me> Using the -t flag I'm told the USER_IN_WHITELIST test contributed a
me> -100 to the hits. Unfortunately, I don't have any ebay.com
me> addresses (or glob patterns involving ebay.com) in my user_prefs
me> file.
Craig> How many have you seen? I suppose it's probably our fault;
Craig> spammers are probably forging those domains precisely to bypass
Craig> SA. It might well be time to remove 60_whitelist.cf
The one I reported was the first one I noticed since I've been using SA, but
that doesn't mean much. Many times if spam leaks through, I don't pay much
attention to who it's from or why it didn't get caught. I just hit Shift-F7
which is bound to an Emacs macro that blacklists the address and invokes "sa
-r" on the message.
After I was told what is going on I looked at 60_whitelist.cf. It says, in
part:
... it also helps that they be addresses of big companies with lots of
lawyers, so if spammers impersonate them, they'll get into big trouble,
...
I think this assumption is false. The lawyers at most big corporations have
enough to do without worrying about some bozo who bought a CD with a million
email addresses for $49 and then forged the From: field to appear like it
was coming from ebay.com. Remove that assumption and I think you remove
just about all justification for having that file.
--
Skip Montanaro ([EMAIL PROTECTED] - http://www.mojam.com/)
"Excellant Written and Communications Skills required" - seen on chi.jobs
_______________________________________________________________
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL PROTECTED]
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
