Warren Togami wrote:
While whitelists are not directly effective (statistically, when
averaged across a large corpus), whitelists are powerful tools in
indirect ways including:
* Pushing the score beyond the auto-learn threshold for things like
Bayes to function without manual intervention.
This does not sound like a positive thing to me. E-mail from any sender
that is malformed enough to skip auto-learning should not be forced into
Bayes as ham simply because some 3rd party promises, for their own
monetary benefit, that the sender is a nice guy. Why should any sender
that I have not intentionally added to my local whitelist get a break?
I've had enough problems with DNSWL, HABEAS, and JMF that they have all
been disabled here. Unfortunately, that also means I have no recent
data to add to the debate. Although I believe that whitelists should be
included in the default install for those that want them, I also believe
they should be disabled by default so that an admin must knowingly
enable them after reading the manual and considering the consequences.
The argument has also been made that whitelists should be included
simply because blacklists are. I think that argument is flawed.
Blacklists are part of the spam fighting community while whitelists are
part of the bulk delivery community. Their goals and motives are
completely different. For one, blacklists will normally have evidence
of abuse to support their listing. Whitelists only have policies and
promises. Second, the scoring of whitelists is currently favored over
blacklists, and will continue to be at the proposed settings for 3.3.0.
Why can a whitelist override the score of a blacklist when it is the
blacklist that has evidence of abuse?
After reading up on Bug6247, I found that ReturnPath included
interesting stats on their lists:
Certified
Active: 4407
Suspended: 1300
Total: 5707
Safe
Active: 6561
Suspended: 283
Total: 6844
The Certified list is supposedly difficult to get on so I'm not sure how
to interpret these results. Is 1/5 of the list suspended because of due
diligence on the part of ReturnPath? If so, how did they get certified
in the first place?
If whitelists are to be enabled by default, I believe their score should
be moved considerably more toward zero.
/Jason
