For the record, I agree with everything Matt said here, though I might make the point a little more softly. Automated spam submissions would probably be ok as long as we knew it was coming and how it was being sourced so that we could treat it accordingly.
We treat everything submitted as spam (not spamtrap) with cautious eye - even as potentially hostile. We probably refuse to code close to 50% of what does get submitted. (We will make any addition to a registered rulebases upon request though.)
We generally develop profiles for sources of spam so that we know what to expect and how cautious to be. For example, we have a number of sources that seem to get subscribed to everything that is out there so we've adopted a standing policy to only consider clear porn, scams, or snakeoil from those sources unless the content is also seen in spamtraps or other more trusted sources. In theory we should be able to develop a workable policy on any type of spam submissions (even automatic ones). Every rule that goes into our rulebase is at least reviewed by a human being with the aid of automated tools.
In summary, with the procedures we have in place we generally can accept spam from anywhere - however "more eyeballs" can make quite a difference when avoiding errors and certainly help to reduce our work load.
_M
At 12:32 PM 3/26/2004, you wrote:
This is generally a bad idea because you might be blacklisting something that others don't consider spam. I've seen experiments where someone built a DNSBL blacklist from things scoring over a certain weight and this had the effect of polluting the data with his local blacklisting settings which weren't perfectly universal.
A large number of my false positives from Sniffer comes from manual submissions, and this is primarily due to what I consider to be spam, and what other administrators consider to be spam.
The best value to Sniffer would be to promote the lowest scoring things. I submit everything that comes from a zombie or a non-unique source such as Nigerian scams that people report to me as having been passed. I maintain a local DNSBL for blacklisting static sources and generally don't submit those, though I may in the future.
I guess what I'm saying is that as another Sniffer user, I would prefer that nominations outside of the spamtraps be manually verified, and that those submitting them take care to consider whether or not everyone would consider such things to be spam since a filter would affect everyone that uses their product. I'm sure Pete has some protections in place, but no one is perfect and more eyeballs don't hurt.
Matt
Scott Fisher wrote:
I've been pondering this.
I use Message Sniffer as one of my tests. I've been thinking about the possibility of forwarding all mail to Message Sniffer that has a Message Sniffer return code of 0 that also has a weight 40 (higher than the highest false positive weight I've seen).
I don't know if this is a bad idea? So I'm throwing it out for other people's opinions.
I also don't know if I can use a weight test in a testsfailed filter.
Another concern is that the original e-mail should also be held.
Here's what I envision the code to look like:
WEIGHT40 weight x x 40 0
SNIFFER-NOTFOUND external 000 "D:\IMail\Declude\Sniffer\sniffer.exe code" 0 0
SNIFFER-FORWARD filter D:\Snifferforward.txt x 0 0
SNIFFER-FORWARD COPYTO spamaddress at messagesniffer
snifferforward.txt:
TESTSFAILED 0 CONTAINS WEIGHT40,SNIFFER-NOTFOUND
Scott Fisher Director of IT Farm Progress Companies
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
