On 30-Apr-2009, at 09:40, Charles Gregory wrote:
On Wed, 29 Apr 2009, LuKreme wrote:
On 29-Apr-2009, at 15:31, Charles Gregory wrote:
Apologies for original brevity, but my comment was a criticism of
the proposal to start weighing *all* mail from a specific sender
according to whether the IP was the 'most common' used for that
address.... Essentially changing it from what you state above.
But the only way it would really penalize a legitimate sender is i
there mail is quite sammy to begin with.
This statement is untrue in the context of the OP's suggestion to
START
weighting one server IP be based upon the scores from OTHER server
IP's. Please read the original post if this is unclear. I quoted the
relevant portion in my critique.
I am the OP.
First off, I suppose that if you get real mail from someone who has
only ever been seen as a spam sender, then yes, the first mail would
be penalized. But is this ever the case?
Let's lay out the logic here:
1 Check AWL
2 AWL is positive or does not exist
a Check for other AWL entries using same address but different hosts.
i If there is an AWL with a negative score, then multiply by
-0.2 and add to score
ii If there is an AWL with a positive score, under 5.0, then
multiply by 0.1 and add
iii If there is an AWL with a positive score over 5.0, then
multiply it by 0.4 and add
b go to a
c if total amount added is over some threshold, normalize on that
threshold (3 points? 5? 8?)
3 AWL is negative
{ crickets }
Maybe it makes sense to only do this check if the message has at least
scored positive?
So yes, if b...@example.com has never emailed me except for a bunch of
spam, then yeah, the message is going to get bumped up in its score,
but how often does that happen? Does that ever happen?
Also, lets say b...@example.com sends a message after a bunch of spams
have been sent, and say that message scores -1.0, plus an AWL
adjustment of 5.0 based on the above.
Well, now b...@example.com has his own AWL entry, and it's at -1.0
since AWL scores are not counted toward the AWL, right?
(of course -0.2 and 0.1 and 0.4 are just numbers I made up, and I'm
not suggesting these are the appropriate numbers).
The point is (as it seems to me) that people who send mail from 'accou...@bankofamerica.com
' from their botnets will very quickly scale up the AWL modification
to the maximal threshold.
This all assumes that the server that is checked is the last non-local
server (that is, the first one listed in the headers in typical order)
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
by mail.covisp.net (Postfix) with SMTP id 27D5A118B989
for <krem...@kreme.com>; Tue, 28 Apr 2009 11:14:30 -0600 (MDT)
140.211.11.3 should be the server checked because it is the only non-
local server who's address I am sure of.
--
Imagine all the people
Sharing all the world
