Excellent! [THANKS]

Turned on my PC this morning, and no Spam! this is great.

Been using neural network training with error back propagation antispam measures for years. This worked pretty well, eliminating 90 percent of spam.

It`s obvious that Spammers continuously re-craft emails to evade your defences.

Your software works great in Windows, but would be great if it could provide port access so that an Email client on another Non Windows machine on same network can utilise AntiSpam.



One problem however, the authentication mail that is sent out by Antispam is seen as spam itself by many filters!

So far this has happened with :-

Windows Mozilla Thunderbird
Microsoft Hotmail
Linux Spam Assassin

Recipients get the Authentication email, but delivered to Spam inbox, and don’t see the mail.

This method of Spam fighting is something that I would NEVER use. “Authentication” emails are as bad as “return receipts.” Two thumbs down for this one.


Spam is a big area and we are investing heavily in trying to solve this problem. I would love to hear your point of view about why you would not want to use this method. We are open to suggestions.

While I think its great that you guys are attempting to do something about spam, I don’t think that “authentication” emails are the way to do it. First off, as “ef” pointed out, the authentication email that is sent back to the original sender is seen as spam by different email clients. If someone doesn’t check their spam folder (or if it’s deleted) then they will never see the authentication email.

Maybe this is just a personal thing with me, but I view authentication emails the same as return receipts. Very annoying. When someone sends me a return receipt, I never acknowledge it. It’s as if the person doesn’t trust me to respond, so they want the verification that I read it.

Another thing, say I purchase some software off the internet. I am then sent the registration information but an authentication email is sent back to the purchase site. How can I be sure the place I made the purchase will get the authentication email and respond? In many cases, the process is automated and they won’t respond to the authentication request, so I’ll never get the registration info.

Using the authentication method may help reduce spam, but it will also kill valid emails. I don’t know the answer to spammers. Maybe seek them out, arrest them, throw them in jail for life, feed them to lions, etc. I don’t know.

Good luck with whatever methods you can come up with, but as I stated before, I won’t use the “authentication method” and neither will many others.

You have raised all valid points. We will continue to innovate on the fight against spam, lets see what we can come up with :slight_smile:


If you guys change the way CAS works, it would be nice to leave the current implementation as an option. I personally love it. All I have to worry about is manually accepting good e-mails that come from bots such as when I purchase something. This isn’t a problem for me, as it is a one time deal for most instances.

Maybe CAS could be designed to use both the current implementation of passwords with the added benefit of something like spambayes.

I agree with JimmyD. Authentication is not the best option in all cases (at least for me). After loading the software (this evening) and seeing what is was going to do, I removed it then came to this site to post a message. Perhaps COMODO can create a way to give the user an option to identify good/recognized emails as “authenticated” (move good/bad emails to another folder) or mark by way of a check box those that are bad/not recognized, etc…, before it sends an authentication email to the ones they WANT to authenticate. I know the proposed method would remove some of the automation/work (and may add risk), but this would put the user in control of the risk. Other thoughts???

Regards, JohnSk

The authentication emails were a big reason why I stopped using CAS. The biggest reason though was that it just does not work right with Outlook Express.

I think there is a big risk of making a really terrible decision here.

  1. I am not aware of any other automated approach that holds out any promise of filtering spam as effectively as CAS. Manual filtering by people as Melih has previously said could work, but the labour overhead would be high, and any efficient system would take a while to develop. See my post here for more on this: https://forums.comodo.com/antispam/cas_a_potential_world_beater_resolved-t38030.0.html

  2. Authentication emails need not be seen as Spam, they are only because:
    a) CAS insists on sending standard emails - you cannot despite appearances craft your own. Instead you CAS should insist to craft your own, only giving guidelines on what they should include
    b) CAS insists on sending highly hyped challenge emails which recipients object to.
    b) CAS does not provide sufficiently good ways of building whitelists, and so send too many authentication emails. At the very least CAS should import email addresses from your sent items list, preferrably including your email archives.It would be good if CAS could monitor email addresses you type in to web sites and ask you if you want to add them to the white list.
    Tailored personal authentication messages plus low volumes = not classified as spam.

  3. Authentication actually works to exclude spam and if you use personally crafted challenge emails, rather than CAS’s overhyped text, anyone who wants to contact you will. No other spam exclusion technique is as good.

  4. CAS is not being used as much as it should be because it is lamentably buggy - see bug lists - and does not work with enough clients. Please could we have a bug fixed version and one that solves the issues in 1) above and try this out to see if people like it? WE have had several deadline for a new version but all have been missed.

  5. CAS could add blacklisting based facilities though this would be less consistnt with Comodo’s default deny philosophy. That would be fine by everyone I guess, so long as the whitelist functionality was retained and debugged.

Hope this helps

Best wishes


In my view this would be a good halfway house, in part as it would allow people to control things themselves until they were confident about CAS’s unusual way of working. Probably should not download spam emails to a client folder though - whole point of CAS is that you never receive the nasty emails in your email client. Could be implemented as ‘wait n days before sending challenge’, where n could be set to huge. CAS already prompts you (if you want) to have a look at your quarantine list every few days.

You can set CAS to pop up the quarantine database when it thinks it has spam, and perform a quick visual check. You could set this only when you are expected such and email if you want to take full advantage of the automation. Also if you know what domain the registration email will come from you can whitelist it. I ave suggested that CAS should ask you if you want to whitelist the site domain wheneven you type in you email address on a site.

I agree - used pretty well every other piece of antispam software, and none works as well

Just checked a bit further and CAS can do closer to this than I thought.

Here is how to do it.

  1. Turn policy to ‘only allow digitally signed emails’. THis actually allows through digitally signed AND whitelisted emails.

  2. Now go to ADvanced/miscellaneous and choose either ‘pop up quarantine database when spam received’ or ‘play sound’ or both

  3. Now go to QDb page and select how long messages are to be kept before deletion, and every how many days you want to be reminded if you have not reviewed (blocked or allowed) an email (as a back stop check)

  4. Don’t forget to set up your whitelists (& blacklists) with as many addresses as possible and tick the two settings at the bottom of the authentication DB page

  5. Now when a spam is received you can either choose to block (& spam report it) or allow it, though NB it takes 2 send receives after allowing an email to receive it (CAS bug). Blocking adds to blacklist, so quickly cuts down on spam alerts. No challenge emails will be send unfortunately, even if you want them to be!

I don’t know about problems with CAS and Outlook Express. I am having a problem now that ATT has switched to Att.yahoo.com. When it was bellsouth.net it worked fine. Beeped when spam came in and you could read the e-mail and see if it was something you wanted or not. If it was spam, you could send it to Comodo. Didn’t tie up and slow the computer down like some do. I thought it was pretty east to work with.

my only ? is this can I canfigure this for an email client like yahoo an if so how

Yahoo is not an email client, it’s a web-based (cloud) service. But you can use it from an email client like Outlook instead of (or as well as) using it as a web-service. If you do so you can use CAS.

To do this:

First read the “Before you install” guidance - a forum ‘sticky’.

Then choose and install a true email client, if you don’t use one already. Preferrably choose one that is fully supported by CAS such as Office Outlook, or Eudora, or Netscape. Configure it to use your Yahoo account in POP3/SMTP mode, using the instructions on the Yahoo site. Then install CAS, which will automatically import your account settings.

There is a FAQ to help you if you choose to use a client is not fully supported by CAS.

Hope this helps


I tried CAS, didn’t like it at all. I think the authentication email part is ridiculous. I didn’t really need it anyway though since I very rarely get any spam and the little that does come through is very easily eliminated by simply telling them not to send any more (unsubscribe). Ninety five percent of the time I get no spam with no filters employed.

Some like the challenge-response policy (like me and the person who originally posted this topic) some don’t (like you), I know. The ‘before you install’ topic explains why.

Happily there is an alternative policy, albeit only a partially automated one. See my FAQ here: https://forums.comodo.com/comodo-antispam-cas/faq-cas-under-development-t48213.0.html;msg348733#msg348733.

I’ll be string a sticky topic soon to discuss what other policies might be added to CAS. I hope you will contribute!


That’s just way too complicated a procedure to have to go through to make a program behave the way you want it to. Like I said, I don’t really need any anti-spam filtering, I just tried CAS out to see how it worked.