I have been using SF for a long time and the product has just gotten better and better. There are so many great filters and features that it does a terrific job of catching the majority of all spam.

Now I know everyone still has things they would like to see added to their wish list but I can only thing of one area that is not addressed at all by SF.

Submit As Spam
This has been mentioned before but SF really needs some method of submitting spam back to SF. When spam does make it through we really need a way to forward emails to a special email address on the SF server that will parse the header and body and flag this as 100% spam.

There are other things I would like to see added (like an interface for humans to use to create keyword/Regex flags) but while there are always ways to make a product easier to use just about every thing you need can be achieved on way or the other with the existing product.

If SF could learn from the Submitted As Spam feature this would reduce the time and effort required to go in and look at headers and manually add IP's to the black or build a lot of custom keywords or Regex searches.

Don't get me wrong having complete control over adding this information manually is fantastic and the SAS feature is not a cure all. But I see this as a capability that is sorely missing from a great product and would like to see more work in this area.

Lee

Since we are discussing the one thing missing I was going to see if Spamassassin had ever been considered, or at least a 'hook' so that those adventurous enough could get access to the message stream and put that through their own filtering after SF does its thing.

As Lee said SFI has been getting better and better and the things I used to harp about like greylisting have been replaced with something better in my opinion, namely the blacklist cache.

Keep up the great work Logsat!!

Roberto I am not familiar with all of the issues involved but it does seem that others are using pieces of this type of technology.

For example Spamcop.org has a spam submission capability and while I am not sure exactly what they are doing some how this info is making it into their database.

I have also used other spam blocking services that provide a Outlook toolbar/icon and it allows you to flag and submit those message back to them as spam.

1. For most users, the "outgoing SMTP server" in their email client configuration points to the "real" SMTP server used for the company, not SpamFilter.

Well I guess there are number of way to handle this and not sure what makes sense but a simple alias on the mail server could forward spam to spam@192.168.1.100 which would be the address for SF. I would suggest that SF ONLY respond to this email address (defined by the SF admin) to add new spam.

Also a field for Inbound IP address could be added so SF would only accept spam to the above email address and only From the IP defined for the internal mail server.

This is doable of course, but is not something that is "plug and play".

I think this is a very important point. In my humble opinion SF is fantastic but it is far from plug and play. As soon as you have to start creating Regex strings things can get ugly real quick.  I could create an entire thread on this topic alone but let me try to point out a few issues that I believe is important to whether SF continues to be a stand-alone "point" solution or a standard for ISP's.

Strength in Numbers
If you look at your own stats for your Spamfilter server you see that the majority of spam is blocked by MAPS servers.

64937  IP found in MAPS search
16230  IP address is from a blacklisted country
15726  SPF Sender Policy Framework match

So what does this tell us. It tells me that NETWORKING is the key to building an efficent plug and play spam filtering system. If I have to add every rule and and every IP to my own system then SF is not a less useful product.

If we didn't have MAPs and SURBL services then the amount of work involved would be more than anyone person could handle. So my point is SF has to become more automated, more connected and more "plug and play" to use your words.

I believe there are two (and more) ways this needs to happen.

1. The ablility to Teach SF what is spam.
Right now SF can slice and dice an inbound email more ways than Ron Popels vego-matic. Yet on a daily basis I have to go in and add IP's, keywords, honeypot addresses etc. At some point and ISP has to throw up their hands and start looking at Spam based service who will do all this work for them.

Spamfilter is a mature enough product now that it needs to start moving towards ease of use not more bells and whistles. Human intervention is very important in the sense that if I say its spam then my judgement is always better than any filter that SF tries to use. So SF should take my word for it and some how some way parse my submissions and at least make an attempt to use the IP, keywords, some thing to add it to the spam list.

2. Better Cooperation
I have brought this topic up before and its worth raising it again. The stats speak for themselves. MAPS servers work because they learn from each other. Logsat has a tremendous resource at its disposal but you are not taking advantage of it. And this is every copy of SF is a node, it learns and grows every day. But what is missing is the ability for MY SF server to learn from the experience of other SF nodes on the net.

Every Email server and Firewall now supports MAPS and other spam blocking resources. So if SF is going to be unique it has to offer some thing more than great filters.

If Logsat wants to build a killer app and to be able to compete with companies like Symantec and Trend which are a 1000 times your size then you have to leverage your strengths. And your strength is us, your loyal users who have stuck with you. Every user who downloads the SF Trial is a potental node and strengthens your position in the market place BUT only if that node is tied to other SF users. If SF were to focus on allowing SF servers to learn from each other this would put you in league of your own and beyond any other product on the market.

Roberto I don't have all the answers but I will say my comments come from 20 years of marketing in the computer industry. I have competed against companies like IBM, DEC and Microsoft and I tell you from experience the only way to not get crushed is to leverage your strengths. Playing the game on their turf is certain death.

I have a number of other suggestions I would make but they are better provided via phone. I want you to know that my suggestions are sincere and I believe in what you are doing. I admire your passion for your product and your users. My hope is that SF is even more successful and my comments are meant to encourage and help you in this effort.

Lee

Yea sorry for the long post. When I get on a roll it just comes pouring out.

But I am pleased that you found some interest in my input and that you took my suggestions in the spirit they were intended.

Lee

Hey how about supporting vbscript as well as regex as a filter. We are in a windows environment and cscript.exe is native to windows. Then we can have a trully powerful tool! What does everyone think about that?