Marc Perkel wrote:
Henrik K wrote:
On Sun, Oct 11, 2009 at 01:10:17PM -0400, Adam Katz wrote:
Here are the default scores for the DNSWLs I know of:
RCVD_IN_DNSWL_LOW 0 -1 0 -1
RCVD_IN_DNSWL_MED 0 -4 0 -4
RCVD_IN_DNSWL_HI 0 -8 0 -8
RCVD_IN_HOSTKARMA_W -5 # (nondefault rule, Marc's suggested score)
You have to remember that Marc is automated and as such can never be as
fully trusted as DNSWL which has a completely different listing criteria. I
have to admit W is getting better though, nearing DNSWL_LOW rates. I'd like
to see many levels of W though and not just a single lump.
RCVD_IN_BSP_TRUSTED 0 -4.3 0 -4.3
RCVD_IN_IADB_DOPTIN_GT50 0
RCVD_IN_IADB_ML_DOPTIN 0 -6 0 -6
RCVD_IN_IADB_VOUCHED 0 -2.2 0 -2.2
RCVD_IN_SSC_TRUSTED_COI 0 -3.7 0 -3.7
These practically don't exist, if you look at ruleqa.
For what it's worth there are really only 3 serious white lists on the
planet. I'm surprised no one is
testing the emailreg list.
I'm not.
There are dozens of black lists. Doing white
lists is actually easier than doing
black lists because there are thousands of servers out there that send
nothing but good email. That have
good FcRDNS, they are static, and unlike the black lists IPs they aren't
trying to be evasive. It's low
hanging fruit. On my servers if you are white listed your message just
sails through the system.
One of my beefs with the spam filtering community is that there is too
much focus on detecting spam and not
enough focus on detecting non-spam. We need more white lists and we need
more white rules.
All of that is quite true.
A lot of what
I'm doing is because no one else is doing it. I'd love it if other
people would get into the white list
business and do a better job than me. I'm really good at coming up with
new and original ideas but others
are usually better at implementing them.
I'd love to have sources of IPs that send nothing but good email. It
would be trivial to set up a system to
detect that and to collate results for several trusted reporters. If I
have some people who were interested
we could set something up and a lot of good email could sail through the
system with better accuracy.
Human nature is to expend effort going after the people who cause
problems rather than giving "Attaboys" to the people who aren't.
Be patient, though. We still have not got to the point that adding
spam detection rules to SA is in the region of diminishing returns.
Spammers by and large are still dumb as posts and sending mail that
a child of 10 can recognize as spam.
Give it another decade, when the day comes that you can no longer
detect most spam merely by reading the subject line, but instead you
have to open it, that's when more attention will be paid to this issue.
Ted
