Wishlist - CAS

[Guest]

[HarpGuy]

I'm grateful that this is being discussed.  Thank you.  My experience with Comodo is that the people who should be reading these sorts of discussions in these forums tend to actually do so... so let's hope this results in the ability to edit the ASA being finalized (and finallly working) in an upcoming release... hopefully the next release (fingers crossed).

I could not more strongly agree with mouse1's commentary, just generally.  The tailorability needs to be at both of those levels, as well as regarding all messages which CAS sends out... both the challenge email, as well as any subsequent message sent out as a result of an improperly/incorrectly executed challenge reply.  Anything and everything which CAS sends out needs to be something which the end-user may customize. 

It's absolutely essential... otherwise the end-user ends-up looking differently to ASA (and other CAS message) recipients than he/she would like to be.  As I have said multiple times, I would NEVER talk about any product using the youthfully-gushing and overly-commercially-enthusiastic language of the existing, default, can't-currently-be-changed, built-in ASA.  It's just not my style... and conveys a completely inaccurate -- nay, misleading -- image of me and my approach to product recommendation.  I've been doing this for 32 years... and I always recommend and/or endorse things in a certain, somewhat-more-dispassionate manner.

Also, I've been writing technical and other "how to" sorts of documentation for most of those 32 years.  I concede that I'm more verbose than are many, but said verbosity is in pursuit of crystal clarity so that there will be no questions or mistakes... and also (and this may actually be my bigger reason, since my time is valuable) so that I will not be inordinately bothered by support issues.  My style has always been to over-explain a bit so that my phone will ring less often.  And, pursuant thereto, I would never explain or spell-out the steps to responding to the challenge message in the manner that the current, default, built-in, can't-be-changed ASA does it.  Again, my way might include a few more words, but it would leave no question whatsoever in the mind of even the most inexperienced and clueless end-user what needs to be done.

I would also want to include in my personalized ASA an apologetic tone since I am on record throughout my career as absolutely HATING challenge-and-response email anti-spam systems; and swearing that I would never use one.  However, ever since I built (and then managed, for several months) a very famous missing person web site back in 2002/2003, my email address is in, quite literally, hundreds of thousands of email address books and/or email inboxes/sent-folders.   And many of the owners of those computers wouldn't know anti-malware if it walked up and kissed them on the mouth... and so, consequently, literally thousands and thousands of computers out in the world are relaying spam and malware either to others with my email address in the "From:" field, or to me, with godonlyknows who's email address in the "From:" field... and the result is that even with sophisticated bayesian filters right on my POP3 server, the small percentage of spams which still get through still amounts to up to a hundred or more spams per day... on some days, even more.  And I just can't keep fiddling with and customizing my spam filters... it's eating-up too much of my day... day in, day out... every single day of the week, month and year.  I've HAD it!  And so I've finally, contrary to what I've always said, broken down and decided to implement a challenge-and-response system... and I've chosen Comodo's.  But if my ASA didn't include an almost-apologetic tone -- and a bit more detail -- regarding my explanation for why I've finally done it, those who know me well would think I had lost my mind.  I absolutely MUST be able to control how I explain why I'm using CAS.

Finally, I would never word the Comodo-promotional part of the ASA as the current, default, built-in, can't-be-changed ASA does.  I would, instead, couch the language in an almost apologetic (and, therefore, somewhat less commercially-enthusiastic and shamelessly promotional) manner... one that would come across more along the lines of my saying, simply, that while the point of the ASA is simply to give the recipient his/her instructions for how to get on CAS's whitelist, as long as we're discussing it, if anyone's interested, the product I settled upon is CAS... and here's the link to it in case you'd be interested in checking it out yourself... something like that.  Again, less youthfully-gushing, shamlessly-promotional, commercially-enthusiastic language.  It's all about tone and credibility...

...and the current, built-in, default, can't-be-changed ASA just don't feed the bulldog.

The end-user's ability to change it -- by whatever means -- as well as the ability to similarly change any and all OTHER messages which CAS may send out with the user's email address in the "From:" field absolutely MUST be enabled in CAS.  It must!  It's, as I said, a deal-breaker.  Non-negotiable.

Whether it happens by means of an improved interface in which the end-user may free-form edit the messages (and I mean ALL messages... not just the CAS), or whether the end-user is forced to manually edit an "mhtml"  message... either way, it must be done.  Please.  This is really important.  Really.

In the short-term, if the development team would just make it so that when someone chooses an mhtml file in the ASA folder, CAS actually USES said file... in the short term, that would at least get us over this hump.  At least then those of us who know how could create our own mhtml message and put it into the ASA folder and choose it from within CAS and then that would be the ASA which is sent out.  That would at least give us semi-adequate control for now.

Then, in a subsequent version, if the development team could actually build a nice little free-form editor into CAS so that all editing of ALL messages sent-out by CAS could be edited from within CAS, that would be even better.

I hope that someone here who knows how to notify them will make sure that folks from the CAS development team will read this discussion here, and that our recommendations will be followed.

CAS has other... um... well... let's call them "weirdities" which need to be addressed... and we can chat about them here.  But, gosh-darn-it, this ASA personalization issue really needs to be fixed... and soon.

Please.

[Dch48]

I uninstalled CAS because the first time it classifies a mail as spam, something gets screwed up and it keeps telling me my smtp info is incorrect. I uninstall and reinstall CAS and everything is fine until it once again classifies something as spam and then the error box about smtp comes back up every time.  I run Outlook Express 6 on XP MCE SP3 with IE7.

I also would like to see the program create an anti-spam folder in the email client that the spam mail goes into  instead of having to open CAS to see if something has been caught that I really would like to allow through. When I had CAS installed it did not give an external indication that anything had been intercepted, not even in the system tray.

[rdunham1624]

Shall we put an ability to check the URL inside the message to see whether this URL belongs to a spammer or not, and then allow all our users to be able to report an email (and the url in it) to Comodo so that Comodo can then update all other users against this URL and when the antispam finds this in an email it marks it as spam?

Would you like that? any ideas, extensions, modifications to this?

Melih

Yes, that would be helpful. Also, it would be helpful to be able to able to use wild cards in blocked email addresses and in blocked IP addresses. For instance: 66.97.183.217 and 66.97.183.229 are both spam as is mx37.paintthecolorsoftherainbow.com and mx25.paintthecolorsoftherainbow.com so if we could block email from *.paintthecolorsoftherainbow.comm and / or 66.97.183.* it would cover all bases.

[HarpGuy]

Yes, that would be helpful. Also, it would be helpful to be able to able to use wild cards in blocked email addresses and in blocked IP addresses. For instance: 66.97.183.217 and 66.97.183.229 are both spam as is mx37.paintthecolorsoftherainbow.com and mx25.paintthecolorsoftherainbow.com so if we could block email from *.paintthecolorsoftherainbow.comm and / or 66.97.183.* it would cover all bases.

Hmmm.  I don't know about the IP suggestion.  Blocking all IP addresses in the last group of four digits would block far, far, far more than almost anyone would ever want to block.   Being able to block an IP or to specify a range of IPs, maybe... but even that's risky since so many shared IP arrangements exist out there.  So, that IP wildcard... wow... I dunno 'bout that one.

As for blocking the domain, that's already in CAS.  Or did I misunderstand?

[rdunham1624]

Yes, I agree that the IP wild card would be a bad idea, but I could not add *.paintthecolorsoftherainbow.com to the blocked list to cover mx37.paintthecolorsoftherainbow.com and mx25.paintthecolorsoftherainbow.com.  If this can be done please tell me how. Spammers use this trick to get around the domain block. They just create new sub-domains as above.

[mouse1]

You need to be able to take action quickly on QDB entries, so you want to be able to block and delete in one operation when necessary. Currently you have to press two buttons.

[mouse1]

Need an optional server synchronisation setting that tells CAS only to inform you if synch fails. Else if you have CAS set to synch frequently you get too many 'synch successful' messages.

[mouse1]

Would be useful if CAS had a plug-in that detected entry of email address into web forms and offered you the opportunity to add the web domain involved to your whitelist. Else you can end up not receiving automated emails from people you have requested them from.

Mouse

[mouse1]

Option to automatically whitelst sites 'verified by Comodo' would be good.

Also option to automatically approve domain variants eg download.fred.com, partic if background checked. Not sure if CAS does this already.

Mouse

[mouse1]

Increasingly convinced that people should be forced to create their own ASA - just give them guidelines. There should be absolutely no fixed elements at all. This, in conjuction with better whitelist building, will prevent authentication requests being trapped as spam by other spam filters.

Mouse

[mouse1]

CAS needs a clearly identified opton to operate in ASA-less, 'assisted manual filtering' mode.

The policy option 'only allow digitally signed emails' used in conjuction with the 'pop-up quarantine database option' nearly achieves this, as it passes whitelisted mail as well as digitally signed mail. Unfortunately its title is misleading. Also the 'pop up' function pops up when explicitly blacklisted emails are received, which is undesirable for most users.

Mouse

[SecurityManiac]

Just one wish. Please make it more adjustable for consumer market

[Tags:]