We've talked about this issue before, but I wanted to focus more on it. Lately I've been using my SPV (Microsoft Smartphone) to check my Pocket PC Thoughts email. I have to say I'm totally addicted! The size and one-handed operation, for me, is light years beyond checking email on my Pocket PC. The problem is the spam. SO MUCH SPAM! 8O I'd estimate that a full 25% of my PPCT email is spam, and it's much worse on my main email address (over 50%). In this regard, I suppose that the silly limitation that the Smartphone has of only having one email account seems like somewhat of a blessing.<br /><br />So this got me to thinking about anti-spam solutions on the Pocket PC. There aren't any that I'm aware of. On the desktop side of things, I've started using a new solution called <a href="http://popfile.sourceforge.net/">POPFile</a>. It's an ugly, ugly solution that I could never recommend to my mom or anyone other than a hardcore geek, but it's amazingly effective at blocking spam - over 93% accurate now, and climbing daily. But back to the topic at hand...<br /><br />I've heard of server-side solutions for email on the desktop PC, but the few I've tried were utterly horrible. Being the control freak that I am, I also have a hard time giving control of my email over to an external party. I'd much rather have a client-side solution that allows me to confirm with absolute certainty that the email I'm deleting really is spam. Now as this relates to the Pocket PC, what sort of solution do you think would work best? A client-side tool that would somehow plug into Pocket Inbox and would let you tag spam if the filter didn't catch it (think Spamnet or POPFile), or would you want a server-side solution that would take care of the spam blocking, giving you the filtered mail?

At home, I have tried sooo many solutions...

Unfortunately, until they become 100% accurate, I still wind up having to go through the "filtered" messages to see if any legit emails were intercepted...

So, at home I just don't use anything - I delete as I go...

Anyway, back to the question at hand:

On the Pocket PC, Pocket PC PE, or Smartphone, I would tend to think the best solution is a server side app (especially if you are paying for the amount of data you download). But I would still want all intercepted messages saved so that I could go through them later...

Steve

I prefer a server-side solution for my PPC mainly b/c the less email I have to receive, the less data I eat up via GPRS... Now on the desktop, I prefer a client-side tool... Might be interesting to ask what type of spam-killing tool people prefer on the desktop to contrast with the PPC...

I have a similar problem with my T-Mobile Sidekick. I never use the T-Mobile-provided email for any thing. I simply use the device's POP3 polling features to access my regular e-mail.

Now... I get literally 150 to 200 spam messages per day. I have stripped that down to about 5 per week using McAfee Spam Killer. It runs on my PC at home 24/7 (DSL at home), and is by far the most effective anti-spam tool I have ever used.

I personally hate anything from McAfee... they love to shove their own nagging software down your throat when you install some of their stuff (their Security Center applet, for example), but this tool is SO effective, I live with that.

I have it poll and filter every 2 minutes, so the liklihood that my Sidekick will poll the account with any amount of spam in it is pretty slim (the Sidekick polls every 15 minutes, or on demand).

It works like a charm. And, often times Spam Killer can be had for $10 or less (even free) after rebates at CompUSA.

Server side is the only way to go, but I control the mail server. I do occassionally go through the filtered mail, and usually have to pass a few messages through manually. A few mailing lists my wife is on reguarly get caught, and they keep changing the from address, so whitelisting them doesn't help much.

For a mobile device, server side is the only way. If you had a client side solution, you would only be able to filter based on headers, and I bet you'd still get a lot of spam. One possible solution (for a normal person) would be to only allow mail from people in your contacts through to your mobile device.

I would also vote for Server Side when on a remote device.

If you're on DSL/ADSL/Always On, I use my own mail server for downloading my email, it filters out spam (to about 90% accuracy, but it's better than nothing) then I just collect mail from my home server if I am out and about.

That way I get my mail, with very little spam....

Of course you need to run a mail server, but Mercury (www.pmail.com) is free, and a dynamic dns solution - again free, so it's really not that difficult.... plus you stay in control of your own mail.

castration sounds like the best solution to me.

castration sounds like the best solution to me.

Quote from Ripley and Lt. Hicks:
"I say we take off, nuke the site from orbit. It's the only way to be sure." :onfire:

I think server-side is critical for checking email over a cell phone. But I think it's best if it's user-configurable, not a one-size-fits-all solution. I don't like other people deciding for me what I do and do not want.

All my mail goes through a Spamcop.net server which holds back the spam for me to review when I want to and delivers everything else to my inbox. I probably only get around 10 messages get though that shouldn't, it doesn't get many false positives, I can only think of one and it's a newsletter from a DVD shop that I should just unsubscribe from. Anything it does catch that it shouldn't I can whitelist. All in all it's reduced my spam incredibly and it's only a few dollars a month.

I guess you could call mine a server side solution as my spam control is based on running my own mail server and being very particular about who gets my email addresses.

Since I've had my own domain (1998), I've been doing the "plain text encoding" method of controlling incoming email. No one but people I trust get my "real" address, everyone else including this site get unique addresses just for them with their name in it.

I still get some spam however, but it's very rare and typically comes in in the following ways:

- From old domain records (Thanks Network Solutions! :?)
- Random guesses from spammers. Typically marketing@mydomain or sales@mydomain. I've turned those addresses off now
- Stores that were one reputable but now spam like there's no tomorrow. Most notably, Drugstore.com ... I bought something from them 3 years ago, and within the past few months they've spammed me 3-5 times a week. That address is dead now too.

This obviously is not a solution for 95% of the people in the Internet however and that really sucks. I was home this weekend and spoke to my mom and sister about their email and both are bombarded by porn spam on a daily basis.

It's infuriating to see how predatory the Internet has become.

I guess you could call mine a server side solution as my spam control is based on running my own mail server and being very particular about who gets my email addresses

Wes,

I do the same thing. The biggest draw back is when your out someplace and want to sign up for something - but of course the email address doesn't exist on my server yet.... If I make it up on the spot, I WILL forget to create it later. So I've create 2-3 general addresses that I use for places that require an email address. So when I'm out, I can use one of those to sign up.

The only spam I get is from a couple postings 4 years ago to a mailing list. All my spam is coming in on that address. :(

You have to know me to get my personal address. (Or know enough about me to guess what it is ;) )

I think the best solution for portable devices is a server side control that filters out spam, however there has to be a client side control that tells me how many messages got filtered, and allow me to grab those if need be.

Of course, the best solution would be no spam.... but I don't think we'll ever see that happen. :evil:

I use the online mail service FastMail.fm, which in turn runs the SpamAssasin engine. Since FastMail allows you to use your own seive code I'm down to maybe one spam a day.

SpamAssassin (www.spamassassin.org)-based solutions are indeed incredibly good. I have it running on my server, and all it does is to tag mail. I then set up a filter that puts it in a separate folder, which I check every so often. I think I've gotten 1 false positive out of many thousands of pieces, and that 1 false positive was a totally template mailing list thing that probably should be spam. :lol:

In the meantime, it filters out 95%+ of my spam. I now get surprised when something manages to come through -- the Bayesian Leaning is superb after a few weeks of training. However, as others have said, it's not for everyone. Unless you have your own server on which you're willing to do a little UNIX administration, or a solution like FastMail, it's not going to be so convenient.

--janak

Since i don't trust server side filtering i came up with my own solution. i signed up for spamnet which is very acurate and lets me control it. for $2 per month u can't beat it, unless u wanna install and run spamassign. since its a client side, i run a session on my terminal server at home which has outlook running 24/7 connecting to my exchage server. it runs in the background and i don't even use that session. so when i do login with my pocketpc or with my workstation email is already filtered. i check the spam folder once a day and remove any messages that i want to keep. then i purge the folder.


alex

Absolutely server side spam filtering, especially over pay per/MB connections like GPRS. I use Message Labs for a number of my clients, and everyone is extremely happy witht that service (no affiliation other than satisfied customer).

Now, as far as Smartphones go.....when can us normal folk get one? So much hype for so long, yet still vaporware. Hopefully I'm putting my foot in my mouth, as they are already availible (in the USA) and I just don't know it :oops:

-Brian

You forgot thermonuclear missiles :twisted: Never forget the nukes!

Oh all right if you want me to be serious. :razzing:
Neither. Seriously. Putting it on a server is going to end up driving costs up for the end user killing e-mail\instant messaging\and any other form of online comm. Putting it on a client still has the same result as we have now: a huge % of the net's traffic is SPAM. A techno solution is a Band-Aid fix for the time being but the patient is still going to hemorrhage to death in the end. Swift sever legal penalties need to be applied. IMHO I consider SPAMING a low end form of a cyber attack. *sighs* I HATE government intervention in this, but unfortunately when someone can send out a million e-mails at the click of a button why should they care? Something HAS to be done soon before our bandwidth is swallowed up by SPAM. Then again I consider the CD's from AOL that I get in the mail worse then e SPAM but that's another discussion. :razzing:

I use the online mail service FastMail.fm, which in turn runs the SpamAssasin engine. Since FastMail allows you to use your own seive code I'm down to maybe one spam a day.
SpamAssassin (www.spamassassin.org)-based solutions are indeed incredibly good. I have it running on my server, and all it does is to tag mail. I then set up a filter that puts it in a separate folder, which I check every so often. I think I've gotten 1 false positive out of many thousands of pieces, and that 1 false positive was a totally template mailing list thing that probably should be spam. :lol:

In the meantime, it filters out 95%+ of my spam. I now get surprised when something manages to come through -- the Bayesian Leaning is superb after a few weeks of training. However, as others have said, it's not for everyone. Unless you have your own server on which you're willing to do a little UNIX administration, or a solution like FastMail, it's not going to be so convenient.

Can you tell us more about the individualized (personally-trained) Bayesian filtering extension component of SA, it sounds awesome. Also, what mail server are you running? I haven't gotten that far yet, and FastMail is delayed in their SA upgrade plans (unfortunately JHoward got RSI -- and yes I forwarded JDunn's "alternative" RSI treatment FWIW). Not that I'm complaining, FM is the best thing there is short of in-house server (I love the flexibility of my Sieve scripts!).


P.S. Many people seem to consider individually-trained Bayesian filtering alone as the sole solution to use (being viewed as the next evolutionary leap if you're willing to spend the training time), others swear by Cloudmark alone, yet others use C/R whitelisting alone (as there are products focusing solely on each specific technique). Some stick to "classical" (v1) SpamAssassin methodologies. I guess it's best to use latest SA that employs multiple techniques (except C/R and such)? Then again at a glance the different techniques don't always seem compatible (i.e. not the case if you combine method A + B you get twice the effectiveness) and in fact could seem to hinder each other? I'm just talking theoretically/philosophically :D

Been mumbling about how great choicemail is for almost a year, but since it ain't free no one round here has tried it.

among its other attributes, it runs as a local pop3 server that can also allow access from other computers... open a port to it through your firewall and you have global access to mail that is filtered on your home machine

Can you tell us more about the individualized (personally-trained) Bayesian filtering extension component of SA, it sounds awesome.
http://www.paulgraham.com/spam.html

I simply have one e-mail for friends and trusted companies, and one hotmail account for the rest. I did start to get a whole lot of junk mail at my hotmail account, but I solved this by following the remove-from-list-instructions on every e-mail where it was possible. I've heard that it just verifies your address to the spammers, but it helped! Now I don't get more than one spam-mail every three days or so.

Can you tell us more about the individualized (personally-trained) Bayesian filtering extension component of SA, it sounds awesome.
http://www.paulgraham.com/spam.html

Hi thanks Marc. Actually I already know about Bayesian (and that link), I was just curious to find out firsthand info about the specific package/implementation bdj was referring to that's supposedly in SA (I'm just assuming -- I'm only familiar w/ the older SA implementation used with FastMail so I don't know what all the latest extensible features available now).

Outlook users, check Spammunition. My old e-mail address would get 18-19 spams a day and it would stop them ALL. I've had about 3 false-positives in about 1200 emails (mostly registration type stuff) and about the same number that it didn't catch. I don't bother looking through my filtered mail folder, only once every few days or so. It's a Bayesian filter too.

http://www.upserve.com/

P.S. Just for completeness here's the overview link www.paulgraham.com/antispam.html

And his list of Bayesian filters www.paulgraham.com/filters.html

Which of course lists SA's B. classifier http://spamassassin.sourceforge.net/doc/sa-learn.html that I should've just read up more closely, sorry :)

A quick question, does anyone know what the "This is spam" link does in Yahoo Mail? I don't think it's to train your own individual B. database, I think it just helps them to collectively improve SpamGuard's centralized DB/algorithms?

Hi thanks Marc. Actually I already know about Bayesian (and that link), I was just curious to find out firsthand info about the specific package/implementation bdj was referring to that's supposedly in SA (I'm just assuming -- I'm only familiar w/ the older SA implementation used with FastMail so I don't know what all the latest extensible features available now).
Oh, I see.

My email provider (gmx.de, freemail and pay services) added some significant spam filter sytems last week, including SpamAssassin and Bayesian filters. So far it seems to work very well, but I cannot tell much about the technical implementation.

^ Heh everyone's sick of spam, especially AOL:
www.nytimes.com/2003/05/20/technology/20SPAM.html?th=&pagewanted=all

Next ISPs will institute mandatory and exclusive C/R whitelisting for all their customer emails :D

I use the online mail service FastMail.fm, which in turn runs the SpamAssasin engine. Since FastMail allows you to use your own seive code I'm down to maybe one spam a day.

Fastmail was the answer to my prayers. I needed a web-based email, and I was so sick of Hotmail. The interface and the ads on Hotmail are offensive, insulting, and annoying.

I've been using fastmail.fm for about a month and I really like it.

Someone at the Nonags (http://www.nonags.com) forums mentioned this thread; lots of info here, thought I'd chime in my own.

I upgraded from the Treo 270 to the SprintPCS Treo 300 last week, including the addition of unlimited wireless web access. I access both POP and Hotmail with 2bAnywhere (http://www.2banywhere.com/welcome.htm) (free for now). Spam is a constant problem...

At home I use MailWasher (http://www.mailwasher.net), an excellent anti-spam program. It's totally free for use with one POP account, about $20 for unlimited use on POP, IMAP, and HoTMaiL accounts. I currently use it block/delete spam from 3 POP accounts and 5 HoTMaiL. I could run it about 20/7 (who wants to get kicked out of a AOEII session to deal with a dialog box?) but I've decided to setup a barebones PC on the home network with a KVM switch and dedicate it solely to fighting spam.

To justify my project, I'd like to extend this anti-spam opportunity to a few select friends and family members who still think spam is a processed food product. By involving other people, I'm inherently involving their account names and passwords, so here's where the questions begin.

I need suggestions on how to setup a web-based account creation system that will allow a user to fill in a form with account info, encrypt (specifically, password encryption- I would never ask to know anyone's password), and encapsulate all this into a file stored on the webserver. The theory is that the Anti-Spam PC will download any new account files at a specified interval, import them into MailWasher, thereby blocking/deleting spam from those accounts. I've spoken with some people at FireTrust (the folks behind MailWasher) and I think they can help me out with automating MailWasher's Account Import feature. (PS... There are tons of spam clients out there, I'm using MailWasher because of it's ability to block spam from HoTMaiL)

Any ideas? I have moderate web experience but I can't quite figure out what's necessary to encrypt the info from the webform and encapsulate it into a downloadable and importable file.

If I were to apply some delusions of grandeur I might hope that this could turn into a project worthy of sharing with others; I'm sure Spamhaus and their confederates would be willing to help out with publicity. But again, that's with delusions of grandeur applied.

Last thought... maybe this exists somewhere out there already and someone will tell me that I've bored you all for no reason. Either way, I would appreciate any thoughts you guys have.

^ Heh everyone's sick of spam, especially AOL:
www.nytimes.com/2003/05/20/technology/20SPAM.html?th=&pagewanted=all
Saw this from FastMail, seems to partly explain rationale behind AOL's move:
www.theregister.co.uk/content/56/30808.html
www.lurhq.com/sobig.html

Metamorphic viruses delivering trojans installing anonymous proxies for spam (which haven't been detectable by AV apps and whose URL switching makes it hard for analysts to track), scary... since Aug '02 - Jan '03... virus writers helping spammers, spammers in bed with virus writers... the end is near, armageddon is upon us all :byebye:

P.S. While discussing spam, how come the last couple of PPCT forum notifications have been classified as spam by Yahoo SpamGuard (admittedly both were for a particular thread, that Japanese 3G video streaming thing)?

I've been looking/playing/testing a mail server named Mdeamon from http://www.altn.com and am quite impressed. In the next release(Which was due today, but I haven't seen it yet) it will natively support SpamAssin. I have been using a freeware,Windows converted version I SpamAssin with it, and it works pretty good. To give an example....

MDaemon supports RBLs...I was using those for awaile, but it seemed as time progressed they became less effective. Initially I was getting 30-40 pieces of SPAM a day. Added the RBLs and this dropped to maybe 5 pieces. After awhile the total pieces of SPAM stated creeping up, until I was getting perhaps 50 a day! Since training SPAMAssin, I have not received a single piece of Spam that was not flagged as SPAM.

I admit, it took me a week to train it, but even before training only one or two false positives. I could understand these as well as they were html based email adds from companies I buy hardware from.

Recently they released a plug-in for Groupware, so that you can use Outlook and even share your calander, tasks, etc...(You could use Outlook before, but just as an IMAP, LDAP, SMTP client).

It also has a really good Web Interface, one of the best I have seen! Supports compression, and SSL as well.

Last but not least.... It even will auto-detect a PocketPC connecting to the Webmail, and format the page for PocketIE!!!
Priced quite nice too, and has options like...

Anti-Virus
Fax/Email gateway
Groupware (Outlook)(It's an add-on option)

Oh, and included is an agent called ComAgent, which includes an IM client to IM the other users on the Mailserver. Also notifies of new mail, etc... They even have a Java based version of ComAgent for Non-Windows computers. Worth a look....for small and medium sized companies...Lots of features, and priced right...

^ Wow that looks excellent thanks for the mention. I think I've heard of MDaemon before but never checked it out!

Some questions if you (or someone) have the time:

- Is MDaemon AntiVirus already built-in to the MDaemon Pro version, or is it still a separate pay option?

- What do you think is the best way for Outlook integration w/ MDaemon Pro: MDaemon GroupWare or Bynari InsightConnector (which MDaemon Pro also supports w/ ACL: www.altn.com/Products/Features.asp?product_id=MDaemon#47 )?? Both are software to be installed on each client. I happen to already use InsightConnector but admittedly it's client licensing costs a bit more than MD GroupWare. Actually I'm not even sure what all the features MD GroupWare provides -- does it only enable MDaemon users (via the WorldClient web-based client) to access/share Outlook PST data, or does it actually allow Outlook to sync directly to the MDaemon server (thus not needing to use WorldClient in the office)? Sorry if that doesn't make sense.

- Is the MDaemon server custom-built from scratch or is it a port of some server engine, I'm just curious?


FYI I had been considering Bynari's InsightServer (new v4.0 just released), a Linux mail server based on proven Cyrus that also integrates w/ Outlook via InsightConnector as mentioned above: www.bynari.net (both TX companies heh). The server part is cheap (and of course no Windows OS fee) -- their bundled pricing (including the LDAP client) seems roughly comparable to MDaemon Pro alone for smaller paks but definitely doesn't scale up as cheaply! Anyways MDaemon Pro 6.8 seems to offer quite a bit more features though and would be easier to use/admin than on Linux...


EDIT: Now this is strange, between the time I looked up Alt-N's website and after I finished my post, the long paragraph at www.altn.com/products/features.asp?product_id=MDaemon describing MDaemon Pro's support for Bynari InsightConnector seems to have totally vanished. Thus my first link above in this post no longer works. Can anyone still find it? :confused totally:

You can still see the mention on this feature chart: www.altn.com/Products/Feature_Chart.asp?product_id=MDaemon ("Support for InsightConnector from Bynari Inc.") but that's it...

Well this explains the MDaemon - Bynari relationship: www.serverwatch.com/news/article.php/1482141 :) I wonder though if MD GroupWare can only work specifically w/ MDaemon server (which would make sense) whereas InsightConnector can actually work w/ many IMAP servers (heck I'm using it right now with FastMail which is also based on Cyrus).

Stalker's CommuniGate Pro also might be worth checking out ( www.serverwatch.com/news/article.php/1477971 )...

Lastly wouldn't it be great if MDaemon can integrate a Sieve interpreter to replace the current Filter Editor?

OK never mind, the Bynari InsightConnector description is back up on that Alt-N web page... almost seems like their domain's resolving to multiple load-balanced (round-robin) web servers dishing out slightly different pages :D (Or maybe they just changed it.)

Unfortunately though, from brief search at both Alt-N & Bynari forums it would seem the latest InsightConnector is no longer 100% compatible w/ the latest MDaemon server as the two developments didn't stay in touch so to speak? Then again posts there also seem to suggest that MD GroupWare only syncs NON-EMAIL Outlook items while leaving mail items to be handled natively by Outlook, and that this thus requires the user to still deal with 2 separate PSTs in Outlook, unlike InsightConnector's integrated approach (that mirrors standard Outlook setup). Not to mention I already bought IC licenses...

OK I've gotten as OT as possible and am boring everyone. Sorry, just wanted to complete the info instead of leaving it at my previous post.

P.S. Here's that Bynari section. Sounds almost identical to their MD GroupWare description :)
Support for InsightConnector from Bynari Inc.

An exciting plug-in from Bynari, Inc called InsightConnector is available for Microsoft Outlook users. This plug-in adds ACL support to Outlook's IMAP capability and also allows you to use MDaemon as a complete replacement for Microsoft Exchange Server. With MDaemon, Outlook, and InsightConnector you can completely replace Exchange Server with no loss of functionality. Users can share calendars, contacts, to-do lists, and everything else previously only possible with an Outlook/Exchange Server combination.

MDaemon has been enhanced in the following ways to work well with InsightConnector:

A new switch added to the Shared IMAP Folders GUI will allow you to configure an alternative to the / char which MD will use to delimit IMAP folder strings. For example, if / is the delimiter char and '#Test/Test2' is a valid IMAP folder then 'Test2' will be considered a sub-folder of '#Test'. This is the default. Byani's InsightConnector expects a . (period) character as the delimiter so this configuration setting was provided for that situation.

MDaemon's new ACL support within its IMAP server works well with the ACL support added to Outlook by InsightConnector.

Speaking of SPAM (Not exactly on-topic, but close :wink: )...

Microsoft Chairman Bill Gates weighed in on the spam debate for a congressional hearing Wednesday, outlining in a letter the legal measures he believes are necessary to stop junk e-mail. (http://zdnet.com.com/2100-1105_2-1008862.html)

Steve