[Spambayes] Spam at hackers conference

[Jim Bublitz]

On 03-Nov-02 Skip Montanaro wrote:
 
>> > - Combining different approaches (e.g. blacklists, whitelists,
>> > Bayesian) seems to make people more comfortable.
 
>> Tim> I doubt a blacklist is going to be worth the bother with
>> this scheme, but a whitelist may be.
 
> I doubt it.  There is just too much email spoofing going on to
> trust any addresses that absolutely.  When using SA, I rarely
> used its whitelist facility, and only for odd email addresses
> whose automailings it always classified as spam.  For instance,
> I get a bit of mail from American Airlines letting me know when
> the airfare between Chicago and Albany changes.  As you might
> imagine, it's very spammy looking.  The only way I could
> convince SA to leave it alone was to whitelist it.  With
> Spambayes, it's never a problem.

You may be correct that from a purely technical point of view
Spambayes doesn't really need a whitelist (although the fp rate is
still non-zero), but there are some other considerations.

>From my personal point of view, I spend a lot of money to get
certain email sent to me, and missing some email could be very
costly ($10 could be off by orders of magnitude in the worst case)
For those reasons alone, I want a whitelist.

I also recently saw someplace (/.?) an article about a woman suing
an ISP who cut off her email because of non-payment. She's suing
because she missed an email from a potential employer for a
possible high paying job. If I were in a position similar to that
ISP (potential liability), I think "due diligence" would require
that I make every effort to make sure valid mail got through -
hence a more deterministic method in combination with a statistical
method (in combination with review in my case).

A convenient whitelist option seems to me to make it a more
attractive package. I'd want whitelisted mail to go into the
training database too.

Jim