin via procmail. I use this recipe for all mail:

:0fw | spamassassin -P :0e EXITCODE==$?

I should point out that you'll probably want to setup a backup mechanism until you are sure that everything is working properly, perhaps by copying all incoming mail to a backup folder before performing any changes. The above will cause all mail to pass through SpamAssassin as a filter and continue on throughout the remainder of your procmail recipes.

By default, SpamAssassin will perform a good number of tests on your messages and produce a "spam score" for each message. Simple tests such as a lack of a sender name or email addresses with the username portion ending in numbers receive a lower score, while larger indicators such as no MX record for the sending domain or known spam-harboring relays being used receive appropriately-weighted scores. All of this is configurable, but you'll probably find the defaults to be acceptable. SpamAssassin by default will treat anything with a score of five or more as spam and will modify the subject line, insert some notes into the body, and possibly even modify the Content-Type in the case of potentially harmful HTML mail. All messages receive a scoring header, even if they don't meet the spam requirement.

At this point, you could be finished and could just use the warning signs to skip over potential spam. However, I have gone a few steps further. Adding a procmail recipe such as this will filter tagged spam into a "junk" folder:

:0: * ^X-Spam-Flag: YES $HOME/mail/junk

The above is a header that is added by SpamAssassin for mail that meets the threshold (in addition to the subject modifications and other headers).

Mutt Tricks

Here are a few bits of Mutt configuration that make things a little easier.

1. One nice trick is a hook for the junk folder that sets everything to delete by default. A quick glance of the headers, and closing the mailbox deletes the messages forever:

folder-hook junk push 'D.\n'

Of course you could always view and/or copy any of the messages in this folder before leaving if you want to save the message (see tip #3 below for how to remove SpamAssassin's markup from messages you'd like to keep).

2. Another trick is a combination of configurations that allows you to both see whether something is listed in Vipul's Razor, (one of the tests used in SpamAssassin) and to report it to Razor if it is not. To let you know if it's already reported:

message-hook "~h RAZOR" "unignore X-Spam-Status"

If it's not reported (and you choose to), you may easily report the mail with the keystroke S if you use this:

macro index S "| spamassassin -r" "report message to Vipul's Razor"

3. This last trick is useful if you use vi/vim as your Mutt editor. If a message is accidentally tagged as spam and you would like to keep it, you can hit e to edit the message and in vim type :%!spamassassin -d to remove all SpamAssassin markup from the message. Then, just quit out of vim and your new message will have replaced the old one in the folder.

One Other Spam-Fighting Trick

Another trick that I use is to set up many rules for mail filtering according to lists to which I've subscribed and email addressed to which I'm addressed. All other messages (for example, from an unknown person and blind carbon copied to me) go into the junk folder as well. That way I can catch mass-mailings that may not have triggered SpamAssassin.

Conclusion

Feedback on this document is appreciated and encouraged. Address correspondence to incanus at codesorcery dot net. You may use my OpenPGP public key for secure email communication. This document is also signed for authenticity with my key; the detached signature is available here.

$Id: spamtricks.html,v 1.3 2002/03/04 00:51:36 incanus Exp $