On Thu, 2021-07-01 at 16:32 -0600, @lbutlr wrote: > Sending spam, viruses, ransom demands, and/or spearfishing from > "known" addresses is extremely common, so how effective that is > depends a lot on the sort of mail and the amount of mail you receive. > Agreed, but I'm not silly enough to have the whitelisting check trigger shortcircuiting or use a whitelist score high enough to override a bunch of spam hits: I wouldn't be using it in that case.
> It is very common for me to get spam mail that appears to be from > known addresses, mostly clients and the less sophisticated family > members (computer sophisticated, at least) who have the bad habit of > sharing their contacts with whatever random app they download. > Different sender population, then. I get very little spam that spoofs regular correspondents. > > If a company insists on sending me advertising mail I do not want, I > don't want to do any business with that company. > Agreed, but most of those, at least in my experience, use a different sending address for adspam than they use for invoices, dispatch notes, etc. so my adspam blacklist works rather well. Before you ask, my daily logwatch reports monitor the performance of local SA rules: I wrote report modules to do that. Seems to me there's little point in writing, testing and tuning local rule sets if you can't easily see how well they're working. Martin
