Axb <axb.li...@gmail.com> writes: > On 02/04/2014 05:55 PM, Alessio Cecchi wrote:
>> Since this whitelist does not respond to reports of abuse I think it
>> should be considered whether to keep it active in spamassassin.
> SpamAssassin is a framework - nothing stops you from disabling rules
> locally.
This subject recurs, with various whitelists.
While it's true that users can disable rules, the project-specified
rulesets should be chosen carefully. The basic approach is to obtain
scores by analyzing ham/spam corpora. For most rules, that's entirely
appropriate. When there's a whitelist that takes money from
organizations that are listed, it's a more complicated issue. As I've
said before, my view is that SA should have a policy about whitelist
rules that says, basically:
any whitelist in the default ruleset must
1) publish listing criteria
2) publish contact information in the SA wiki for the rule (and it
should appear in the long-form "spamassassin -t" output as well)
3) effectively respond to complaints of spam coming from whitelisted
hosts, by either removing them or ensuring that the spam stops
I have had a number of experiences complaining about spam from
whitelisted hosts, and (with the exception of hostkarma, which is not in
the default ruleset) found many of my experiences to be unsatisfactory,
to the point that they were escalated to publically discussing the
issue.
pgpxNKBguV058.pgp
Description: PGP signature
