Jim Maul a écrit : > > Exactly. Since spam is not very black and white (like viruses) it is > very difficult to detect. Especially since one persons ham is anothers > spam. Deleting these messages entirely could be dangerous. Now if you > tag at a certain score, and delete at a much higher score, this may be a > workable solution.
even this is risky. If a sender uses a broken MUA (malformed html or mime, invalid headers, bad/unnecessary quoted-printable, NO_REAL_NAME, ...) and relays via a "bad" ISP (listed in many BLs, adds advertizing footers that resemble those found in spam, ... etc), then the score can get higher than one excepts. And if one adds rules that seem so natural, the situation can get worst. I remember adding rules to catch '&' in URIs. This seemed great until I got an FP. I then looked more at my rule and found a bug. Or perhaps just put all spam into a separate folder > that can be searched for false positives. > yes, I prefer this. If needed, one can use a script to run SA, possibly with a different config, adding "unsafe" rules, to sort the spam into few groups, and deal with each group.
