GIAC Report
Thursday, September 11, 2003

GIAC Spam Committee


The Spam Committee was authorized by the GIAC Board on July 10, 2003:

"A committee will be formed to address the spam issues and come up with a methodology to reduce the spam email delivered to our users and present the proposal to the Board by the September Board Meeting."

The committee chair solicited GIAC Member participation in the process of identifying, screening, and testing available spam-blocking software products in order to prepare a recommendation to the Board. The following Members volunteered to staff the committee:

  • Austin Conaty
  • Ed James
  • Neil McLeod (chair)
  • Mike Moore
  • Dorian Winterfeld


The committee’s original plan of attack involved:

  • Establishing basic principles to govern GIAC’s involvement in spam-blocking activities on behalf of subscribers and to guide the committee’s selection of software products to be evaluated.
  • Acquiring and screening an initial group of selected products for further testing.
  • Referring products that warranted further evaluation to a Test Group comprised of volunteer GIAC Members.
  • Recommending to the Board, based on overall testing results, an overall strategy for spam-blocking action by GIAC and by subscribers.

However, except for the committee itself, no GIAC Members volunteered to help test software products screened by the committee. This circumstance persuaded the committee chair to truncate the original testing plan by excluding any consideration for direct action by GIAC on behalf of subscribers on grounds that insufficient interest existed among subscribers to justify the expenditure of resources. The remainder of the committee’s work focused on establishing spam-blocking principles and evaluating options available to individual users.


The committee quickly established two guiding principles for the work to follow:

  • Principle #1 (Prime Directive) – “Thou shalt have no false positives.” No product or methodology is acceptable that blocks legitimate messages.

    "For most users, missing legitimate email is an order of magnitude worse than receiving spam, so a filter that yields false positives is like an acne cure that carries a risk of death to the patient." - Paul Graham

  • Principle #2 – GIAC has no available resources to devote to the management of spam controls on behalf of service subscribers.


The committee screened all products in the list below, which is not represented as a complete list of available spam-blocking products.

One or more committee members personally tested those products listed in boldface. Underlined names link to product reviews, which reflect only the experiences and/or opinions of the individual reviewer(s). No endorsement of any product by GIAC is implied.


  • Server-based (ISP- or GIAC-managed) products must be excluded due to the absence of available resources to manage them.

  • Host-based subscription services must be excluded until enough users are willing to become involved (to manage their own filtering rules) to justify setup and ongoing costs.

  • A variety of free and low cost client-based and user-managed spam-blocking solutions are available to adequately handle most subscriber needs as well as GIAC’s own administrative mailboxes. The committee recommends to GIAC and to all users the use of whichever of these user-oriented products best suits their individual needs and preferences.

  • At most, GIAC may wish to offer installation and/or training assistance to subscribers for any product(s) used by GIAC principals or volunteers.

- posted by Neil McLeod, Committee Chair



| Feedback | Home | Top |
//     Updated 9/11/03