tlug: despam - a report on a spam blocker

tlug note from Jason Molenda <>
Thanks to the people who mentioned despam on TLUG a while back, I
checked it out.  Here is a brief overview I sent to other people
inside my company.


I installed a spam blocker here in Tokyo called 'despam'[1] a week
ago.  It is a perl script which which includes a large database of
regular expressions to detect spam mail notes (it looks through the
headers or body of mail notes for certain regular expressions).  It has
something like 1,500 or 2,000 regexps it checks against.

It is supposed to work under procmail[2], but I expect it should be
possible to use it with another filter with a little fiddling.

It is designed that it will be installed once by a sysadmin and users
would run "despam-on" or "despam-off" which would modify their dot
files to call despam for incoming mail.

The merit of any of these systems is how well they block the spam.  I
kept track of things for 9 days.  Over that period, period I was sent
117 spams, 79 of which despam caught (and 38 of which got past it).
Some of these 117 spams were duplicates; I counted all of them as
individual spams.  Two messages were marked as spam, but were not
spam.  They were digests (the nikon-digest mailing list) which had spam
in them, so I'm not holding that against despam.

So I'm pretty happy with the results of despam so far.  One drawback of
it is that it does eat some CPU time as it goes through the headers and
body of incoming mail notes for all of these regexps.  Another drawback
is that the spam block patterns are tied to the releases of despam, so
I'm not sure how frequently updated patterns will be released.

[1] despam home page

[2] procmail main ftp site

