Comodo Antispam 2.7 new feature & other discussions (all Beta versions)

Please put here any comments you may have on the design of 2.7’s new facilities (eg editable challenge message - ASA, shared quarantine lists). New features are listed HERE.

Also any ideas you may have for MINOR feature adjustments or additions that might still be made to improve the 2.7 release. Obviously it is very much up to the developers and Comodo to decide whether these are desirable or feasible in the 2.7 release.

Ideas for significant changes should go in the main Commodo Antispam wish list topic, HERE

[i]N.B. The suggestions I make in this section reflect my personal opinion that the most important general issues to address to ensure CAS is a widely appreciated as it should be are:

  • CAS and email client stability/reliability
  • Increasing usability/ cultural acceptability & reducing hassle, both for direct CAS users, and those on the receiving end of CAS challenge emails
  • Avoiding the situation where CAS challenge emails start to be flagged as spam by other spam filters. (This has happened in the past, and a resurgence would be fatal for CAS)
  • Offering a viable alternative to the ‘challenge response’ policy (for those who just won’t or can’t use it) which is still consistent with Comodo’s ‘default-deny’ philosophy. [/i]

The Beta supports only partial editing of the challenge email (ASA).

My personal view that it should be possible to edit the whole of the ASA (except the passcode and user name). The user should be able to determine the position of the passcode and user name using say a placeholder, and determine the form of user name used for each account. To ensure that all appropriate information is included, when in ‘whole ASA’ editing mode the GUI should show guidelines for the content of the ASA.

Other emails sent by CAS (eg the authentication confirmation email) should also be editable.

Fully editable CAS generated emails are important:
a) to avoid CAS messages being intercepted by other spam filtering software based on the shared content of the emails. This would make the challenge email systemun reliable, which would be fatal for CAS overall I think.
b) to make people culturally and personally comfortable with using it - for example I, from Britain, don’t want to say ‘Hi’ or ‘Have a good day’, and I think the ‘100% spam free’ claim is incorrect at present.
c) to make it less likely that challenge email recipients will ignore the challenge emails thinking they are spam. This is currently quite likely because the footer of the ASA contains a strong Comodo marketing message eg “100% spam free etc etc”

Ideally this would be implemented as a additional CAS message editing option - a ‘whole message’ editing mode to go with the current limited ‘UserEdit’ mode. For 2.7 a compromise might be to add the ability to edit the introductory “Hi xxxx” and concluding “Have a nice day” phrases in the ASA, and delete the Comodo marketing paragraph from the ASA. Also to remove any hype from other CAS-generated emails.

Previous discussion can be found HERE & HERE

I should stress that this is very much a personal view. Do you agree? Please do give Comodo your opinion below.

Some people just cannot use the challenge-response approach to sapm filtering. People who rely on email leads from previously unknown senders for their livelihood for example. Such people won’t want to put any barrier, however small, in the way of people contacting them.

Others need a less worrying introduction to the default deny approach than the challenge response approach provides, though they may progress to it later. They need a ‘bridge’ to ‘challenge response’, and an opportunity to build better whitelists.

For both groups of people CAS needs to offer an alternative policy, in my opinion. In the long term this may be some for of Bayesian system. But there is an alternative policy that’s so simple to add that it could be added to the 2.7 release.

The policy is ‘assisted manual filtering’. CAS has a policy that almost does this already - its called (misleadingly) ‘only allow digitally signed emails’. In fact it allows digitally signed and whitelisted emails through, and allows people to say what should happen to the rest. When used with either the ‘pop up quarantine database when new entries are added’, or the ‘display reminder [to view the quarantine database] every n days’ option, you have the basics of an ‘assisted manual filtering mode’. I have used CAS like this and it works quite well.

To implement this in CAS 2.7, only the following changes would need to be made:

  • a tick box option to qualify ‘Pop up quarantine database when new entries’ by ‘Don’t pop-up if address is blocked’. This makes manual filtering more practical by reducing pop-ups. [Update 20/1/10: Now know that you can achieve something similar by changing the blocked messages action to ‘Delete’. However this deletes all blocked emails immediately and irrevocably - it would be good if there was the additional blocked messages action option “Delete emails after n days” to give a chance to rescue items if you make a mistake in a blocking rule. Combined with the “Don’t pop up if address is blocked” tick box this would give people the flexibility they need].
  • Also ensure that when quarantine database is ‘popped up’, the ‘all accounts’ view of the quarantine database is popped up. (Currently the wrong account is often popped up resulting in a blank database being displayed. So this is a bug fix really).
  • A GUI text change on the policy tab from ‘Only allow digitally signed emails’ to ‘Assisted manual filtering’ and there is the new policy!

In 2.7, to avoid the risks of too sudden a change of approach, the policy need not be the default policy on installation, or even offered as a new option. (Though the latter would be ideal if achievable). The installation program could just tell people about it, and tell them if they want to use it they should disable spam filtering when installing the software, and select ‘assisted manual filtering’ on the policy tab after installation. In this way people could try out the policy in 2.7, and it could be established in full form in 2.8, if feedback were positive.

A previous post on this is HERE

I should stress that this is very much a personal view. Do you agree? Please do give Comodo your opinion below.

When you intsall CAS, whitelists are built from email client contact lists. But many people’s contact lists are incomplete. They often lack the contact details of those with whom they communicate most frequently, because they know their emails addresses off by heart. This is particularly true in Outlook whch is very easy to operate without saving contact information at all.

As a result of this CAS may send a flood of challenge emails on or in the few days after installation. This risks embarrassment when sweethearts, wives, husbands (etc!) receiving challenge emails, making it likely that people will unistall CAS. It also makes it more likely that other sapm filtering software will start to classify CAS challenge emails as spam, disrupting the challenge email process. (The problem is made worse if you keep copies of emails that you have already downloaded on the email server. CAS downloads all these emails again, so 100 or so challenge emails may be sent. See bug report HERE).

To avoid these problems I suggest CAS:

  • should include the ability to import email addresses from sent item boxes in email clients. Just do Outlook in this version to reduce effort and guage response? . HERE
  • installation program should suggest that people switch off challenge response mode until they have checked their whitelists. HERE

The ASA Useredit is not enough because, for example, it’s not possible to change “Hi,” with the french word “Bonjour” !! :-
Perhaps one day with a brand new CAS… ;D