Actually, I've been thinking strongly about tracking the total score from that recipient, and the number of messages seen, then regressing the score for a new message toward the mean. ie:
message9 comes in from userA score message9 against patterns, etc. retrieve total of scores for message1..message8 from userA final score for message9 = (score + (total/8)) / 2 The constant 8 above is becuase there had been 8 message before. The 2 is arb itrary, and that constant might change (along with switching to a more complex form of the equation). 2 is probably about right though. The effect of this is that a particular message's score is 50% taken from the message itself, and 50% taken from the profile of that sender. So the list becomes an auto-blacklist as well as auto-whitelist (though of course spammers seldom send from the same address twice). Messages which are *really* spammy but appear to come froma legitimate source are not necessarily cleared. This could be useful for both people forging you yourself as sender (as Joey pointed out), or for people spamming while sending from "famous" people like popular list-submitters. C Duncan Findlay wrote: > Date: Sun, 27 Jan 2002 22:50:38 -0500 > From: Duncan Findlay <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: [SAtalk] Forged from header and autowhitelist > > On Sun, Jan 27, 2002 at 10:38:52PM -0500, Joey Hess wrote: > > It's a problem if spammers can avoid spamassassin by forging mail from > > people I've got autowhitelisted, like ... me. > > > > Maybe you shouldn't have been talking to yourself in the first place :-) > > I do wonder about the default score for auto-whitelisting, it seems a bit > high. I think -10 would work fine: that would give my auto-whitelisted > people up to a threshhold of 15, which is a REALLY spammy message with the > new scores. > > This would be more likely to combat cases like Joey's problem. > > _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
