Once another computer on the Internet tries to contact the soaustin.net mail server, there are 2 lines of defense that come into play -- one that is applied across all our customers, and one that each customer can set up for themselves, as they like.

Our default sitewide filtering will get rid of sites that repeatedly, and insistently, send unsolicited commercial email for Viagra, vinyl siding, investment schemes, Human Growth Hormone, and so on and so forth. No doubt, if you've been using email for any time at all, you know exactly the pests we're talking about.

If you wish, you can also have your own list of "good guys" (you'll receive anything from them) and "bad guys" (you want nothing from them). By default, both lists are empty. Each entry in each list can be either an individual email address, or an entire site. (Entire sites listed on your blacklist might be candidates for promotion to our default sitewide filters.)

We also have installed a program called spamassassin that attempts to "guess" whether something is spam or not by looking into the message and looking for telltale signs like "viagra", "special offer", and a bunch of other rules. By default, this works by "labeling" rather than by actually "doing something different with the email". All this will do is add some "header" information to each mail about whether it might or might not be spam. If you get to the point where you trust the program's results, you can have us divert (or even delete) this mail based on its results. Or, if you find this too intrusive, we can disable it.

Let's try to use an analogy here. Your email inbox is your throne in your very own castle. You treat various supplicants differently as they approach. Perhaps this table will make this clearer.

Type of defense	Who controls it	Castle analogy	Tendency for false positives
Site completely blocked	soaustin.net	whether to pour the boiling oil	nonexistant
Site email blocked	soaustin.net	whether to pull up the drawbridge	low
Whitelist/blacklist	you (it's optional)	whether to open the castle gates	low to medium
spamassassin rules	you (it's optional)	whether to invite them in for dinner	low to high

By default, your individual email filtering is set to keep a backup of all email it receives (we empty that backup out after 7 days, though).

Now, spamassassin is a somewhat controversial program. It has a set of rules, and weightings for those rules, that attempts to generate a "score" for each email, and then compare it to a threshhold for spam.

Since it's using heuristical rules, it can guess wrong. I have found that it takes a week or two to adjust my own custom ratings for about 10 rules, and that I must maintain the "whitelist" of good users that I tell spamassassin to not use its rules on. With some work, I've found that my life has become much more pleasant. (Understand that as longtime email users, Chip and I are used to receiving between a dozen to several hundred attempted spams per day). It's quite good about spotting e.g. pornography scams, the Nigerian pigeon-drop scam, pill scams, stock scams, and so on, but can also trigger on things that are quite puzzling. It really depends on the spam that the creators of the program itself receive. Chip and I are interested in this stuff as a line of research. It's much more difficult to do something like this than one might suspect.

Thus, consider spamassassin like the mythical "dancing dog", where the amazement comes not from the fact that it performs well, but really, that it performs at all. It can, indeed, be very well-behaved, but it takes a fair amount of initial work and then some ongoing maintainance.

On to the filtering setup page.

Or, back to the SoAustin.net home page.