For certain kinds of spam, it would be advantageous to have a highly dynamic set of rules (eg stock spams). The usual methods (à la sa-update) are usually slow - slow as in "once or twice a day"; however I think it would make sense to have them fast - fast as in "continuously updated".
As such, DNS could be used as a transport mechanism with reasonably chosen TTLs. As most rules are not that huge, they would usually fit into a single TXT record. Updating these rules through DNS would allow efficient "flood fill" distribution combined with DNS' cacheing characteristics. A number of formats for querying are possible; maybe it could look something like: type.my_fancy_rule._sa.example.com IN TXT "header" rule.my_fancy_rule._sa.example.com IN TXT "Subject =~ /foo/i" score.my_fancy_rule._sa.example.com IN TXT "0.947" desc.my_fancy_rule._sa.example.com IN TXT "Match foo in the subject" flags.my_fancy_rule._sa.example.com IN TXT "nice" Does this make sense? Would this improve effectiveness? How could such rules by dynamically "inserted" into a running SpamAssassin process (eg spamd or amavis)? -- Matthias
