At 10:49 2005-07-27 -0600, Lloyd Standish wrote:
the temptation is to blacklist the sender address of every message
identified positively as spam.
Email addresses are a SMALL factor in identifying spam. There are so many
other characteristics - most capable of being identified in the headers -
that you can pretty much ignore addresses, except perhaps adding filters
for "spammy" marketing addresses and From: (not envelope) addresses which
contain unresolveable domains. Of course, having a blacklist of spammy
domains is fine.
Otherwise, by utilizing the sender's address and adding it to a database,
you're furthering the backlash from joe-jobbing and forgery.
But since some spam contains forged sender addresses, this might blacklist
some "innocent" people's addresses. Of course, it is not likely that one
of these would initiate an email correspondence with me.
Not true - increasingly, spammers are using spyware to harvest email
addresses from computers (in addition to turning those machines into
zombies to send spam for them), and in that process they're harvesting
addresses which are more likely to have a correspondance with you. The
idea is if the spam comes from an address which already corresponds with
you, it's likely to be in your whitelist already.
If it appears to be from a family member or business associate, you're more
likely to open it, and of course, you can't use the simplistic tools some
ISPs give you for "block this sender" without cutting off legitimate
correspondance with that person.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail