>From: Miles Fidelman <mfidel...@meetinghouse.net> >Sent: Tuesday, March 7, 2017 3:36 PM >To: users@spamassassin.apache.org >Subject: Re: List of legit mass mailers >One might opine that there can be no such thing. Mass mailings are almost >always >spam - except when distributed by an organization to its own customers or >members.
I don't want to start a huge debate over the definition of spam but there is a distinct difference between spam and UCE primarily due to how it should be handled. If your SA environment is only filtering a single or a few mailboxes, you can get away with treating spam and UCE the same so I am not talking about small SA instances. In a large SA instance of more than a few hundred mailboxes spam and UCE should be handled differently. Spam = malicious email intended to trick the recipient into do something bad. This includes viruses, malware, phishing, Nigerian scams, British lotteries, etc. UCE = unsolicited commercial email. This can be something the recipient did (possibly accidentally) or didn't sign up for. UCE can come from trustworthy senders which can be safelisted with whitelist_auth. I think what we are trying to target is the trustworthy commercial senders like paypal.com, ebay.com which are in the def_whitelist_from_dkim and def_whitelist_spf and work well in SA with shortcircuiting enabled. I have extended my list of SA whitelist_* entries to about 4,000 and it is working very well. I let trusted senders with valid opt-out processing through to the end user so they can decide for themselves to unsubscribe or continue receiving it. The trick is finding the pattern of trusted sender characteristics which I think I have. Dave
