Quoting Theo Van Dinter <[EMAIL PROTECTED]>:

> If you learn a message that has already been learned as the opposite
> type,
> SA will auto-forget it before learning the way you specify. :)

I understand this, always have. This is what I usually do. I only did this
is because I wanted to learn over a different message than the one that was
auto-learned (different because I removed the habeas mark). 

> 
> As for removing the Habeas marks ...   I wouldn't do that, since they
> are,
> in your case, an indication of spam.

It's either a good indication of spam, or it is a good indication of ham.
Either way, i don't think autolearn should take it into consideration (more
on this later).

> 
> It's default if you enable network checks (it's an RBL). :)

Ah, ok. I usually set up any RBL checks at sendmail and not at SA. I
couldn't find any info about the RBL on habeas's site...is it in a different
RBL somewhere? How can I find out more about it? I already block using SBL
and XBL...will those catch it?

> Well, this is less a question of "should it be autolearned" and more
> of a "how good is the Habeas system"...  In the perfect world, it's
> not forgable/misused and you would always accept it as a sign of ham,
> and therefore autolearning is desired.
> 

Agreed. However, it seems we should at least assume spammers will try to
attack the Habeas model, and act accordingly.

> Since we don't live in the perfect world, the question is: can the
> Habeas folks act fast/complete enough so that forging/misusing the mark
> is completely minimized?  If they can, then there's not a huge issue --
> yeah, some spam will get through, but they'll quickly be squashed and
> there you go.  If they can't, then their whole business plan fails as
> people start ignoring the mark, and again no problem since the SA rules
> would go away.
>

I agree with all this, but what I'm worried about is my bayes database being
posioned in the meantime. This has already happened with the [EMAIL PROTECTED]@ or
whatever emails, they have been auto-learned as ham 15 times since we last
talked--i'll bet you anything the guy could send one now without the Habeas
mark and it will get thru on bayes scoring alone. I've finally got things
straightened out I think, and I've had to disable the habeas mark checks in
my local.cf by scoring them at 0.

Consider: With the current scoring, If an email has a habeas mark on it, it
doesn't really need to be added to the bayes database as the habeas mark
will always pull down the score low enough to mark it as ham (except for the
most extreme cases). So we don't really need to add those particular
messages to the ham database anyways, as good as ham examples as they may
be. On the other hand, if spammers try to abuse the habeas mark by sending
out buckets of spammy emails with a forged mark, even after habeas fixes the
problems, we're going to be seeing FNs forever more because now all that
spam looks like ham to bayes. I'm just saying, the auto-learn for
habeas-marked emails should be thought about...I don't see really any
downside to removing it (or making it user configurable), and I see a lot of
upside.

Regards;

DaC



-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to