Controlling spam mail with STAMP
Author: L.S.Lowe. File: mailstamp. This update: 20071205. Part of Guide to the Local System.
IntroductionI've been receiving something like 50 to 70 spams a day, under my various mail ids and project mailing lists. You may have similar problems.
But with my new email setup, 98% of these spams are ending up in my new spam folder. I just check this occasionally for false positives, and clear it out from time to time. Just like I do on a hotmail/yahoo account.
Around 65% of these spams are identified as such by the campus STAMP spam filter/flagger. About 40% of them are identified as such by the CERN SPAM flagger*. There is not surprisingly some overlap and 80% of the total are picked up by one or both of these methods. Around 20% of them are identified by neither of them but are picked up by my local extra spam rules.
- the campus STAMP system is an important tool in recognising spam.
- For those who are on CERN mailing lists, their SPAM flagging is important too.
- And the third important element is some extra local reactive rules to pick up as much of the remainder as possible.
* Note: of course this does not imply that the CERN spam flagger is less successful than STAMP, because only a proportion of my email comes from CERN!
Note too: a small number of spams, around 30 per day for the whole group, are rejected via a sendmail ruleset before being received, because they have an envelope sender domain which is not DNS-registered and is therefore fake.
BackgroundIt would be quite difficult for a research group such as ourselves to control incoming spam alone. A large organisation like hotmail and yahoo mail or even the university gets a better view of when incoming mails follow a particular pattern and are relayed to a large proportion of the users, and so could be spam. Also a large organisation receives the email directly from the spammer, making it easier to check the sending IP address against black-lists, whereas our mail server receives email via the central mailer, one step removed.
The STAMP spam filter/flaggerThe campus STAMP spam system can be called a filter/flagger because it rejects highly-likely spam at the initial delivery stage, and so is a filter, and it flags other spam so it is delivered but can be identified as probable-spam.
There is no need to register to use the STAMP system, as it is an intrinsic part of the campus incoming mail system.
There is a further local document which tells you how you can set up the system to deal with your spam when it arrives.