Murty Rompalli wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi
I did get this and other replies from list users! My rule does not assign
a score of 5.0 (threshold to call it spam for sure).
If it assigns
[X] positive scores, it may cause FPs.
[ ] negative scores, it may case NPs.
[ ] zero scores, it's useless
so only tests against real data can tell.
So, an email can
still get a score of 4.0 from my phish block rule and still go through
unless ofcourse you changed the threshold.
That I understand. but the issue is still here. an example is better
than a long argumentation:
<example>
I can also propose a rule to look for
/From: .*qs/
I know very few people with a 'qs' in their email address, so that seems
like a good rule. and if FPs are a concern, one can just lower the
score;-p (or as some like to repeat "_just_ whitelist him")
now, reiterate with "rkf", "iio", ... etc. and you'll end up with
hundreds of (probably useless) rules.
[things become more fun when you get friend with "mailQSinger",
"maRKFowler", "IIOpguru", ...].
</example>
do you see what I mean (or am I still unclear)?
