-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Håkon,
Wednesday, September 17, 2003, 2:39:35 AM, you wrote: H> I'm using spamassassin, and got access to an account that as A LOT of H> spam which I'm testing SA on. The results are very good, as to SA H> identifying spam mail. I rely on several myself -- they often serve as an early warning system ... a false negative through them allows me to sa-learn or do whatever is needed to catch the spam before it hits a real user's address. H> I'm wondering about the following: H> - When SA tags a mail (as most configs I've seen out there does) - H> does it delete the mail after 'learning' about the spammers? SA never deletes email on its own. Systems that employ SA may do so, but they need to do so outside of SA, by reading SA's output headers or result code. H> - Will the user receive just as many mail, but 95% of the mails he H> receive are spam mail - hence just tagged, and not removed? With a default installation, the user will receive all of the email, including all of the spam, but with the spam flagged. There are several methods of flagging: * option: change the subject header to indicate ** SPAM ** * option: Encapsulate the original email and make a spam warning the main body of the email. * always (I think): add headers to the email which identify whether SA things the email is spam or not, and how likely it is to be spam or not-spam. H> - Is it recommended that I set up SA to drop any mail that classifies H> as a tagged mail? Instead of tagging, I could simply nuke the mails. No. I strongly recommend (as do many others) that email NOT be automatically dropped or deleted. Though they are rare, the occasional not-spam email gets flagged as spam. The only way to a) know this has occurred, b) prevent future occurrences, and c) recover the mis-flagged email, is to keep that email available somewhere, somehow. First false positive I ever received was official email from my domain host, giving me information concerning how to manage the domain on their server. I'd have had severe problems if that email had been lost. Lose an automatic spam-looking mailing from a mortgage company notifying their actual customer of a due payment or other important information, and you may end up causing serious problems for that customer. H> It's pretty usefull to tag the mail, but it's very useless if it H> persists. The user needs to get rid of the mail. I hope you guys can H> help me out here. I use two methods: 1) Some users get all email regardless of spam flag. These include my father (paranoid about missing something important) and myself (able to tweak the system any which way I want). Email clients then filter the spam into folders where real email can be readily dealt with, and spam can be reviewed at our leisure to make sure it really is spam. 2) Some users get only email not flagged as spam. Their spam-flagged email gets redirected into a spam-trap which I collect along with my own email. I review the spam for them. If I see any obvious false positive, I modify the SA setup as needed to identify the email as not-spam, and redirect it to the user. If I see anything which looks like it might be a false positive but could also be spam, I let them know what I received and let them determine whether it's spam or not. Bob Menschel -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBP2k4e5ebK8E4qh1HEQL53wCdH5F4+3GgxRr5dc57ZywtXQ6en7UAn3yN lxLPkakZS7j4PJgJOrgD4BHo =brx8 -----END PGP SIGNATURE----- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
