Big Spam and SpamAssassin

SpamAssassin isn’t catching a selection of my spam these days, and the problem is because spam is getting bigger. jwz discovered this back in March. I read his post then and thought it was interesting, but only recently has it begun to affect me. Upgrading to the latest SpamAsassin release didn’t help either.

No, you have to make SpamAssassin process messages larger than 250K in size. So what’s a better upper limit? I’m not sure there is one… any that you set will just raise the bar for spammers to match; as long as their spam is 1 byte bigger than your limit, they get a free pass and can literally send you anything, regardless of your filters.

Incidentally, this spam is also passing my Greylisting filter, so it’s coming from a legitimate source and they don’t mind resending these massive messages either. It’s got to be expensive though— 250K or larger messages that are sent to thousands or millions of people can’t be cheap.

Ah, but what do they care? Chances are this stuff is coming from a zombie PC on some DSL/cable connection anyway. I wish ISPs would be more proactive at finding infected computers like that.

It’s ironic how that now that I’ve purged my house of Windows, I’m still measurably affected by it and it’s flaws on a daily basis. We all are.

TrackBack

TrackBack URL for this entry:
http://bradchoate.com/mt/feedback/tb/1366

2 Comments

Paul Tomblin said:

I set my MTA to reject any mail that's bigger than the limit that SpamAssassin will deal with.

Brad Author Profile Page said:

What about legitimate emails with attachments you get from people? I guess you have all of those whitelisted or something?

About

This article was published on July 9, 2006 2:32 PM.

The article previously posted was Daily history files for Bash.

The next article is Pulling the cable plug.

Many more can be found on the home page or by looking through the archives.

Powered by Movable Type