Paul Myers has some reasonable complaints, he argues against ISP's installing mail filtering without notifying their users or providing an opt-in / opt-out. That's a very valid problem and probably opens that ISP to liability.
He also seems to fail to grasp that many spamassassin users are installing it on their own systems for personal use. Craig Hughes wrote: > On Sat, 2002-04-06 at 20:55, Paul Myers wrote: > >>>1. SpamAssassin does not block mail. There is no facility >>>for blocking or bouncing mail in SpamAssassin, and blocking >>>or bouncing is highly discouraged both in the documentation, >>>and on the SpamAssassin mailing list. >>> >>I'll adjust the article to say "Tagging." Perhaps your end >>users aren't paying as much attention to your recommendations >>as you think. In the example I described, the software >>involved was SpamAssassin, and the mail was in fact blocked. >>To be more precise, it was discarded. >> >>Technically different from an SMTP language standpoint, but >>not from an end-user perspective. >> > > Actually, I'd say it's quite different from an end user perspective. > Bouncing would mean that at least the sender got notified there was > something going on. Silently discarding violates all kinds of mail > delivery guidelines and RFCs, and is a really really bad idea. If you > let me know what ISP it is that's doing that, I will gladly help you to > get them to change their practice. > > >>>2. Not having a Reply-to header is not a rule. Having a >>>Reply-to header which has no address in it is the rule I >>>think you're referring to. >>> >>That's not how it read to me in the explanation, but I'm glad >>to hear that, and will remove that from the article. Yes, that >>is MUCH more unlikely in legitimate email. Thanks for the >>correction. >> > > I'm guessing you read the web page which just lists the rule > descriptions, rather than looking at the code for each of the actual > rules -- there are a number of rules which have somewhat misleading > descriptions. That's why it's always good, before writing vitriolic > attack articles on a piece of software (or anything really), to contact > the publisher/author in order to get a better sense of whether your > first impressions are likely to be true or not. > > >>>And then, under the default configuration, the message >>>subject will just get tagged to indicate that SpamAssassin >>>thinks the message is spam. Nothing gets deleted or >>>bounced. >>> >>I'll correct that. So, this means that the ISPs involved >>actually went out of their way to redirect mail that >>SpamAssassin tagged as spam to the bit bucket. >> >>That will be of great interest to the publisher involved. >>She's seriously considering a lawsuit, and that will very >>likely add to her "Sue the bastards" column. >> > > I can't speak for what the ISP in questions did or did not do, nor to > what their terms of use say they are allowed to do, etc. SpamAssassin > can be hooked into email systems in a very wide range of ways (it is > designed to be flexible). The way you're describing it being used is > not prescribed, and is in fact strongly discouraged. > > >>>4. SpamAssassin exposes many different ways for ISPs to >>>ensure that their individual users can control the way their >>>incoming mail is analyzed. >>> >>And many different ways to lose mail, nonetheless. >> > > We try very hard to make sure that SpamAssassin cannot cause mail to be > lost. If some other piece of software respond to SA's tags and deletes > the mail, you can't really attribute the problem to us. It's a misuse > of SpamAssassin to do such things. Well, in most cases anyway. There > might be some legitimate times to do that (say maybe while cleaning an > old mail archive or something). > > >>>[snip] but I just want to try and make it clear to you that >>>while I'm at the helm of the SpamAssassin project, I will >>>continue to endeavor to make sure that SpamAssassin >>>minimizes tagging of nonspam as spam. >>> >>I have no reason to doubt your statement of intent. I'll >>adjust the article to note that you claim this. However, I >>will continue to strongly recommend against any sort of >>content filtering which isn't left entirely under the control >>of the user. >> > > It is left entirely under the control of the user, if the ISP exposes > the controls that SA provides. We try to make that very easy for ISPs > to do by providing a range of ways to effect this exposure. > > >>I will also strongly urge people to leave any ISP or service >>provider who moves email into separate folders. In practice, >>this has always shown itself to end up in lots of mail being >>lost because people simply don't think to check those separate >>folders. >> > > Well, I'd say that's a user education/UI issue really. I file my > incoming spam into a separate folder, and when I run > Outlook/pine/Evolution, which are the 3 mail clients I use, my "Junk > Mail" folder is highlited in bold, with a number of messages appearing > next to it, whenever my mail delivery system files something into that > inbox. And it's not just me that's able to use the system effectively > (being a geek) -- my fiancee (a teacher) and mom (retired/homemaker) > neither of whom are geeks, are perfectly able to find messages that are > "false positives". > > >>I wonder... Do you participate in many business discussion >>lists? If so, would you take the time to check SpamAssassin's >>tagging of some of the posts? Look especially for "spam signs" >>in the signature files of many of the posters. You'll be quite >>surprised, I think, at the number of high scoring false >>positives that simple sig files will generate. >> > > Currently no, I don't. I do receive and send a lot of business email > though: discussions with attorneys; discussions with accountants; > discussions with customers; price lists; contract negotiations; support > information; etc. All of these do have "spam-like" features to them, > and I feed them into the genetic algorithm which determines the scores > for all the rules, helping to reduce false positives. Oh by the way, > the "$$$" rule you mentioned as being a sign of spam? That has a > *negative* score associated with it. Which means it's a sign of > *nonspam*. > > >>>The overall tone of your essay indicates I'm some kind of >>>raving anti-spam bigot who's intent on enforcing his will on >>>the world's email. >>> >>Not you. The person who wrote "Profit is dirty." >> > > Well, I'm not sure even that's true. I expect "profit is dirty" was a > joke. > > >>That should be fairly clear in the context. The Internet makes >>it very simple to distinguish between a joke and a political >>statement. >> >>No such distinction was made. The presence of things like toll >>free numbers and other items that are clearly hallmarks of >>legitimate business correspondence does tend to support the >>rational belief that the author meant exactly what he said. >> >>However, I'll be happy, as I said, to amend it to reflect the >>claim that it was a joke, and point out that it's in extremely >>poor taste in this context. >> >>I remain unconvinced that he was joking, but that's purely an >>opinion. >> > > I expect the comment arose while he was going through and describing all > the rules (rule descriptions in plain english, as opposed to being > regular expressions) happened only recently in the project's history. > At some point, we went through the ~400 rules and attached descriptions > to each, based on the code of the rule. As you can imagine, doing this > for several hundred rules can be somewhat tedious, and one tends to make > fun of spammers and the patterns that appear in their emails while doing > this. > > >>>If you do not do so, I will take it as a sign of malice, and >>>will proceed accordingly. >>> >>Ah, yes. When filters don't work, bring out the lawyers. >> >>I'll adjust the page because there are facts involved and I >>prefer to represent things accurately. >> > > Thanks. > > >>Malice would be more than a little difficult to prove, Mr >>Hughes, since there is none involved. And frankly, I prefer to >>believe that your intentions are good and your software is >>simply misguided and being misused. I have no reason to >>believe otherwise. It's been my experience, as I mentioned in >>the article, that most spam fighters have very good >>intentions. Lousy results, but good intentions. >> > > Given that you seem open to adjusting your page to clarify this, I am > very willing to believe there's no malice. I wasn't intending to break > out the lawyers, just to make it crystal clear I thought you were > misrepresnting things (and I believed you were doing so > unintentionally). I wanted to make sure that you were clear that once > these things had been pointed out, you would be clear on the facts, and > that if in spite of that, you continued with the same claims, that would > be a bad thing. > > >>Otherwise, I'd happily spice it up even more, and welcome the >>chance of a lawsuit, simply to bring more attention to the >>issue. >> >>The revised version has been posted. The errors you point out >>have been corrected. And the fact that this is a collaborative >>effort required changes in the commentary. >> >>If you still think it's defamatory, you're going to have to >>bring on the sharks, Mr Hughes. >> > > I hate sharks, and have only ever made use of them defensively. > > Thanks for your clarity and your response. Some who pointed me to your > article made it sound like you were a raving anti-anti-spammer, but in > reading your original piece, I thought there was a chance you were being > more insightful than that, and that you would respond to a rational > discussion of the issues you raised. I'm glad that I seem to have been > right. Again, I'd like to offer my help in getting any wayward ISPs to > make better use of SpamAssassin, and if any of your > readers/friends/relatives/colleagues/etc would like help in discussing > this with their ISPs (who might defensively take such folks for > anti-anti-spam crackpots), please do let me know if I can be of help. > > C > > _______________________________________________ > Spamassassin-talk mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk > -- ================================= Paul Rushing [EMAIL PROTECTED] ================================= _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
