SpamAssassin rule for stock pump and dump spam

[richb at pioneer.ci.net (Rich Braun)]

kclark at elbrysnetworks.com (Kevin D. Clark) wrote:
> If you're going to consider OCR for spam, you might want to read this:
> ...
> I'd be curious if systems like fuzzyocr or similar systems (which
> I haven't played with at this point) handle this sort of scheme.

Looking at that discussion about OCR, I got reminded of the #1 reason you
should consider running your own private anti-spam software instead of relying
on a big commercial email service:  spammers, like virus creators, craft their
wares to exploit weaknesses identified in software that serves the top 80% of
consumers.  (Example, most computer virii are written strictly for MS Windows,
few for the Mac or Linux.  If Linux were suddenly adopted by 80% of desktop
users, we'd face a whole different legion of virus writers.)

My evidence is purely anecdotal; having installed SpamAssassin back in 2003,
and enhanced it with additional exim configs 18 months ago, I've developed an
extensive personal set of rules which are tailored to the specific
correspondents I have.  When contemplating adding a new rule, I don't have to
worry about how the false-positive rate might go up for anyone else but me. 
If I were running an ISP's mail server, I'd have to remove most of my
custom-tailored rules for that very reason.  (The OCR example's a good one: 
if I wanted to, I could block all image attachments, period, from anyone not
on my white list.)

My one lament about SpamAssassin is that its configuration is annoyingly
user-unfriendly, and it's so easy to make mistakes that you have to expend
effort to have to re-test it every time.

-rich


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.