Codger wrote: > I wanted to mention something that I've started doing to help those > of our users who just barely can do email much less discriminate > email spam from the packaged meat product. This idea may not be new > at all but Justin Mason suggested that I go ahead and post it to the > list.
Thanks for sharing the discussion about an additional way to run SpamAssassin. > To our users, I've introduced the concept of a private keyword. This > keyword is quite unique and will cause the responder's email to get > -100 points in the private keyword rule. I've instructed them to put > the private keyword in the bottom of their signature. It is very > inconspicuous and looks like text that a mail server might add to all > outgoing mail. > > At first I suggested that they simply send to their contact lists a > request that they respond to the email (with the private keyword > inserted) without changing it. Now I have suggested they just all > keep it in their signature for all their communications. I am assuming by this that you are expecting your users and the people that reply to them to top post, to keep the quoted parts of the message at the bottom? I assume that style it typical in the culture of your business? In that case it would work. But in the typical conversational quoting style[1] this would normally be trimmed off and won't appear in any response. [1] http://www.netmeister.org/news/learn2quote.html And of course the initial contact message from an external sender into your organization also won't have any tags and won't benefit from these bonus points. Initial messages from senders to your users would never have the benefit of those bonus negative score points. What would protect those messages? > What is then happening is that their contacts are getting a high > negative score in the autowhitelist sql database. This has prevented > legitimate email from being snagged by spamassassin many, many times I am not using the autowhitelist feature of SA and therefore I may be missing something. But my academic understanding of how it works is that it will average out the points from a particular sender. Therefore over time if your senders are given bonus points when replying to a message the average for them in the autowhitelist database will be strongly influenced to average a large negative score. The autowhitelist will add a large positive score to their messages in order to bring the average back to zero. Right? Or am I completely wrong about how the autowhitelist works? Here is the problem that I see with this method. The external users will eventually send a new message without the magic words in the message. This new message is perfectly valid but will not have bonus points substracted by the tagging. But by the process of the autowhitelist it will have the averaging applied and this message will get a large positive score. This will create false positives on messages without the magic word included. > I personally hate the greylist/whitelist approach where you have to > click on a link to be authorized to get your email through to a > person. It is uninviting and intrusive, and even seems rude. What you describe is challenge-response and is not related to greylisting or whitelisting. Those are completely different from what you describe. But yes I agree that challenge response has many undesirable problems. > What I'm doing with the private keyword is really an autogreylist/ > autowhitelist of sorts. I completely disagree with your choice of words to describe your process. Those words are already defined to mean something completely different in the anti-spam domain. http://en.wikipedia.org/wiki/Greylisting > There are some problems though that I've encountered. First, the > autowhitelist entry is specific for each of our users and the same > email address can have both negative and positive scores for > different users. I understand why that is of course and that the > autowhitelist by design was not intended to account for this most > likely. Because the autowhitelist database was not designed with this in mind I fear that it will behave poorly as I described above. It will cause a sender to have wildly different scores on different valid messages based upon the content. > The other is email aliases (which I personally discourage) > which have to have separate entries. I was unable to deduce your meaning from the above statement. Why would you discourage aliases? They would work the same as any other email address. > I was wondering about anyone's thoughts toward having a real > autogreylist database as part of, but separate from, the > autowhitelist in SA? Or even if you think this is all a bad thing to > do in the first place. Please don't call it an autogreylist database because it is not related to greylisting. Am I completely wrong about how the automatic averaging function handles two different valid messages where one would have a large negative score and the other would not? > The advantage of the signature placement that I see is that it is > absolutely a no-brainer for our users, and in the course of their > normal communications, their contacts become protected more and more. For responses this is a cultural behavior. In the MS world without message threading people have been trained to top post and quote all of the previous messages. But in the world with message threading this is strongly discouraged. Your user's contacts would not be "protected" if they replied using standard Internet netiquette and trimmed their responses. (Such as I have done here.) Your user's contacts would also not be "protected" if they send original messages to your users. These original messages would not have the magic word and therefore not have bonus points subtracted from their mail. This would in effect make their original messages look more like spam compared to those getting the negative bonus points in your proposed process. > Their own email 'world' really becomes more their own if you will. If > it became a widely used concept, then it would also always be > specific to each mail server or even each virtual domain. I can't see how this could become widely used. It would require people to maintain a database of magic words to include in messages to people, because if they did not include those magic words their mail would be less likely to be delivered. This is a burden on users and therefore very unlikely to be adopted regardless of effectiveness. Even though I disagree with the idea I appreciate you sharing it with us on the mailing list. And if I am completely wrong in my assessment I appreciate corrections. Thanks Bob
