On 03/02/2018 02:54 AM, Sebastian Arcus wrote:

On 01/03/18 19:50, David Jones wrote:
On 03/01/2018 12:29 PM, Sebastian Arcus wrote:
I know I have brought up this issue on this list before, and sorry for the persistence, but having 7 different rules adding scores for the IADB whitelist still seems either ridiculous, or outright suspect:

-0.2 RCVD_IN_IADB_RDNS      RBL: IADB: Sender has reverse DNS record
                              [ listed in iadb.isipp.com]
-0.1 RCVD_IN_IADB_SPF       RBL: IADB: Sender publishes SPF record
-0.1 RCVD_IN_IADB_OPTIN     RBL: IADB: All mailing list mail is opt-in
-0.0 RCVD_IN_IADB_SENDERID  RBL: IADB: Sender publishes Sender ID record
-0.0 RCVD_IN_IADB_LISTED    RBL: Participates in the IADB system
-0.1 RCVD_IN_IADB_DK        RBL: IADB: Sender publishes Domain Keys record
-0.1 RCVD_IN_IADB_VOUCHED   RBL: ISIPP IADB lists as vouched-for sender

It really raises some very uncomfortable questions regarding the impartiality of SA and/or its anti-spam capabilities. And by the way, this message is definitely unsolicited, and in now way we gave any sort of permission or consent to this company or its "affiliates" to email us - so the whole "All mailing list mail is opt-in" is nonsense.

And why have "Sender has reverse DNS record" and "Sender publishes SPF record" as separate IADB rules - when SA itself already checks for these? Isn't this just a glaring way of pumping up SA scores for the IADB subscribers?

Once in a while, even the best senders can get a bad customer of theirs that obtained email addresses by a violation of their terms and conditions.

Just block that sender with a local "blacklist_from *@example.com" entry and report it to SpamCop.  If the message headers have any abuse reporting information then send the headers there too.  They should do their own internal investigation and shutdown that bad customer of theirs.

That is still beside the point. There is simply no reason in the interest of SA as an antispam solution to publish all those rules. One or two rules would be more than enough. I know I can block this and that in SA, and tweak rules all the time - but I am concerned when the default settings in SA effectively facilitate marketing companies to stuff my Inbox full of junk. In that case you would achieve better results not using SA at all. As to reporting bad senders and "internal investigation" - my experience shows that doesn't get very far with any providers.

Look at the IADB rules at http://ruleqa.spamassassin.org.

They are very indicative of ham, so much so that I bump the scores up on them and shortcircuit a few of them as ham.

If you want to score all of them at zero in your local.cf, go ahead. That's your choice. Just because you get unwanted email in your inbox doesn't make it spam. If it has a legit unsubscribe link then simply unsubscribe from it. If you want to help the community, then report it to Spamcop.

David Jones

Reply via email to