My name is Ron, and I run a mail server.
I wanted to mention something that I've started doing to help those
of our users who just barely can do email much less discriminate
email spam from the packaged meat product. This idea may not be new
at all but Justin Mason suggested that I go ahead and post it to the
list.
To our users, I've introduced the concept of a private keyword. This
keyword is quite unique and will cause the responder's email to get
-100 points in the private keyword rule. I've instructed them to put
the private keyword in the bottom of their signature. It is very
inconspicuous and looks like text that a mail server might add to all
outgoing mail.
At first I suggested that they simply send to their contact lists a
request that they respond to the email (with the private keyword
inserted) without changing it. Now I have suggested they just all
keep it in their signature for all their communications.
What is then happening is that their contacts are getting a high
negative score in the autowhitelist sql database. This has prevented
legitimate email from being snagged by spamassassin many, many times
I personally hate the greylist/whitelist approach where you have to
click on a link to be authorized to get your email through to a
person. It is uninviting and intrusive, and even seems rude. I
certainly understand the reasons though. But the one thing users hate
more than spam, is not getting their legitimate email. So I'm trying
to be proactive in their behalf.
What I'm doing with the private keyword is really an autogreylist/
autowhitelist of sorts. It has the same end as the web link
confirmation, but it is not intrusive and is actually specific to my
server. The private keyword can change when I want it to change
simply by changing the private keyword rule and having my users
change it in their signature.
There are some problems though that I've encountered. First, the
autowhitelist entry is specific for each of our users and the same
email address can have both negative and positive scores for
different users. I understand why that is of course and that the
autowhitelist by design was not intended to account for this most
likely. The other is email aliases (which I personally discourage)
which have to have separate entries.
I was wondering about anyone's thoughts toward having a real
autogreylist database as part of, but separate from, the
autowhitelist in SA? Or even if you think this is all a bad thing to
do in the first place. The appeal for me is that I can hold a tighter
line for what is marked as spam but still make sure that our users
get legitimate email. Our users already have the ability to do manual
whitelisting via our website. I wrote the Squirrel-SAP/sql 1.0.5
plugin for SquirrelMail in fact which has a very easy-to-use and
instruction-laden page specifically to help them, but dog-gone-it
some of them are just net-challenged and others are just lazy about
their own email.
The advantage of the signature placement that I see is that it is
absolutely a no-brainer for our users, and in the course of their
normal communications, their contacts become protected more and more.
Their own email 'world' really becomes more their own if you will. If
it became a widely used concept, then it would also always be
specific to each mail server or even each virtual domain.
Best regards,
Ron
