On Jul 30, 2006, at 5:18 PM, jdow wrote:
(You DO review your spam mailbox before
tossing the spam, don't you?
Sort of... what I do (at home) is:
0) MIMEDefang rejects anything that scores >= 10. MIMEDefang also
rejects anything that doesn't have a PTR record, or has a PTR record
that doesn't match an A record, or whose valid PTR record looks like a
dynamic hostname (has 2 octets of its ip address in the hostname, has
the words "dynamic", "dsl", "cable", "dhcp", or "dial-?up" in the
hostname). (in other words, anything that looks like a random
spam/virus zombie that ought to be going through their ISP or
organizational mail server, instead of connecting directly to me) I
make exceptions for local IP addresses and SMTP-AUTH.
1) when a message marked spam comes in, it not only goes into a folder
for Spam, I get a report (in my Reports folder) that tells me the
sender, subject, and time/date of the message. That way I can quickly
decide if it's worth looking into without having to actually wade
through my spam folder.
2) if I don't fish the message out of the spam folder within 3 days, it
gets submitted for AWL (+100) and Bayes, as spam (yeah, I know, don't
need to do that ... but it makes the spam that much more spammy), via
cron job. Then saved into an archive for retraining my bayes db later,
if I ever need to do that. (whenever SA changes db formats, basically)
3) any time spam leaks through, I drop it in the Spam folder. After 3
days, it gets handled the same as item 2. Doesn't really tickle my
"instant gratification" desire to have it learn immediately, but I
haven't had too many problems with that (I might get the same spam 3-6
times in the next 3 days ... when it's REALLY bad ... but considering
that in the normal course of life, I get maybe 1 FN a week ... _MAYBE_
... that's not so bad).
4) for a FP, I have 3 days to fish it out, and put it into a different
folder (that will get processed that night for AWL (-100) and Bayes, as
ham, and then dropped into my inbox). So far, I have only done that
with one or two messages in the last 3 or 4 years.
So, no, I don't actually review the spam messages directly, most of the
time. I review a small set of information about the message, and
decide from there if it might be important enough to interfere with.
Otherwise, I let automation take its course.
At work ... I'm trying to get them to let me start adding these
features.
