Tim wrote: >>> Another mitigating factor is the domain name that you post from. >>> Certain top-level-domains get red flagged as being more likely to be >>> spam, simply by the name, regardless of content. e.g. Spamassassin, >>> IGNORANTLY, does that with .biz and .info TLDs. I say that with such >>> venom because in the years that I've been on the internet, and in the >>> thousands of spam that I've received, I've noticed about seven spams >>> that came with .biz TLDs in them. James Wilkinson: >> a bit over 2% of my spam includes a (relatively well-formed) .biz URL, >> and well over 6% of it includes an .info URL. >> >> I understand that the reason SpamAssassin *does* flag up those e-mails >> with a .biz or .info TLD is simply that across their set of spam and >> non-spam, it does turn into a useful indicator. To me, merely 2% of spam having it doesn't justify using it as a prominent detector of spam. Nearly all of my spam came from .com domains, we should flag all .com mail as being spam... It really is a stupid way of managing spam. They're both legit domains, and the .info one is far more correct than the widespread misuse of .com for non-commercial reasons. Sjoerd Mullender: > I don't quite understand what the http:// bit does in your command. > That checks for URLs embedded in the mail but Tim was talking about TLDs > where the mail originated. Yes, in that message, though in practice the entire message was parsed. Any mention of one gets detected. My main beef with it has been not that it uses it as a "slightly higher rating", but that it flags it *as* spam, outright. On the basis that an e-mail came from that domain, or mentions a URI inside it with it, it'd be flagged as BEING spam. So, completely NON spam e-mail was getting dumped, carte blanche. Often recipients were completely unaware of this. Yet, real spam, loaded with a plethora of readily identifiable indicators gets a quit low probability rating, and still gets through to the inbox. The detection priorities are all out of whack. Spamassassin's moronic defaults (e.g. the above mentioned behaviour), plus it's black & white listing databasing on "to" and "from" addresses, instead of the content of the message (e.g. white list a mailing list, and all spam gets approved that forges those addresses), earns it utter disdain in my opinion. I have a VERY low opinion on software that produces false positives. -- (Currently testing FC5, but still running FC4, if that's important.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
