ASK Me No Questions, I'll Tell You No Lies

by Chris DiBona

I give up.

I tried.

I really did.

But I don't have the energy for it anymore.

Yes, I'm talking about spam. I've tried them all--spambayes, spamassassin, freakishly complex procmail recipes, weird dæmons, collaborative filters and the rest. None of them work. Or, all of them work but only for a short amount of time or only for someone else--not me. My usage profile is such that it is very difficult for any spam fighting technique to work.

The issues are as follows:

  • I receive a lot of "stranger" mail from viewers of my segments on TechTV that I want to read. I also get mail from reporters and others who are interested in this or that, but who have never corresponded with me before.

  • Much of the incoming mail comes from domains that the spammers seem to enjoy spoofing from: AOL, Hotmail, Earthlink and so on.

  • I get HTML mail, attachments and all kinds of multimedia, thanks to the work on our game, Rekonstruction.

  • I get bulk mail in the form of mailing lists to which I subscribe.

  • I've used the same e-mail address now for some 8 years and have published it in countless emails, articles, on television and the radio.

In fact, the only way that my mail could be more difficult for a spam filter to clean is if I worked for Pfizer on a certain pill for, um, nevermind. Spambayes did a nice job for a long time--few false positives, not a lot of spam hitting the box--but over time it got worse and worse. Spamassassin similarly lasted only a few months and gave me more false positives than I could stomach.

Going without a spam filter, however, is e-mail suicide for me. For instance, in the 48 hours since I turned on ASK, I've received 1,188 spam e-mails. This means if I don't do something about them, I will be forced to delete broad swaths of mail, which means I'll be deleting legit email by accident.

ASK is the Active Spam Killer. I run it as a procmail recipe, but you can run it in a number of different ways. ASK is a functional, simple, confirmed-sender only e-mail filter. Basically, if I haven't gotten e-mail from you before, you get a nice e-mail asking you to reply, thus confirming you are a human and not a subhuman, lice-infested, vomit-smelling, loser spammer. ASK also comes with a program to scan your mboxes to derive e-mail addresses. I ran this against my historical archive, and it found 12,000 or so e-mails from people who have e-mailed me over the seven or so years since I started storing my e-mail.

I first was exposed to ASK as part of an e-mail conversation that included Kirk McKusick of BSD fame. Initially, I was taken aback by the finality of such a system, but over the past few months, I determined that Kirk is right--I simply don't have the time to mess around anymore. If I know you, don't worry, your e-mail goes through; if I don't, ASK requires one step that you need to take only once. I don't think this is a lot to ask of people who e-mail me out of the blue.

ASK is easy to install. With a fast download and RPM installation, and it was in place in no time. It took about 20 minutes to scan my past folder archive and generate the whitelist, and then I turned it on. I'm also running spambayes to deal with some of the more egregious viruses that spoof the names of friends, which sewed up a few holes in the process. ASK is written in Python, so you need to have that installed first, but Python comes standard on so many distributions that this requirement is hardly a hurdle.

Since installing ASK, around five pieces of spam have made it through to my inbox. All of them were viruses spreading from spoofed addresses of friends. One even came through with the spoofed address of LJ Editor in Chief, Don Marti, which led me to turn on the spambayes prescanning. The sad thing about using such a draconian system is I know some people won't reply to the ASK confirmation e-mail request. I'm okay with this, it isn't as if I'm not missing some email from folks as it is with current spam technology.

The only way to win this war is not to play, so I've stopped.

Resources

ASK can be found at www.paganini.net/ask/.

Chris DiBona has been using Linux since early 1995 and is proud to have had an active role in its growth, development and promotion. Formerly director of marketing for VA Software, DiBona currently works for OSDN (a VA Software subsidiary) as an Editor for Slashdot.org. Mr. DiBona has presented on Linux and open-source software countless times in the US and along the Pacific Rim over the past three years. Additionally, he was co-editor of the seminal work Open Sources: Voices from the Open Source Revolution, which won the Linux Journal Book of the Year award the year it was published. His personal home page can be found at http://dibona.com.

Load Disqus comments