Hacker News new | more | comments | ask | show | jobs | submit login

How effective would it be to self host your mail regarding spam?

In gmail I guess that once a few peeps click "Report Spam" on a mail that passed filters, similar mails are also flagged as spam in other accounts. I've always found gmail extremely effective at this, and I practically never flag mail as spam myself.

Sure, there are automated spam filters to configure, but overall wouldn't going alone make things much less efficient on that topic?

It's less effective for sure, but depending on your situation it might be good enough. On email systems I maintain the only filtering I set up is AV with Clamav. One reason for this is my huge dislike for solutions that statistical filtering provides -- you end up having to check the spam folder or whatever anyway. I just don't see the point. The only solution I think is a real proper solution is for spam never to hit any user mailbox in the first place, but that will probably never happen. So just I limit spam filtering to checking strict SMTP compliance for the messages (message format) and Spam Haus filtering as the last measure. I can't imagine any legitimate email ever tripping format/protocol checks, and I was amazed how much spam just those checks eliminated. Spam Haus cuts on that a little more. Sure there is still spam hitting the inboxes, but I think it's manageable (haven't had complaints), say around 30 messages/day for a busy address (for example, the main address [relatively widely published and always unprotected] of an international organization). YMMV of course.

EDIT: Greylisting would probably cut down on this further drastically, but I'm just too lazy to implement because no one complained yet about too much spam. :)

I couldn't imagine not filtering my mail. I hate seeing spam too much. To a point where minimizing it is an obsession. I spent a considerable amount of time on this about 10 years ago, but very little since [1].

Anyway, just did a quick search through mail.log and in the past 24 hours, I got 4017 SPAMS that were rejected at SMTP time by Postfix [2], about 40 SPAMs got through those, but caught by SpamAssasin [3]. 0 spam delivered to inbox. 0 false positives. 126 legitimate mails.

I'd looked into greylisting some years ago, but never implemented because I didn't like the idea of delivery delays.

So I'm in complete agreement with you regarding how effective SMTP level checks + rbl are, but I disagree regarding statistical filtering -- Bayes was key for me to getting 100%. I had put off adding this layer for years, because I didn't fully understand or trust it, but now I'm a believer. Also, once trained, it just works. I rarely look at my spam folder. Retraining is easy, I just drag a rare false positive/negative to HamCaught/SpamMissed folders then nightly training script auto learns.

[1] I was an email admin at a local gov agency, then tried to get into email hosting biz, so it wasn't just personal obsession.

[2] Using things like standard helo/client/sender/recipient restrictions, with very few custom rules, and rbl check using spamhaus.

[3] SA + razor/pyzor/bayes, again with very few custom rules.

There must be a spam filtering as a service? Send anything that wasn't signed and/or you're not 90%(?) sure isn't spam?

There was Postini, which Google bought. You'd set your MX record to them, and they'd forward your non-spam email on to your SMTP server.

We use Postini at work and it is terrible. Normal Gmail filters are much better. I hear Google is replacing Postini with something they developed themselves.

Maybe having an online database of spam emails that every self hosted mail can access could be an answer.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact