On 6/13/2017 11:39 AM, Dianne Skoll wrote:
Something I and possibly others might find useful would be rules that
expire. Quite often, we might make some very specific rules to handle
a particular spam run and they lose their effectiveness pretty quickly.
What if we did something like:
expire MYRULE_FOO 2017-09-01
or maybe
tflags MYRULE_FOO expire=2017-09-01
Then the file parser would ignore expired rules, and if expired rules
have already been parsed into memory from before they expired, the run-time
would skip them.
Brilliant idea but how to keep that information from spammers?
My thoughts on this topic have been an automatic gradiated disablement
for efficiency. Adding your idea of a date and the rule is only tested
for every 1 out of X messages but goes back to 100% if it gets a certain
# of hits. This would allow SA to run on a subset of rules but increase
the subset based on in the wild hits.
I've been thinking a lot about hive protection on rules and centralizing
this type of data.
Regards,
KAM
