>> I check my Gmail spam folder about once a week to see if it had any
>> false positives.  I gave up running my own mail server as Google does
>> a much better job.

I've always considered having to check your spam for false positives to
make having anti-spam filtering a waste of time.  Not to mention it
being a denial of service if it does snaffle up real mail.

Richard Vickery:
> I wonder what Google's secret is?  

Well, when you're a huge service, receiving thousands of spam, much of
it near-identical, and from common sources, it becomes much easier to
identify spam as being spam.  And some services are better at that, when
they actually want to reduce spam, unlike some others that don't appear
to give a damn.

Even on a small self-run service, if you expose a honeypot address,
it'll get spammed along with the real addresses.  Using the honeypot
received messages as spam identifiers, you can 100% identify identical
messages sent to the other addresses as being spam (unlike other far
less positive identification methods).  That can knock out a huge amount
of spam, in a very simple, and reliable, way.

Other identifiers (HTML mail, attachments, bad grammar, broken mail
formatting, messages not personally addressed to you, et cetera),
falsely identify a horrible amount of real mail.  And almost all
commercial mail that I have personally subscribed for gets falsely
identified, list mail gets it, mail from friends who couldn't type or
spell properly to save their life...  To make it worse, when your mail
service provider does the identifying, they often give you no controls
to reign their anti-spam software in (you can't adjust the thresholds
and ratings, nor can you give it back spam and ham for it to learn).

