spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luis E. Muñoz" ...@lem.click>
Subject Re: IADB whitelist - again
Date Fri, 02 Mar 2018 16:49:12 GMT
On 2 Mar 2018, at 0:48, Sebastian Arcus wrote:

> But why does SA have to expose a rule for each and every code IADB 
> provides?

So that users can implement their own policies if desired? So that 
different rules can have a more granular effect on the inbound email 
flow, without this being a simply binary affair (present, not present)? 
More reasons come to mind, but it all boils down to exposing all the 
available information to the users in order for them to make better 
decisions.

As I mentioned in one of my prior responses, I personally know of 
operations that use that data granularity to their advantage.

> SA is an antispam solution, IADB is a facilitator for the marketing 
> industry (in spite of their continuous protestations on this list). 
> The goals of the two are not the same. Surely SA can decide by itself 
> what is really useful from a spam filtering point of view - not churn 
> out whatever it gets passed by marketing whitelists? SA uses other 
> whitelists (some may I say a lot more useful than IADB), and it only 
> exposes one or two rules for each.

I doubt IADB is in a position to dictate to anyone how to use (or not) 
the data it provides. Not SA, not anybody else. Participants in IADB 
(listees and users) voluntarily act so. As someone else in this thread 
pointed out, IADB provides a useful ham signal.

I think the goals of both are fairly aligned. An antispam solution is 
not good if it blocks wanted email. IADB is conveying information about 
the stated policies / practices of the sending organization. Assisted 
with this information, SA can take better decisions about specific 
pieces of email.

>> Also, there is RCVD_IN_IADB_DOPTIN, so RCVD_IN_IADB_OPTIN may be 
>> "someone somehow gave us your name somewhere" (i.e. "single opt-in") 
>> rather than "we confirmed you actually want to receive our garbage" 
>> ("double opt-in").
>
> So effectively pretty useless, as if you ever made the mistake of 
> forgetting to untick the "receive email from our carefully selected 
> partners" in the past, you will never be able to take that consent 
> back as your email address gets passed from entity to entity. Consent 
> to be emailed marketing material is a joke - and SA shouldn't be a 
> facilitator - otherwise its value as a spam filter is gone.

I fail to see how SA is acting as a facilitator in this case. SA ships 
with rules that look up all the available information about a piece of 
email and then, hands this information to a set of rules that decide 
what should happen to that email. You're objecting to the scores being 
applied to those rules because you received one email that you believe 
doesn't align with the results of one of those rules and want to drop 
those rules from the distribution.

What would happen if the email you wanted came from a mail server listed 
in Spamhaus? Would you then argue for removing rules using Spamhaus from 
SA altogether?

I would urge you to follow the advice of other list members and actually 
report the misclassified spam so that involved parties can take action.

>> The scores appear hardcoded (50_scores.cf) vs. from masscheck 
>> (72_scores.cf) so they may be *very* stale.
>
> In that case maybe at least some of the rules should be removed then

In this case it seems to me that you already have a desired outcome and 
will grasp at any shred of argument to justify it.

Best regards

-lem

Mime
View raw message