> <rant> > IMHO, I think finding out if a message is legit carries just as much > weight > as finding out if it is crap. If I can combine x amount of tests to > verify > that it's legitimately from an Exchange server, it would be worth it from > the perspective that I could maybe side line those message for a more > thorough review to see if they are a FP. That, and if a spammer has to > spend time (i.e. money) to figure out how to hit my rule for a small point > knock off, I've at least succeeded in making there life just a little more > miserable:) > </rant>
The problem with negative rules is they don't work. Witness the debacle with early versions of 2.5x, and MSGID_GOOD_EXCHANGE was one of the culprits. The purging of negative rules is even further along in 2.60 which has very few significant negative rules, negative BAYES scores being one of the few remaining, since spammers can't look at YOUR bayesian database contents like they can look at the ruleset. SpamAssassin is trying to detect spam, not ham, and thats as it should be. Any negative rule you can come up with to see if a message is "legitimately" from an Exchange server (or anything else for that matter) can be forged by any spam-mailer author who understands regex's and looks at the rules in SpamAssassin. You don't expect anyone to believe that they could write a multithreaded GUI based mass mailing engine with database backend and not be able to figure out how to fool a simple regex in a publically available program ? Besides, whos to say no-one ever spams through Microsoft Exchange ;-) Regards, Simon ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
