On Saturday 07 August 2004 09:05 am, Jon Fullmer wrote: > Almost poetic. �Thank you. > > I can certainly accept the arguments as to why bouncing would be a bad > idea. What is the alternative? �If the messages are simply dropped, the > sender (nor the recipient) have any knowledge in the case of a false > positive. > > �- Jon
The logical thing to do is to configure your procmail to /dev/nul anything that has a really high score, where really high is determined by inspection of a few days of spam. In my case I am happy with really high being values over 10. (We run Spamassassin sitewide.) Anything less than 10 gets tagged and sent on to the intended recipient who is advised to either filter on the score, or wade thru them individually. Most of my users (even the microsoft users) put in a rule to divert anything over 4.5 (example) to a probably spam folder. If they are too dumb to set up this rule, the get to read all the spam and upon complaining they get directed to a web page showing them exactly how to set this up in outlook and outlook express (and the ones who need help are ALWAYS running one of those two clients. - Always.) But the key here is be open to putting in whitelist entries for some companies who send newsletters that are indistinguishable from spam, such as some banks and airlines. We do not handle life and death matters by email. An occasional false positive may register over 5, but several months of analysis has never turned up any FP scoring over 10. (We did this analysis via routing to /var/log/spamtrap and wading thru it by hand. Every six months or so we re-run this analysis). -- _____________________________________ John Andersen
pgpHZdv13WM7z.pgp
Description: signature
