Henrik K wrote:
On Wed, May 20, 2009 at 01:41:12PM +0100, Mike Cardwell wrote:
Ned Slider wrote:
I've also just recently enabled these lists in SA so am still in the
very early stages of testing. I initially did get one FP hit against
the whitelist (spam message sent through an ISP smtp server in the
whitelist)
Can you let us know what that IP is please? Then Marc can explain how it
managed to get on the whitelist. No ISP SMTP server should be in a
whitelist imho...
Don't waste time getting too much on Marc's case. We all appreciate the
enthusiasm, but most of us do know that the lists are too wide, too little
processing, beta stuff (just try some spammy domains on the name based
lookup, most of them are NOBL? heh?) etc. On my little finnish userbase
there's astounding amount of FPs on newsletters, local ISP servers etc. To
actually successfully pull off all the white/yellow/grey/pink/brown stuff,
you probably need feeds from every single country in the world and
intelligent processing. Now it seems just too brute force.
If someone really wants to help, try to work with him to better the stuff,
off-list. Every month Marc is advertising his stuff here and then we go
again. ;)
Better if something is wrongly white listed than wrongly black listed. I
do have rules to generate an ISP list but it doesn't catch them all. And
I can usually tell the ISPs server from the dynamic space.
Basically what I do is if the domain has dynamic space I record that. If
the message sender matches the ISPs domain then I assume that is the
server and it gets a yellow listing. But - nothing is perfect.
