1) custom-built-to-avoid-filters spam is not restricted to small emails, you can make a large one that is also tailored to avoid SA, in my experience SA misses just as much "large" spam as small, and I've seen roughly the same number of "tailored" small emails as tailored "large" ones.
2) small email can trigger SA just based on their headers alone. There's no such thing as "too short for SA".
3) a very large percentage of typical person-to-person emails are very short. "hey, want to get together for dinner after work", but a very small percentage of spam is short. Even including short tailored messages I get at least 50 short (1-3 line body) valid emails per short spam.
Overall I think size is a fairly poor indicator of emails trying to avoid detection. A S/O of 1/51 is truly horrific in the SA world.
If you're going to TMDA mail.. I'd say TMDA it all, or everything that passes SA. There's no tangible benefit in only doing it for "small" emails, SA can miss on both small and large mails and there's no such thing as "too small for SA to tag" anyway.
If you really want this functionality, I'd venture to guess procmail is powerful enough to implement it as a pure procmail rule, without need for changes to SA, but I'm not a procmail expert. (quite frankly if procmail can't filter based on message size, it would be a pretty lousy filter, and I know it's got a reputation as being very powerful)
Spamassassin will never have a flawless ratio.. it does pretty darn well as it is. And yes, razor and DNSBL's also have flaws, but let's face it, No spamfilter system that actually lets you receive valid emails will ever be 100%. Even TMDA will never be 100% since spammers can always set the return address to a valid server that will auto-process and respond. Unlikely yes, but it is still possible.
I'd rather put forth effort on adding features to SA which aren't likely to be already present in procmail. Better rules, faster processing, better GA scoring, better input data (corpus), etc.
At 09:16 PM 10/11/2002 -0600, you wrote:
matt <[EMAIL PROTECTED]> [2002-10-11 17:06:00 -0400]: > Really short spams are something SA alone isn't very good at. Fortunately > systems like Razor are wonderful at them, and the DNS blacklists help too:While Razor is great still someone must get the spam first. Which is unfortunate. DNS blacklists are also great but usually someone must get spam first before the spammer gets listed in the RBL. Probably for messages such as these that can't really be identified only the TMDA style of methodologies can prevent people from getting the spam in the first place. I wonder about the possibility of configuring SA to say that a message is too small to have enough markers to say one way or the other and by this facilitate procmail to a TDMA filter for those types of messagese. Bob
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
