At 06:11 PM 8/25/2004 -0400, you wrote:
Matthew(_dot_)van(_dot_)Eerde(_at_)hbinc(_dot_)com wrote:
Nah. Create SpamAssassin rules like
SPF_FORGERY_PROBABILITY_UNDER10
SPF_FORGERY_PROBABILITY_10TO40
SPF_FORGERY_PROBABILITY_60TO90
SPF_FORGERY_PROBABILITY_OVER90
that are worth positive or negative points.
Okay, I get it. But I don't see it as a big win.
Go to Paul Graham' web site ("creator of bayesian anti-spam") and see says
emphatically "never ignore data".
If I'm to the point
where I'm running SpamAssassin, that means I've at least already gotten
to the DATA phase of the connection. In that case, there are better
tools than SPF at my disposal, like Bayesian filtering.
If any spammer actually understood bayesian, they could defeat it 100%
instantly with a very trivial algorithm, as I have explained:
http://forums.speedguide.net/showpost.php?p=1386422&postcount=126
To the degree Bayesian is correlating data in the headers, then the above
algorithm does not apply. But I bet spammers could at least reduce Bayesian to
80% effective (which is unacceptable).