Thoughts on W32.Sobig.F@mm and spam

Thoughts on W32.Sobig.F@mm and spam

I have a spam filter tuned like those Honda Civics you see with a lowered suspension and a 400 horsepower motor. It's not pretty, but it works:

I get about 200 messages per day in my spam folder. I get 1 or 2 pieces of spam per month in my inbox. False positives are about as common as false negatives -- invariably a mailing from some commercial site with which I'm doing business -- and easily trained away.

I haven't really worried about spam since this got going. Every time I get a false I retrain it, and it's definitely getting better over time (e.g. false positives used to be closer to 5 per month). I do encourage everyone who can to set up a similar system. I feel sorry for those who can't, and kind of wonder about those who can but don't.

A while back, before this setup had really hit its stride, I went through my site and fixed up the email addresses to all be non-functional without some human intervention (try clicking on a link to see what I mean). This had absolutely no effect on the amount of spam I received. My guess is that spammers already had my address in their lists, so all I was preventing was the address being picked up by new scans.

However, I haven't received a single instance of the Sobig.F virus. I've received bounces from it, but no copies of it. From this I deduce:

So the long and short of this is, if you want to avoid this kind of worm:

and if you want to avoid sending this kind of worm: