https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8335
Bug ID: 8335
Summary: Remove Pay-for-Play DNSBL Rules Backed by For-Profit
Vendor
Product: Spamassassin
Version: 4.0.2
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Rules
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: Undefined
The following rules should be removed from SpamAssassin, as they lend undue
credibility to a for-profit, pay-for-play company masquerading as a trusted,
open reputation authority:
- RCVD_IN_VALIDITY_CERTIFIED
- RCVD_IN_VALIDITY_CERTIFIED_BLOCKED
- RCVD_IN_VALIDITY_RPBL
- RCVD_IN_VALIDITY_RPBL_BLOCKED
These rules are based on data from Validity, a private company that acquired
SenderScore and now sells deliverability services. One such service is Sender
Certification (https://www.validity.com/sender-certification/), where senders
can pay to improve their deliverability. This creates a clear conflict of
interest when integrated into an open-source spam filtering tool.
It’s especially concerning that this line
(https://github.com/apache/spamassassin/blob/234b4b0c34067549525f77276ca6e09c899a42d7/rules/20_dnsbl_tests.cf#L152)
in the SpamAssassin ruleset includes a direct link to a sales page for
Validity, reinforcing the perception that SpamAssassin is endorsing their
business model.
Including these rules in an open-source project effectively supports a
pay-for-play ecosystem under the guise of objective scoring. It misleads users
into trusting a proprietary and profit-driven system as if it were a neutral
third-party source.
SpamAssassin should not promote or integrate DNS-based scoring mechanisms from
companies whose core business depends on payment for reputation. Doing so
compromises the integrity of the project and the trust the open-source
community places in it.
--
You are receiving this mail because:
You are the assignee for the bug.
