Vernon Schryver <vjs(_at_)calcite(_dot_)rhyolite(_dot_)com> wrote:
Concerning false positives for this mailing list--it would be wise to
define what mail is legitimate. In many places, you must accept at
least 99.9% of all even remotely legitimate mail. However, this context
is different. Here a boolean "good/spam" is simplistic and wrong.
Instead we have a spectrum:
1. on-topic messages from subscribers
2. on-topic messages from non-subscribers
3. noise from subscribers
4. noise from non-subscribers
5. pure spam such as advertisements for loan sharks
Agreed that these categories exist. Alas, we cannot necessarily tell
them apart. :^(
In this list, only #1 is clearly "good."
I'd greatly prefer to avoid flame-wars about how much difference
there is between #1 and #2...
Personally, I consider the question pointless because we don't have
any dependable way to tell them apart. Please realize how trivially
easy it is to harvest poster addresses from archives and forge those
as From addresses.
It is good to avoid rejecting #2, but there is surely no harm in
sometimes delaying #2.
I do not agree that there is "surely no harm". (But I'd _really_
rather not argue that question.)
If the senders of any rejected or "false positive" #2 received an
informative non-delivery report so that they could retransmit, what
would be the harm?
I _won't_ discuss the possible harm...
But Vernon's point that a prompt non-delivery report minimizes the
possible harm is an excellent one.
SpamAssassin is reported to be better than 60% accurate. #2 is surely
rare compared to #1. Thus, as long as SpamAssassin white-lists all
subscribers, there would be no harm in the occasional rejection of #2.
This is where I must disagree. Whitelisting something as easily
forged as the From address is simply wrong -- and if it is published
rule, we're sure to see spammers forging whitelisted From addresses
as their standard operating practice.
If, OTOH, Vernon would like to whitelist the combination of From
address and IP address of the sending SMTP server, that could be a
very worthwhile practice, virtually immune to spammer forging.
John Leslie <john(_at_)jlc(_dot_)net>