-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Loren Wilton writes: > > Example: I am currently writing a very FEW rules, some from > > scratch and some by adapting the work or ideas of others from > > such lists or web sites. > > > > You have all convinced me that if I post a rule for discussion > > that it is then close to worthless. > > It depends on how you post it. And it may depend on where you post it. > > We KNOW that posting rules with descriptions of "this hits xxx" in the users > list will in many cases kill a rule. > We know that posting the NAME of a rule and saying "it will catch stuff like > that" does NOT kill the rule. > We know that saying "look at rule XXX in file blah.cf, it is a check for > xxx" does NOT kill the rule. > It is my untested belief that a rule could be posted in full *with no > explanation of what it catches* and it would probably still be a good rule. > > The trick to killing a rule seems to require three parts, possibly four: > 1. Post the actual rule. > 2. Explain what it catches. > 3. Post it in the right place (user list is known to be a 'right place'). > 4. Possibly it will need to be a rule catching one of the cleverer > spammers stuff - one that can read the user's list and follow the > discussion. This is undetermined, but a reasonable theory. > > We know that this seemingly will NOT kill a rule: > 1 Mention the rule name, and even describe what it catches. > 2 Mention where the rule is located, the name, and describe what it > catches > 3 Sometimes at least, posting a rule in full, but NOT describing what it > catches. > > So rules can be discussed in public. The tricks are to be either a little > vague on how the rule works, or to not post the rule body with the > discussion (refer to where the rule can be found instead), or to not post a > complete rule body, but give an example and describe modifications needed. > > Another trick that is probably viable is to discuss local rules that have to > be modified at each shop. By definition spammers aren't going to target > these rules for avoidance, since they can't be sure what it will look like > at your shop, and they probably don't know what your shop is in the first > place. I think that's spot on -- I would add a comparison between textual rules (readable text) and structural rules (matching the structure of the message). IMO it's harder for a spammer to realise that a structural rule will hit their spam, and it's harder for them to evade them. (btw I've been saying that for a while before this discussion too ;) - --j. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFC6F98MJF5cimLx9ARAkO0AJ0aMry2QF9Y8Qz2nxbXRgDmrOfB9QCgqOYn 2O6ETONsXbExYN0rvTJn/o4= =FyOF -----END PGP SIGNATURE-----
