On Fri, 26 Oct 2007, Matthias Leisi wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alex Woick schrieb:
[Spamcop]
I understand the two step reporting process too, and I too find it
annoying and timeconsuming to ack my (manually reviewed) 50 spams per
day to them, so I ceased to do it. There exist scripts for ack'ing
automatically, but this is not the intention of this process, so this is
no alternative for me.
I don't speak for Spamcop, but I do speak for dnswl.org. From our
experience I can tell that a manual review process is very important to
ensure data quality.
At least in the context of dnswl.org, there is little value in reporting
for the sake of reporting alone -- there needs to be some quality
control involved, or otherwise we run a high risk of including unwanted
IP addresses.
Having said that, we of course welcome all reports on false positives,
especially on IP addresses with a "low", "med" or "hi" score, and we
welcome all notifications of mailservers we do not yet know about.
It's rather simple, really.
If I'm auto-reporting spams with a score of (let's say, 15...enough that
regardless of the DNSWL score's "negative" it would still be enough to
auto-learn as "spam" to DNSWL (and DNSWL is passing complaints onto the
original mailserver, which seems a logical thing) this serves as a
reminder to the original mail server (let us say, in this case, two
things). This is the kind of thing that I would suggest be an enhancement
to SA (but off by default for privacy reasons), on the spamd side, at the
same time as bayes auto-learning happens.
1) That they are sending spam that risks their whitelist rating.
and
2) That the email they are sending is probably too spammish ANYWAY, if
it's of a high enough threshhold ABOVE the DNSWL score to still be
reported.
If you are a spammer, this allows you not only to listwash, but also to
scrub and detail your email so it hits less SA rules -- of course, if you
are any kind of pro spammer, presumably you are running your mails through
at least a standard SA install anyway to test them.
If on the other hand you are a legitimate user of this service, *and* you
are a producer of regular volumes of email, locally originated, that has
some spammish tendencies (badly formed HTML parts, or being sent by a
non-malicious script, then it allows you to correct other means of those
false positive.
Naturally, if DNSWL isn't reporting back to the mailserver user, none of
the above applies.
Manually reporting, on the other hand, is something that I would tie into
the "spamassassin -r" functions, and much LIKE spamcop or the others, I'd
suggest one or two extra pieces of data:
Some kind of a reporting ID, which determined the severity of the report
(i.e. anonymous reports were given less credence). And if the reports
were going to be given back to the original mailserver again, some option
to have the identifying data stripped.
Also, the ability to view the number of reports for a given server helps
as well.
-Dan
>
- -- Matthias
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFHIggQxbHw2nyi/okRAludAKC14sT7Ff3Ax4L9zpC/fWHx/xyUAwCfSUZ1
WB4q6mV08fa4Yhyx+aUtbEs=
=3yG4
-----END PGP SIGNATURE-----
--
Amerikanskaya firma Transceptor Technology pristupila k poizvodstu komputerov
"Personal'ni Sputnik"
Translates as: 'American company Transceptor Technology commenced the production of the
computer "personal sputnik"'
--Snap, "The Power"
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
