Warren Togami wrote:

While whitelists are not directly effective (statistically, when averaged across a large corpus), whitelists are powerful tools in indirect ways including:

* Pushing the score beyond the auto-learn threshold for things like Bayes to function without manual intervention.

This does not sound like a positive thing to me. E-mail from any sender that is malformed enough to skip auto-learning should not be forced into Bayes as ham simply because some 3rd party promises, for their own monetary benefit, that the sender is a nice guy. Why should any sender that I have not intentionally added to my local whitelist get a break?

I've had enough problems with DNSWL, HABEAS, and JMF that they have all been disabled here. Unfortunately, that also means I have no recent data to add to the debate. Although I believe that whitelists should be included in the default install for those that want them, I also believe they should be disabled by default so that an admin must knowingly enable them after reading the manual and considering the consequences.

The argument has also been made that whitelists should be included simply because blacklists are. I think that argument is flawed. Blacklists are part of the spam fighting community while whitelists are part of the bulk delivery community. Their goals and motives are completely different. For one, blacklists will normally have evidence of abuse to support their listing. Whitelists only have policies and promises. Second, the scoring of whitelists is currently favored over blacklists, and will continue to be at the proposed settings for 3.3.0. Why can a whitelist override the score of a blacklist when it is the blacklist that has evidence of abuse?

After reading up on Bug6247, I found that ReturnPath included interesting stats on their lists:

Active: 4407
Suspended: 1300
Total: 5707

Active: 6561
Suspended: 283
Total: 6844

The Certified list is supposedly difficult to get on so I'm not sure how to interpret these results. Is 1/5 of the list suspended because of due diligence on the part of ReturnPath? If so, how did they get certified in the first place?

If whitelists are to be enabled by default, I believe their score should be moved considerably more toward zero.


Reply via email to