>"PW" wrote in 4ax.com>:
>

>> On Sun, 11 May 2008 08:50:08 -0500, VanguardLH wrote:
>>

>>> "PW" wrote in 4ax.com>:
>>>

>>>> On 10 May 2008 22:15:11 GMT, Holz wrote:
>>>>

>>>>> Can anyone recommend a good personal Anti-spam software? I have one
>>>>> stand alone and one connected to Exchange, however I do not want
>>>>> an Exchange based solution.

>>>>
>>>> Try sunbel-software's 30 day trial of iHateSpam. Purchasing it was
>>>> an effort to say the least. I am using it for XP and Outlook 2003
>>>> and am VERY impressed so far!
>>>>
>>>> -pw

>>>
>>> iHateSpam: A community voting scheme to determine what is and is not
>>> spam. Spam is identified too late by the community for those that
>>> often poll their mailboxes.
>>>
>>> I was going to say that iHateSpam is yet another attempt to use
>>> users to vote on spam; i.e., use humans instead of blocklists,
>>> bayesian filters, DCC (how many received the same mail),
>>> greylisting, and other methods. I was also going to say that is very
>>> much like Cloudmark's SpamNet (renamed to Desktop after they yanked
>>> away the free version from all their users that helped them test and
>>> debug their app) but then I saw the following article which says
>>> that iHateSpam is just a different front-end to Cloudmark:
>>>
>>> http://www.pcmag.com/article2/0,1895,2280345,00.asp
>>>
>>> Community voting of spam sounds great as described but it doesn't
>>> work if you grab your e-mails almost as soon as they show up in your
>>> mailbox. The idea is that users vote on the spam (by marking it as
>>> spam) and a hash value (fingerprint) gets sent to their server to
>>> get updates to other users. If they receive the spam and if they
>>> have gotten a database update then the spam gets identified. If you
>>> poll your mailbox at long enough intervals and if enough other users
>>> have voted on the message as spam and if you have gotten a database
>>> update then you won't see the spam. A lot of if's.
>>>
>>> The voting scheme is very similar to use DCC to determine if an
>>> e-mail is spam or not. A hash of the message is sent to their
>>> server to record how many recipients got that message. The idea is
>>> that you can set a threshold, say 20 or 50, after which if more than
>>> that many recipients got that e-mail. What it really does is
>>> provide a measure of whether or not an e-mail is bulk e-mail without
>>> it identifying itself as such (by using the "Precedence: Bulk"
>>> header). Cloudmark takes it a step further by having users vote on
>>> whether or not a message is spam to record the hash for that message
>>> so others that get that same message (and the same hash) might know
>>> it was voted as spam. Why do you think those spammers adds
>>> paragraphs of nonense to their spam? Because changing just one word
>>> will generate a different hash. Some of their spam source will spew
>>> the same message and you might block that one that has already been
>>> voted on sufficiently to identify it as spam, but the same spam from
>>> a different spam source has a few words changed to change the hash
>>> value. It's like when the captain on the Enterprise says to rotate
>>> frequencies of their shields to thwart the Borg: the spammer just
>>> rotates frequencies by generating a different hash for their same
>>> turds that they're firing at you.
>>>
>>> If you poll your mailbox at, say, 5- or 10-minute intervals, no one
>>> else (or few others) have yet voted on the spam that just got
>>> started in spewing out from the spam sources. There are no votes,
>>> or not enough of them, to identify the message as spam. You haven't
>>> yet gotten an update from their server so the message won't be
>>> identified as spam.
>>>
>>> I participated in the SpamNet testing. When spam was fresh, oh joy,
>>> I got to vote on it so *others* could take advantage of my voting to
>>> not see that spam. I still saw it, though. So if you poll your
>>> mailbox every hour, or longer, then you get to ride on the coattails
>>> of the other users that voted the message was spam. But obviously
>>> those folks that voted had to actually see the spam so the scheme
>>> obviously didn't help them to get rid of the spam in their mailbox.
>>> Because I was polling my accounts at under 15-minute intervals,
>>> almost all the spam got through because no one had voted on it yet
>>> except me and maybe a few others that just got the freshly spewed
>>> turd dumped in the mailbox.
>>>
>>> Another big problem with community-driven "intelligence" in
>>> identifying spam is that a large majority of users will claim
>>> something is spam when it does meet the qualifications of UCE or
>>> UBE. They say something is spam simply because it is e-mail that
>>> they don't want.
>>>
>>> So if you use Cloudmark (via iHateSpam) then don't poll your mailbox
>>> very often. Otherwise, you will see the spam and get the joy of
>>> voting on it so *others* won't see it.

>>
>> By polling, you have Outlook check and receive e-mail?

>
>Yep, every 10 minutes. Actually I have a monitor program checking my
>e-mail accounts and run Outlook only when I want to receive those
>e-mails. The monitor program would grab the spam from my mailbox every
>10 minutes and the fresh spam shows up (which means it didn't get
>identified as spam yet) even if enough people later vote on that message
>being spam (because the copy of the message as retrieved originally
>wasn't yet marked as spam).

>
>If you read the v5 manual on "Statistics and your rating", you'll see
>Sunbelt allude to the "community" and your rating (which relies on you
>hitting the IsSpam button when you *do* see fresh spam to help other
>users but not you, and that sends info to Sunbelt/Cloudmark to update
>their database).
>
>Apparently Sunbelt decided to not bother with upgrading and improving
>the code branch for which they were allowed to keep (with Microsoft
>getting a code branch to use in Windows Defender), they decided to
>abandon that code branch and go with being a front-end to Cloudmark's
>service. See http://www.sunbelt-software.com/Press/releases/?id=103.
>

>> Interesting. I have to admit that I did not even know that iHateSpam
>> had this feature.

>
>It looks like version 5 decided to go the community voting route (and
>uses Cloudmark for the stats). So don't poll your mailbox very often,
>like an hour or more apart, to ensure someone else had done the spam
>identification so you don't have to do it.
>

>> I just bought it for it's filtering feature in Outlook - and it works
>> great.

>
>But other users have done the filtering for you by voting on the spam
>to identify it. So if you polled more often or were yourself the
>target of fresh spam (i.e., their zombies targeted you first rather
>than someone else) then you get the joy of seeing the spam to then vote
>on it so someone else can ride on your efforts.

>

>> I am almost at the point where I don't even feel as though I have to
>> check it's spam folder any more. I have only seen one legitimate
>> e-mail in there.

>
>You have legitimate e-mails getting moved into the spam folder?

> Those
>would be false positives and something that anti-spam programs should
>avoid. Losing one good e-mail is worse than getting one spam that
>leaks past your filters.