You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2015/09/03 22:52:09 UTC
[Bug 7240] New: blacklist_uri_host accuracy
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7240
Bug ID: 7240
Summary: blacklist_uri_host accuracy
Product: Spamassassin
Version: 3.4.1
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Rules
Assignee: dev@spamassassin.apache.org
Reporter: mysqlstudent@gmail.com
Hi,
I found a false-positive with blacklisting the click domain:
<p class="MsoNormal"><b><span lang="NO-BOK"
style="font-size:14.0pt;font-family:"Arial
Narrow",sans-serif;color:gray">1.Click on Search
Reservation</span></b><span
style="font-size:14.0pt"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span lang="NO-BOK"
style="font-size:14.0pt;font-family:"Arial
Narrow",sans-serif;color:gray">2.Enter a month range in the Service date
spots (Leave all other fields
blank)</span></b><span style="font-size:14.0pt"><o:p></o:p></span></p>
Shouldn't it require more than just the simple presence of "1.Click" in the
body to be considered an actual URL and blacklist the whole email?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7240] blacklist_uri_host accuracy
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7240
Steadramon <pa...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |paul.stead@gmail.com
--- Comment #1 from Steadramon <pa...@gmail.com> ---
We have also experienced similar triggered word strings, where the sender has
forgotten to follow a period (.) with a space, so being picked up as a "URI" -
especially with all these new TLDs flying around
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7240] blacklist_uri_host accuracy
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7240
--- Comment #8 from Kevin A. McGrail <km...@pccc.com> ---
(In reply to AXB from comment #7)
> (In reply to Kevin A. McGrail from comment #6)
>
> > Argh... strengthens my recommendation that people NOT blacklist with RBLs,
> > just score.
>
> KAM; this not about RBLs
>
> its about static rules like:
>
> blacklist_uri_host click
> blacklist_uri_host lmao
> blacklist_uri_host fyi
>
> If ppl can't type, it bites.
My first question was what rule not what rule type we are talking about?
If the rules aren't delivered by the project, isn't this more of a discussion
for users/dev@?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7240] blacklist_uri_host accuracy
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7240
--- Comment #6 from Kevin A. McGrail <km...@pccc.com> ---
(In reply to Kevin A. McGrail from comment #5)
> I think all you've found is that the proliferation with TLDs is going to
> cause FPs if people type them near periods.
>
> As such, it strengthens my recommendation that people blacklist with RBLs.
> Use them solely for scoring as I've yet to see one, my work included, that
> exceed 99.99% accuracy. Most are far lower and while .01% is amazing, it
> can still represent a large number in the email system.
>
> Beyond that, SA works best with rules that score negatives and positives so
> that the chaff is separated from the wheat. Without discussing specific
> rules and how to make a specific class of email safer, I'm not sure we can
> do anything with this ticket.
Argh... strengthens my recommendation that people NOT blacklist with RBLs, just
score.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7240] blacklist_uri_host accuracy
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7240
Joe Quinn <jq...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jquinn+SAbug@pccc.com
Resolution|--- |INVALID
Status|NEW |RESOLVED
--- Comment #10 from Joe Quinn <jq...@pccc.com> ---
Agreed, filing under "appropriate safety gear must be worn when using
blacklist".
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7240] blacklist_uri_host accuracy
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7240
--- Comment #5 from Kevin A. McGrail <km...@pccc.com> ---
I think all you've found is that the proliferation with TLDs is going to cause
FPs if people type them near periods.
As such, it strengthens my recommendation that people blacklist with RBLs. Use
them solely for scoring as I've yet to see one, my work included, that exceed
99.99% accuracy. Most are far lower and while .01% is amazing, it can still
represent a large number in the email system.
Beyond that, SA works best with rules that score negatives and positives so
that the chaff is separated from the wheat. Without discussing specific rules
and how to make a specific class of email safer, I'm not sure we can do
anything with this ticket.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7240] blacklist_uri_host accuracy
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7240
--- Comment #3 from AXB <ax...@gmail.com> ---
imo, this is a case of "weapons don't kill pl, ppl kill ppl"
if you blacklist a TLD it's poison pill.
tightening the logic will just allow other bad URIs to slip through.
maybe lower the blacklist_uri_host score and make sure it's not shortcircuited
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7240] blacklist_uri_host accuracy
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7240
Alex <my...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mysqlstudent@gmail.com
--- Comment #11 from Alex <my...@gmail.com> ---
Thanks very much for the explanation. Do you guys have any recommendations for
when the proper time is to use blacklist_uri_host and blacklist_from?
There was a thread going around some time ago, and also from a report recently
released, that TLDs like xyz and science were useless and should really just be
blocked outright. That's what I've done here, and wondered if someone had an
updated list of domains that are safe to block outright?
There's always a risk of FPs, but then, what's the point of the rules
in the first place? What is that "appropriate gear"?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7240] blacklist_uri_host accuracy
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7240
--- Comment #7 from AXB <ax...@gmail.com> ---
(In reply to Kevin A. McGrail from comment #6)
> Argh... strengthens my recommendation that people NOT blacklist with RBLs,
> just score.
KAM; this not about RBLs
its about static rules like:
blacklist_uri_host click
blacklist_uri_host lmao
blacklist_uri_host fyi
If ppl can't type, it bites.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7240] blacklist_uri_host accuracy
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7240
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@pccc.com
--- Comment #2 from Kevin A. McGrail <km...@pccc.com> ---
What rule is hitting? What is the score?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7240] blacklist_uri_host accuracy
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7240
--- Comment #4 from Steadramon <pa...@gmail.com> ---
(In reply to Kevin A. McGrail from comment #2)
> What rule is hitting? What is the score?
Not a single rule particularly...
Strings like...
1.click
hello.lmao
test.fyi
will be picked up as URIs and added to the list of URIs to test in later SA
rules.
I agree that a single blacklisted URI should not equal a blacklisted email.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7240] blacklist_uri_host accuracy
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7240
--- Comment #9 from AXB <ax...@gmail.com> ---
(In reply to Kevin A. McGrail from comment #8)
> (In reply to AXB from comment #7)
> > (In reply to Kevin A. McGrail from comment #6)
> >
> > > Argh... strengthens my recommendation that people NOT blacklist with RBLs,
> > > just score.
> >
> > KAM; this not about RBLs
> >
> > its about static rules like:
> >
> > blacklist_uri_host click
> > blacklist_uri_host lmao
> > blacklist_uri_host fyi
> >
> > If ppl can't type, it bites.
>
> My first question was what rule not what rule type we are talking about?
>
> If the rules aren't delivered by the project, isn't this more of a
> discussion for users/dev@?
Bug title says it all:
"blacklist_uri_host..."
imo, not a bug - leave it to you to close
--
You are receiving this mail because:
You are the assignee for the bug.