Re: *Please* fix spamassassin's score configuration
On Fri, Dec 27, 2002 at 05:23:39PM +0100, Emile van Bergen wrote:
[snip]
> If it's valid to flag on MUA at all (or indirectly, platforms the MUA
> runs on) for Debian-related lists, then it's definitely legitimate to
> add a rule for FoxMail I'd say.
Sure. I was just cautioning that any such rule should be carefully
weighted, since it is possible that perfectly legit mails are sent from
FoxMail users.
[snip]
> > > * needlessly high priorities should definitely get a score
> >
> > This is a bit questionable. It is quite plausible that legit mail to the
> > Debian lists will get sent with high priorities. Of course, one could
> > argue that Debian list users should know better than to set Outlook
> > priorities, but the point is that this isn't a particularly reliable
> > indicator of spam.
>
> I think it is, see above. This is one of those netiquette-related
> things. Spammers violate rule #1 of email netiquette; they are likely
> to violate others, so flagging other violations may help indicate spam.
I don't see why setting Outlook priorities violates email netiquette? SA
has a separate rule for all-caps subject lines, which *is* a good spam
indicator. People who are familiar with Outlook do use the priority
setting from time to time, and with perfectly legitimate reasons. Sure,
spammers use it too, but that only says that it is not a good measure by
which to decide whether a mail is spam.
(On another note, if there are *malformed* Outlook priority headers which
cannot have come from a real version of Outlook, then that is an almost
100% sign of spam. In fact, SA does have a few rules that check for these
types of spam indications.)
[snip]
> > Like I said before, FoxMail is legit. The score for it should be low, if
> > at all. False negatives are better than false positives, even though they
> > are quite annoying nonetheless.
>
> True, but Spamassassin already violates the principle 'innocent until
> proven guilty' in *lots* of places; most rules form only circumstantial
> evidence.
I'm not disagreeing that FoxMail should be checked for. In fact, I do this
in my local setup, because it does catch a lot of the spam that I receive.
I'm just saying that it shouldn't be scored too high to prevent false
positives.
[snip]
> It already catches a lot of spam from mailing lists as well, but despite
> that, the few debian lists I'm subscribed to still get me more spam than
> anything else.
[snip]
Same here. I have, in fact, added a lot of custom rules to my SA setup to
get the spam rate down to a tolerable level. And even then I tend to
scream when a spam passes through the filter unmolested, some even with
scores < 0.5. Now I can't wait for Bayesian filters to be fully functional
in SA... I have collected a good spam corpus to train it with. Hopefully
that will also prevent the few unfortunate FP's that I've been hit with.
T
--
It's bad luck to be superstitious. -- YHL
Reply to: