On Feb 1, 2008, at 3:46 AM, Mark Martinec wrote: >> Most whitelist entries I have seen appear to be financial-services >> mailing lists. (thus no two-way traffic) No, I don't know why those >> are getting high scores. Need to chat with the users. > > These need to be whitelisted with SpamAssasin rules to be reliable. > > For ebay, paypal, bankofamerica, etc use whitelist_from_dkim, > for others either whitelist_from_spf or whitelist_from_rcvd, > or a dedicated rule. Whitelisting solely based on envelope or > author (From) mail address commonly leads to false negatives, > the popular financial and similar sending domains are frequently > abused for fraud.
I have talked to the users, and there's no issues there. The big domains weren't in the list, it was all smaller financial chat lists. Nobody has seen FNs from those, and none of the ones I checked are using SPF or DKIM. >> No, I don't know why those are getting high scores. >> Need to chat with the users. > > It pays off to investigate such false positives. It's three things: all html content, financial wording used and inline advertisements. It's not generally possible to drop those scores without letting through a bunch of spam. > If a company policy and legislation allows it, the use of > quarantining can be a big help there. Message above kill level > may still be passed on to recipient if desired, but a copy > is saved in quarantine for investigation. You know, I used to think quarantining was awesome. And then I found that with 2k users, only 2 others used it. Nobody else wanted to check the quarantine, nobody was happy with having to log in to find messages. And quarantine reports generated complaints about "spam about spam". Switching to "quarantine to a Spam folder" using a local sieve filter made everyone happy. They set their kill and kill2 levels, and anything in between is dumped into "Spam". If they are missing an e- mail, the local search function in their mail client finds the message and they are happy. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
