Bret Miller a écrit : > > They have rationale. You can read it. They do not, however, as far as I > know, state exactly what makes them think a message they receive is spam > or legitimate. > > To quote them: > > "MXRate is not really a blacklist in the traditional sense. Our system > analyzes data submitted using automated procedures. It calculates a > probability score based on the overall message sending pattern of any > particular server and that is used as a basis of an opinion as to > whether or not the address is a source of spam. What we do is publish a > recommendation based on that opinion. Certainly, we can publish a > recommendation that the message be blocked or highly penalized, however > we can also recommend that it simply be treated with suspicion, or even > treated as a known source of legitimate mail." > > "MXRate does this differently. First, we do not accept subjective spam > reports. Secondly, not only do we track spam, we also track legitimate > email. This allows us to evaluate the current sending patterns of a mail > server. In the example above, the ISP would undoubtedly have some > statistics being maintained by us on the ratio of legitimate messages to > spam messages, and their recent frequency. So while the spammer might > have caused a temporary "block" recommendation, this would probably only > last a few hours after the spamming stops." > > "So, in other words, our intention is not to provide a database of > addresses of anyone who has ever sent spam, it is to provide a database > of addresses currently sending spam." >
I see. I'll have to take a closer look. thanks for the info. > > >>ahah. so you have evidence that it fkags legit mail, but you still use >>and recommend it??? > > > Indeed I do. And SpamAssassin itself includes and uses by default a list > based on SpamCop, which is notoriously unreliable at determining exactly > what is spam and what is not, because it's based on the reports of > average users many of whom don't understand the difference between "a > mailing list I know longer want to receive" and "unsolicited bulk > e-mail". > I agree here. I do know that some people submit as spam mail they didn't check (including mail sent to mailing lists). but, I've seen worst: I lately received a "complaint" from a wanna be spamcop system, a complaint sent to postmaster (instead of abuse) for a message I sent to an ML, and the message was a bug report (it was probably too short for one ML subscriber who apparently doesn't understand english) which could easily be found in the ML archives. of course, they didn't even check the Received headers (which clearly showed that the message was forwarded by the ML system). and more fun: they obfuscated some of the data, but left enough infos to determine the submitter. Now, spamcops has automatic expiration, which somewhat keeps it [almost] usable. Anyway, I'll disable it soon. > Whether something increases the spam probability on some small > percentage of legitimate e-mail isn't the determining factor in whether > it's useful in determining the probability that a message is spam or > legitimate. The SpamCop list is still useful because, it flags > considerably more spam than ham. You wouldn't want to score it at 5.0, > because there are false positives. But there's no reason why you can't > use it. > > These lists are really (as far as I'm concerned) about the same as > flagging certain words or phrases or message headers as "more likely to > be in spam". > > > So, in your world, if a rule, or blacklist ever hits on legitimate > e-mail, it shouldn't ever be used again? That's not what I meant. so let me clarify my opinion: - if I don't understand how they list, I don't use their list - if they do nothing to fix FPs, I don't use their list - and whatever their listing policy is, if the ratio of false positives isn't minimal, then I'd say no. otherwise, randomly removing 1 of every N messages will remove enough spam with no overhead (N=1 removes all spam). Many spam IPs are listed on Blars and Sorbs. but I won't use these. Of course, surbl/uribl do have FPs, but they will fix the issue as soon as they know. so it's not just a "current ratio" issue. The policy is important.
