Announcement

**tildearrow** · 11 October 2019, 05:18 PM

Originally posted by phoronix View Post

Rspamd 2.0 drops its external libevent usage to its own bundled libev implementation,

Good to hear. libevent has an unstable API.

**elatllat** · 11 October 2019, 05:57 PM

But how does it compare to the false classification rate of gmail? Can't we just ban all email not using OpenPGP/DKIM/DNSSEC/SPF/etc like how google forced https on everyone by down ranking http only sites.

**timofonic** · 11 October 2019, 07:03 PM

KANN library has been last updated over 9 months ago. In the days of GPUs, FPGA and custom silicon for neural networks, this library is CPU-only and I wonder why. Are they sure this is a good replacement? Are they forking KANN and make it use non-CPU hardware too? They already did minor changes in June and July, as you can see here.

Why not TensorFlow? It can use the GPU, for example.

**ssokolow** · 11 October 2019, 11:51 PM

Originally posted by elatllat View Post

But how does it compare to the false classification rate of gmail? Can't we just ban all email not using OpenPGP/DKIM/DNSSEC/SPF/etc like how google forced https on everyone by down ranking http only sites.

I've been meaning to set up something a little more elegant for years but I'm still having trouble finding the time:

Give every sender their own e-mail alias to send to. Treat them as revokable API keys. (This part, I already do using SpamGourmet and/or manually managed aliases on ssokolow.com)
Use a custom milter to bounce messages where the sender on the incoming message doesn't match the sender the e-mail address was given to.
In the bounce message, include instructions for requesting that your anomalous message get let through anyway. (ie. a CAPTCHA.)
Require unsolicited messages from strangers to be submitted through an HTML form that does some more traditional spam checks. (At the moment, I'm doing fine just forbidding things like HTML/bbcode link tags, the same URL appearing more than once, and e-mail addresses outside the "your e-mail address" field. If someone needs to tell me someone else's e-mail address, they can wait for me to reply and then send it in their second message, which will be a normal e-mail reply.)
Use the custom milter to rewrite outgoing messages so that the mail client doesn't need to be aware of the fancy system and sending someone an e-mail will automatically establish a From address for them to reply to.
Write a simple browser extension to add a "Create e-mail address" entry to the context menu for HTML form fields, which also establishes the new alias in a special mode which will cause it to lock its allowed sender to whichever domain it receives the first e-mail from.
As a last resort, have a GMail-esque self-expiring spam bin for each alias that can be browsed for situations such as "site sends e-mail verification e-mails and other communications from different domains."

SPF to ensure sender domains are reliable plus this kind of "whitelist system with a viable UX" approach is my "What now?" answer to the arms race that has developed around Bayesian classification since Paul Graham championed it over hand-written rules in the early 2000s.

Announcement

Rspamd 2.0 Released For Advancing Free Software Spam Filtering

Rspamd 2.0 Released For Advancing Free Software Spam Filtering

Comment

Comment

Comment

Comment