On Wed, 11 Oct 2017 07:13:29 -0400 Rupert Gallagher wrote: > The problem I see here is the number of people who really want to > push blacklists and whitelists, as if they were a magic thing to add > to their served to catch spam and blame for the failures. Why would > you trust list B and W knowing that they can be corrupted?
It's a matter of evidence, if you see a list hitting 1 in a few spams and no ham it seems relevant to take account of that. Even if a spammer gained control of dnswl the worst they could do is take a few points off their spam. Worst case scenario is that my detection rate in SA would drop to 99.5%. > Are you aware that the > communications between your server and the remote service can be > altered to fool you into accepting a cryptolocker? It's an A record lookup. Is your point is that no-one should every do DNS look-ups? > There are privacy > and secutity considerations that are completely ignored here. Not really, there's no way of knowing whether the look-up was generated from spam or ham. > If you > are serious about e-mail, stop looking for magic. It is a waste of > human resources. I would rather see an open debate and collaboration > on closing the loopholes of the RFC standard while making sure the > servers implementations are sound and complete. That's substantially harder, less effective and not prevented by people doing practical spam filtering. > I speak out of experience, as I catch 98% of spam without any magic. Comparing figures like that is practically meaningless, but FWIW I'm currently catching 99.7% of the spam reaching SA and I consider that poor.
