[spambayes-dev] Regarding Whitelisting

Aleem B aleem.bawany at utoronto.ca
Tue Sep 2 04:20:02 EDT 2003 

I am a new user of Spambayes and not on the devlist so it is
possible this topic has come up many times before (and for the
same reason reply-all to this mail). As posted in the FAQ:

> The main reason is that for the most part SpamBayes doesn't
> need it!

The users need it. I can know with certainty that the mail
from my potential employer will end up in my inbox and not
get lost with spam or overlooked in spam box, eventually
costing me my job. There is comfort in knowing that the mail
will show up in my inbox and I won't end up missing something
important.

> As long as you keep training on unsure or mis-classified mail,
> SpamBayes will learn what you consider good mail without
> needing any specific lists.

With whitelists mail would not get "mis-classified" in the
first place.


> In addition, tokens are generated from email addresses, so an
> automatic 'whitelist' (of sorts) is generated, as is a similar
> blacklist.

This can still generate false positives.

> Whitelists and blacklists are problematic anyway, because
> 'spoofing' (pretending you are someone else) is reasonably
> simple, and also very common.

When whitelisting an entire domain *@hotmail.com, this may be
problematic. For normal email addresses I doubt if anyone will
know the email address of the person I am whitelisting. I do
not recall ever recieving spam mail from someone I know, except
in the case of self-propogating worms which falls under the
antivirus department.

> So, more often than not, they'll lead to incorrect results.

If I am whitelisting the email of my potential employer e.g.
john.doe at acme.net then it is very unlikely that a spammer will
be able to guess this or use it coincidentally. So the more often
than not argument does not follow.

Besides, the decision to whitelist an email address (and risk
getting mail from a spammer forging that very address), should be
left to the user.

Furthermore, going through daily spam, finding the false positives
and resurrecting them is more troublesome than going through the
inbox and marking an email as spam.

> However, there are some commercial products based on SpamBayes
> that offer whitelisting - see the related page for more
> information.

Infact, most spam filters offer whitelisting. SpamBayes just
happens to be an execellent mail filter and probably my favorite,
so it would be great to see whitelisting implemented in future
versions.

aleem

[ http://aleembawany.com/ ]

More information about the spambayes-dev mailing list