On 16/07/09 11:39 AM, "LuKreme" <krem...@kreme.com> wrote: >> * -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In >> or Better >> * [66.59.8.161 listed in sa-accredit.habeas.com] > > > If you search for HABEAS_ACCREDITED you will find that a LOT of admins > either drop these scores to very low numbers, or actually set them > slightly positive.
I'm not certain as to how a search such as you suggest would reveal any indication of this. Please explain. > In my mailspool they are a spam indicator and I > have them scored as such: > > score HABEAS_ACCREDITED_COI 1.0 > score HABEAS_ACCREDITED_SOI 1.5 I fully understand if you do/did not want to use our whitelist (keep reading, we've made a few changes), however, we have historically blocked lookups from people with this type of scoring when we became aware of such things. I think it is silly to be punitive, and more than a little naïve. I have regularly posted here as to the work that we do, how we do it, and the challenges of migrating the poorly-kept legacy Habeas Safe whitelist to our systems. The migration work is ongoing, about 95% of the way there. However, the last 5% is non-trivial. That said, from a more administrative side here are some facts and figures that may interest you: - In the past six months we have ended our relationship with 113 companies on Safe - We have deleted at least 2.5K IPs associated with those companies - We have added hundreds, if not 1,000 IPs from our Certified programme members, companies held to extremely exacting performance metrics, including complaint feeds from Hotmail, Yahoo!, two anonymous webmail providers. VALUE ADDS We have actively begun compliance on Safe whitelist members for things like: - spamtraps (from several sources to which Spamassassin does NOT have access) - bounce-processing efficacy (again, something SA cannot do for you) - Recursive DNS - nameserver snowshoeing. We do not allow one NS/domain to avoid domain reputation - WHOIS transparency - no proxy services - disclosure of sign-ups, privacy policy present and reasonable Future plans: - Automation (including intra-day checks of DNSBLs, trap hits, and so on) - re-jigging our programme metrics, standards and license agreement to be coherent (we are still labouring under legacy agreements in some cases) - Overall programme/client/IP SA scoring for both our whitelist products, Safe and Certified, using our massive corpus (not to belittle Justin's rule scoring efforts, but he uses what he readily admits is a very small corpus). We have live data feeds from the world's largest receiving sites, we run FBLs for at least a dozen of receivers, and we intend to make good use of this data. I don't know how long it will take until an SA score will become a compliance metric, or if it ever will, time will tell, but I am very excited to see what comes of this project. - Continual client audits especially of legacy Safe customers. IOW, we take all this stuff very seriously, have committed resources both financial, development, and human to this end, and we greatly value our longstanding relationship with the Spamassassin user community. So, bottom line: Zero-out our scoring? That is and will always be your right. Making it a positive spam sign?? Well, if you run a home system with no users, I suppose no damage done. If you are running SA in front of actual users at a business installation, I'd think it very brave to incur known false positives, and reject mail they potentially want, especially in this job market. -- Neil Schwartzman Director, Accreditation Security & Standards Certified | Safelist Return Path Inc. 0142002038 The opinions contained herein are my personal stance and may not reflect the viewpoint of Return Path Inc.