Spam Filtering For Small/Medium Business? 453
or_is_it writes "The company I work for has been growing dramatically and I've been charged with the task of being the gatekeeper for our GFI Spam filters. This involves manually inspecting the subject line/to/from for all caught messages in each filter rule folder. For a company of about 50 people, in one day the number of spam messages can exceed 2,000. Neglect it for a day and you end up with quite a task on your hands. I've made the rules lax enough so important messages can go through, along with a few stray spams, for which I get bitched at. Tighten the rules up and then maybe an important time-sensitive email never gets to its intended recipient, and I get bitched at. Manually reading through all those subject lines is supposed to prevent that, but I'm only human and genuine messages can easily get overlooked. How do larger organizations deal with the spam issue? I can't imagine having one centralized person manually inspecting everyone's junk-mail header is the optimal solution. Purchasing a different commercial mail filter product is a possibility, but I'd like to hear some anecdotal evidence before jumping ship."
email != IM (Score:4, Insightful)
When will users learn...
Email is not instant messaging - with bad greylisting / random connection reset / busy server, you can get >=2 hours delay. And it's normal.
Power to the people :) (Score:5, Insightful)
1) Set up the system to put junk mails in a folder the user can see
2) Train the end user to check their junk mails
3) Show the user how to set the spam triggers high or low and what the implications are
If user says they're too busy/important, advise them that due to your workload, their email box will be added to the "manually checked list" which gets done once per week. Point out the impact of losing a time-critical email wrongly flagged.
Most times they do it themselves. For those who are dead set on having someone else do it, hire a temp or arrange for an office junior to do it.
If you're in IT, you have better & more important things to do than check for real mail in a junk mail box...
Nothing's perfect... (Score:3, Insightful)
I like the way spamassassin [apache.org] works - it can provide a rating for each message, which provides a mechanism for users to set the bar to their own preference, instead of having a single setting for the entire organization.
I'm not talking about using individual configurations for spamassassin, it's not realistic to expect most users to be able to deal with all the gory detail of spam filters.
Rather, spamassassin can set a header to indicate its confidence that a message is spam:It adds an asterisk for each "point" of spam score. Users should be able to create an email filter which picks off suspected spam and puts it into a separate folder based on a header like that. Maybe drop all 10+ messages centrally, and let users tweak a local filter to their liking, depending on whether they prefer false positives or negatives.
I use spamassassin as an example only because that's what I use. There are no doubt others which can provide something similar which users could filter on.
Re:Despite other issues (Score:4, Insightful)
It's really not that good.
Re:SpamAssassin (Score:4, Insightful)
When set-up with good rules and RBLs it blocks at least 99% spam with very low false positives (I've never had a false positive).
Send anything tagged as spam to another account such as spam@domain (I do this) then you can manually check for false positives to further reduce the chance of losing legit email. (or if a user complains that an email they expected never arrived)
Re:email != IM (Score:5, Insightful)
email is ubiquitous and easy. 99.5% of the time, it's nearly instantaneous. Should I really have to get an IM account on google, yahoo, aim, microsoft, etc.... so I can deal with time-critical messages? And, for that matter, should everybody else?
ARGH! Barracuda SPAM filter (Score:1, Insightful)
To me, Barracuda has become more a synonymous of spam. Sigh.
My REAL problem with Gmail/Google Apps (Score:3, Insightful)
I run email for several of my domains through Google Apps for Your Domain - essentially, Gmail. On my largest account, I get several hundred legit emails and 200-1000 spam messages each day. The problem isn't Gmail's filtering of this - it's actually damn good, with maybe 2-3 false negatives a week and maybe one false positive. Better than almost anything else I've seen.
The problem is that Gmail gives me NO options - as a user or domain administrator - to sift through the spam box automagically, looking for those false positives. You CANNOT access the spam box in any way other than their web interface, looking manually through your spam, hoping to see the occasional legit message that confused the filters and was labeled spam. (Okay, if you go the full IMAP route, you can apparently see it, but that's cumbersome in the extreme if your users aren't doing IMAP in the normal course of things.)
This borders on perverse. How hard would it be to allow POP to the spam box, so that I could suck down the messages and run my own filters on them? And what's with the lack of user filtering options? "Um, Google, here's a hint: I don't read Chinese or Russian. If mail comes into the spam folder in one of those languages, you just delete it and not bother me with it, OK?".
Dunno, it feels like a case where someone's high up in Gmail's design group has a religious or aesthetic conviction about how spam should be handled ("no filters...no settings...no controls...no access") that blinds them to how badly this works for users and administrators in the real world.
Re:Barracuda google Apps is better (Score:3, Insightful)