always seeing a Fuz2, etc. count of 1, no server name in X-DCC- header

Vernon Schryver vjs@calcite.rhyolite.com
Thu Apr 15 03:20:59 UTC 2010


> From: "Chris Aseltine" <ophidian@newsnation.com>

> >> some of them to show up as bulk.  Otherwise how is the program useful?
> >
> > If you don't find dccm useful, then please remove it as soon as possible.
>
> Dude, c'mon.  Why you got to be like that?  Anyway, point taken and I will
> leave this alone.

Perhaps that was not the unintended meaning, but your "how is it useful?"
comment felt like a standard threat to take your business elsewhere.
I try take such treats in good grace from paying customers, but 
often lack patience in other situations.
Concrete constructive suggestions are something else.  Over the years
I've received private, unsolicited comments along the lines of
"at line X in the Fuz2 source, it seems Y should be computed instead of Z."
They were generally right.


> > Why was that message not rejected during the SMTP transaction?
>
> I don't know.  You gave (of course) lots of good reasons to do so.  I guess
> you just have to believe me that I check my junk-mail file regularly.

Regular junk-mail file checking is not relevant to my point about
rejecting instead of accepting and discarding, except that not
checking makes the problem worse.
Every spam filter has false positives, including manual filtering.
Checking your junk-mail file amounts to running it through your manual
or mental spam filter.  If your junk-mail file gets only 1 or 2 messages
per day, false postives are probably not a worry.  If it gets 20/day,
not to mention the more than 1200/day that were rejected for my mailbox
in the last 14 days, then false positives in any manual filter should be
a concern.  (Years ago I gave up checking my junk folder (really dccm logs)
except with `grep` when someone reports a false positive or for various
tests.)


> Unfortunately I can't whitelist my mom because she's also at newsnation.com
> and spammers impersonate her.  (wait, I could use DKIM...)

IP addresses (including by host name) are just as effective as DKIM/SPF/etc.
for whitelisting.  Those are better only when maintaining IP addresses
and host names is hard.  Contemplate tracking the IP addresses used
by Hotmail or Google with something other than DKIM/SPF/etc.


> > If I were using your set of blacklists, I would have wired them
> > through `dccm -B`.
>
> Agreed, although I don't think this option existed when I first started
> using DCC (2004?) and I developed my own Perl script for doing the same.
> I'm sorry for duplicating the functionality.

If your Perl script doesn't reject during the SMTP transaction as well
as log the message body, then it doesn't duplicate dccm.

In 2004 in http://www.rhyolite.com/pipermail/dcc/2004/001933.html 
you wrote
  "For me, the fuzzy checksums stopped being effective months ago"

The best answer I can offer to your disappointment in DCC checksums
then and now is in the "Spam Ratio" graphs at
http://www.dcc-servers.net/dcc/graphs/?BIG=1
If you figure that 90% of all email now is spam and that according
to those graphs DCC clients are told by DCC servers that 69% of the
mail they see is bulk mail, then DCC is about 69/90=76% effective.  
Vary the 90% or the definition of "bulk" to taste, and draw and act
on your own conclusions.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.