Hello Christoph, Saturday, January 15, 2005, 7:08:44 AM, you wrote:
>> Can you forward me a few complete emails with headers, non-spam, that >> demonstrate this? CMT> (My contribution to The Corpus was sent off-list). Received and applied to the corpus. Thanks. >> SARE rules are built from our experience, and scored according to the >> emails in our corpora, and none of us had any non-spam with that >> characteristic. If you can send us some for inclusion in my corpus, >> that will give us the evidence we need to handle this correctly. CMT> Scrolling through header0, I noticed some other domains which could CMT> belong to ISPs. Of course they just might have a lot of spam bots CMT> on ther customers' computers, as almost every ISP has now. CMT> Would some investigations on the true origin of these domains CMT> help improving the rules or is there just too much spam and nearly CMT> no other mail coming from these ISPs (most of them located in south CMT> america)? At the very least, that investigation can be documented in #note lines, which will help us know what to do if/when we eventually have a non-spam from such domains. So that would be good. I've been concerned about the domains that are ISPs but that generate nothing but spam as far as we can tell. An example would be virtua.com.br, as applied in the SARE_RECV_VIRTUACOMBR rule. I'm thinking that perhaps these should be converted to meta rules, something along the lines of header __SARE_RECV_VIRTUACOMBR Received... meta SARE_RECV_VIRTUACOMBR __SARE_RECV_VIRTUACOMBR && ! ISP_SPAM_OK_BR where ISP_SPAM_OK_BR is normally not defined, and therefore (under SA 3.0) the meta will test strictly on __SARE_RECV_VIRTUACOMBR. Someone who wants to turn off all *.br spam rules would then simply define meta ISP_SPAM_OK_BR 1 or something like that. Comments? Bob Menschel
