Hello Belgarath, > As far as I am concerned there is no option to explicitly > whitelist people in dspam engine as it is at the moment. > However you can easily do it on the MTA level that mail > form specific addresses do not hit dspam at all.
That's certainly an option, though I would prefer to avoid it if possible - that would require additional stage of filtering in a script and scripts tend to break. That's additional point of failure. Not to mention it's not very efficient - a script would have to parse: 1. a mail to extract the addresses 2. a complete whitelist every single time mail is passed to it Only then it could decide whether to feed the mail into DSPAM or not. There's a reason why the above tends to be done in compiled code with data storage backends like hash drivers or SQL, and this reason is cost. I'm actually considering writing small program in C to manage this, perhaps with BerkeleyDB backend, but that is the last option I want to pursue, not the first one. > The other > think is that I think it is 10 mails that put people on > the whitelist, which is not that much. Not an option. In hosting (my context) you plain CAN NOT afford false positives. That's just out of question. A small amount of spam is tolerable, but false positives aren't. At volumes of mail we handle, even low probability that legitimate mail sent by partners of our customers will be dropped into quarantine/deleted before they send 10 mails altogether to our customer turns into statistical certainty in way too many cases. More extensive whitelist management is one thing I sorely miss in DSPAM. There's another product called ASSP, that has terrific whitelisting: http://assp.sourceforge.net/ But ASSP is written in Perl (except being icky, it obviously breaks down if anything bad happens to Perl) and it has too low performance for us. -- Marcin Krol
