[Spambayes] Spam at hackers conference
Jim Bublitz
jbublitz@nwinternet.com
Sun Nov 3 07:47:32 2002
On 03-Nov-02 Skip Montanaro wrote:
>> > - Combining different approaches (e.g. blacklists, whitelists,
>> > Bayesian) seems to make people more comfortable.
>> Tim> I doubt a blacklist is going to be worth the bother with
>> this scheme, but a whitelist may be.
> I doubt it. There is just too much email spoofing going on to
> trust any addresses that absolutely. When using SA, I rarely
> used its whitelist facility, and only for odd email addresses
> whose automailings it always classified as spam. For instance,
> I get a bit of mail from American Airlines letting me know when
> the airfare between Chicago and Albany changes. As you might
> imagine, it's very spammy looking. The only way I could
> convince SA to leave it alone was to whitelist it. With
> Spambayes, it's never a problem.
You may be correct that from a purely technical point of view
Spambayes doesn't really need a whitelist (although the fp rate is
still non-zero), but there are some other considerations.
>From my personal point of view, I spend a lot of money to get
certain email sent to me, and missing some email could be very
costly ($10 could be off by orders of magnitude in the worst case)
For those reasons alone, I want a whitelist.
I also recently saw someplace (/.?) an article about a woman suing
an ISP who cut off her email because of non-payment. She's suing
because she missed an email from a potential employer for a
possible high paying job. If I were in a position similar to that
ISP (potential liability), I think "due diligence" would require
that I make every effort to make sure valid mail got through -
hence a more deterministic method in combination with a statistical
method (in combination with review in my case).
A convenient whitelist option seems to me to make it a more
attractive package. I'd want whitelisted mail to go into the
training database too.
Jim