On Tue, Sep 29, 2009 at 10:05:57AM +0200, Raymond Dijkxhoorn wrote: > Hi! > >>> Ouch, from your point of view it might be fine, but we see strange stuff >>> with DNSWL allready i certainly would not use this to shortcircuit >>> things. > >> What exactly is the strange stuff you see with DNSWL? >> >> Granted, I'm not processing millions of messages, only tens of thousands, >> but I'm not seeing anything fuzzy. I basically shortcircuit on DNSWL_MED and >> DNSWL_HI, when there aren't any suspicious rules hit (ClamAV/Sanesecurity, >> relay from africa, bayes over 60 etc). The FP rate is abysmally low. > > The regular things, whitelisted servers sending spams. So > shortcircuitting isnt an option for those and its also not whaqt DNSWL is > about. they WL sender mailservers, those could be an ISP also. You dont > want to shortcircuit them and say hey, someone put it on his whitelist, > feel free to spam me.
Bad big mailservers sending mixed stuff are not supposed to be on MED/HI lists. If they are, you are supposed to report it. So I kind of disagree with you. I would imagine most people see <0.5% FP rates, even without any further meta checks.
