I just stumbled onto this thread and I can't stay (work to do with sprint)...
For the record, I agree with everything Matt said here, though I might make
the point a little more softly. Automated spam submissions would probably
be ok as long as we knew it was coming and how it was being sourced so that
we could treat it accordingly.
We treat everything submitted as spam (not spamtrap) with cautious eye -
even as potentially hostile. We probably refuse to code close to 50% of
what does get submitted. (We will make any addition to a registered
rulebases upon request though.)
We generally develop profiles for sources of spam so that we know what to
expect and how cautious to be. For example, we have a number of sources
that seem to get subscribed to everything that is out there so we've
adopted a standing policy to only consider clear porn, scams, or snakeoil
from those sources unless the content is also seen in spamtraps or other
more trusted sources. In theory we should be able to develop a workable
policy on any type of spam submissions (even automatic ones). Every rule
that goes into our rulebase is at least reviewed by a human being with the
aid of automated tools.
In summary, with the procedures we have in place we generally can accept
spam from anywhere - however more eyeballs can make quite a difference
when avoiding errors and certainly help to reduce our work load.
_M
At 12:32 PM 3/26/2004, you wrote:
This is generally a bad idea because you might be blacklisting something
that others don't consider spam. I've seen experiments where someone
built a DNSBL blacklist from things scoring over a certain weight and this
had the effect of polluting the data with his local blacklisting settings
which weren't perfectly universal.
A large number of my false positives from Sniffer comes from manual
submissions, and this is primarily due to what I consider to be spam, and
what other administrators consider to be spam.
The best value to Sniffer would be to promote the lowest scoring
things. I submit everything that comes from a zombie or a non-unique
source such as Nigerian scams that people report to me as having been
passed. I maintain a local DNSBL for blacklisting static sources and
generally don't submit those, though I may in the future.
I guess what I'm saying is that as another Sniffer user, I would prefer
that nominations outside of the spamtraps be manually verified, and that
those submitting them take care to consider whether or not everyone would
consider such things to be spam since a filter would affect everyone that
uses their product. I'm sure Pete has some protections in place, but no
one is perfect and more eyeballs don't hurt.
Matt
Scott Fisher wrote:
I've been pondering this.
I use Message Sniffer as one of my tests. I've been thinking about the
possibility of forwarding all mail to Message Sniffer that has a Message
Sniffer return code of 0 that also has a weight 40 (higher than the
highest false positive weight I've seen).
I don't know if this is a bad idea? So I'm throwing it out for other
people's opinions.
I also don't know if I can use a weight test in a testsfailed filter.
Another concern is that the original e-mail should also be held.
Here's what I envision the code to look like:
WEIGHT40weight x x 40 0
SNIFFER-NOTFOUNDexternal 000
D:\IMail\Declude\Sniffer\sniffer.exe code 0 0
SNIFFER-FORWARD filter D:\Snifferforward.txt x 0 0
SNIFFER-FORWARD COPYTO spamaddress at messagesniffer
snifferforward.txt:
TESTSFAILED 0 CONTAINSWEIGHT40,SNIFFER-NOTFOUND
Scott Fisher
Director of IT
Farm Progress Companies
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
