On 16/07/09 11:39 AM, "LuKreme" <krem...@kreme.com> wrote:
>> * -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In
>> or Better
>> * [66.59.8.161 listed in sa-accredit.habeas.com]
>
>
> If you search for HABEAS_ACCREDITED you will find that a LOT of admins
> either drop these scores to very low numbers, or actually set them
> slightly positive.
I'm not certain as to how a search such as you suggest would reveal any
indication of this. Please explain.
> In my mailspool they are a spam indicator and I
> have them scored as such:
>
> score HABEAS_ACCREDITED_COI 1.0
> score HABEAS_ACCREDITED_SOI 1.5
I fully understand if you do/did not want to use our whitelist (keep
reading, we've made a few changes), however, we have historically blocked
lookups from people with this type of scoring when we became aware of such
things. I think it is silly to be punitive, and more than a little naïve.
I have regularly posted here as to the work that we do, how we do it, and
the challenges of migrating the poorly-kept legacy Habeas Safe whitelist to
our systems.
The migration work is ongoing, about 95% of the way there. However, the last
5% is non-trivial.
That said, from a more administrative side here are some facts and figures
that may interest you:
- In the past six months we have ended our relationship with 113 companies
on Safe
- We have deleted at least 2.5K IPs associated with those companies
- We have added hundreds, if not 1,000 IPs from our Certified programme
members, companies held to extremely exacting performance metrics, including
complaint feeds from Hotmail, Yahoo!, two anonymous webmail providers.
VALUE ADDS
We have actively begun compliance on Safe whitelist members for things like:
- spamtraps (from several sources to which Spamassassin does NOT
have access)
- bounce-processing efficacy (again, something SA cannot do for you)
- Recursive DNS
- nameserver snowshoeing. We do not allow one NS/domain to avoid domain
reputation
- WHOIS transparency - no proxy services
- disclosure of sign-ups, privacy policy present and reasonable
Future plans:
- Automation (including intra-day checks of DNSBLs, trap hits, and so on)
- re-jigging our programme metrics, standards and license agreement to be
coherent (we are still labouring under legacy agreements in some cases)
- Overall programme/client/IP SA scoring for both our whitelist products,
Safe and Certified, using our massive corpus (not to belittle Justin's rule
scoring efforts, but he uses what he readily admits is a very small corpus).
We have live data feeds from the world's largest receiving sites, we run
FBLs for at least a dozen of receivers, and we intend to make good use of
this data. I don't know how long it will take until an SA score will become
a compliance metric, or if it ever will, time will tell, but I am very
excited to see what comes of this project.
- Continual client audits especially of legacy Safe customers.
IOW, we take all this stuff very seriously, have committed resources both
financial, development, and human to this end, and we greatly value our
longstanding relationship with the Spamassassin user community.
So, bottom line:
Zero-out our scoring? That is and will always be your right.
Making it a positive spam sign?? Well, if you run a home system with no
users, I suppose no damage done. If you are running SA in front of actual
users at a business installation, I'd think it very brave to incur known
false positives, and reject mail they potentially want, especially in this
job market.
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038
The opinions contained herein are my personal stance and may not reflect the
viewpoint of Return Path Inc.
