On Tue, 18 Oct 2005, Alex van den Bogaerdt wrote:
On Tue, Oct 18, 2005 at 05:01:06PM -0400, Stuart D. Gathman wrote:
3) Incoming mail that
a) matches the whitelist
b) gets a SPF pass (including with heuristics like best_guess)
is never rejected due to content. It is used to train DSpam as ham
instead. (Shifting to train on error mode when training database reaches
a certain size.)
Comments?
Doesn't this mean that once a spammer succesfully passed the filter and
is thus whitelisted, its crap is training your filter the wrong way?
The spammer is not whitelisted until the user stupidly replies to the spam (not
out of question, unfortunately). If that happens, and I catch it in time, I
can blacklist the domain before it affects the stats too much.
Hopefully, the users email client sends DSNs as actual DSNs, and
not as replies. Hopefully, they haven't installed some asinine
virus scanner on their PC that sends replies (instead of DSNs) to
viruses.
What might help with that problem is to keep stats on domains (both MFROM and
HELO and IPs for invalid HELO) and auto-blacklist domains with high spam
ratios. That is my next project. Note that if I add a header
like "X-Authenticated-ID: example.com" for each authenticated domain
(substituting IP when none avail), then a bayesian content filter that
includes header labels with tokens (e.g. DSpam) will automatically track the
spam/ham ratio of domains, without the need for another database.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com