Friday, May 27, 2005

Spam Shredder

I've been working with Webroot Software's Spam Shredder product. Spam Shreder (SS) is a program that runs on your PC and is in effect a semi-transparent POP3 mail proxy that passes through just the non-spam messages.

After installation, you configure SS to point to your real POP3 server but without any authentication details. You then point your mail client to your own computer (127.0.0.1) but to a special port that's opened by Spam Shreder. Your mail client then connects to SS thinking it's the real POP 3 server - SS just passes the authentication details direct from your client through to the real POP 3 server.

As SS gets each mail from the real POP3 server, the message is analysed and if NOT spam, it gets delivered. If SS thinks the message really is spam, it passes your mail client a dummy message which you can just throw away. The reason for this is simple: when your mail client asks the server for how many messages exist, SS can't know how many are spam - so it's got to send one message to the mail client for every message on the server. In my case, I just drop the dummy message.

Interestingly, although SS installs to a local machine, and appears to be just local, it does work across the network. I pointed my mail client on my laptop to SS running on my workstation, specifying the special port created by SS. It is a little slow, and I find my mail client sometimes times out and drops the connection to SS.

SS itself quarentines suspect mails - you can view the quarentine and ask SS to deliver non spam messages - or delete the rest. You also get a list of mail delivered, which you can tell SS is or is NOT spam, and the more spam it gets the more accurate it becomes. SS also has white/black lists - so some senders can get straight through, while black listed senders do not.

My results are pretty good. Thus far, there have been a couple of false positives, but out or a total of 244 mails, 2 were false positives, and 151 were dropped as spam. The two that were false positives were ones that came from a mailing list, contained lots of HTML and other junk. Both false positives were put onto the white list so won't be dropped again.

I'll have to do a more thorough test over the coming days. Oh - and the cost is $29.95.

1 comment:

Absoblogginlutely! said...

popfile.sourceforge.net is also a good and comparitable product (and free). Also gives you rudimentary web access to your mail too if you needed it as the admin interface is via a web browser.