You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Greg Troxel <gd...@ir.bbn.com> on 2009/01/06 16:51:57 UTC
more habeas spam
I have once again been spammed by a habeas-accredited sender. This time
it's also in senderbase, and thus got a whopping -8.6 from those two
combined. Perhaps one rule should be dropped - two rules controlled by
the same organization having additive scores doesn't seem right.
spample and SA output at
http://www.lexort.com/spam/birthday.txt
http://www.lexort.com/spam/birthday.out
I looked at http://www.senderscorecertified.com and was unable to find a
complaint address.
On December 6, I got another spam that was habeas-accredited and
complained
To: safelist@returnpath.net, complaints@habeas.com
See the "rewards" msg at http://www.lexort.com/spam/. This is pretty
egregious spam, with the usual fraudulent claim that I signed up. I
have heard nothing back and the sender is still accredited, but now as
SOI rather than COI.
In https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5902 I asked
why HABEAS_ACCREDITED_SOI still got a negative score, and after posting
in public did get a response from habeas. But my experience has been
that non-public complaints are ignored.
I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
value. But, I wonder if SA should apply higher standards than that, and
not give negative scores to databases that don't behave reasonably.
Re: more habeas spam
Posted by John Hardin <jh...@impsec.org>.
On Tue, 6 Jan 2009, Rob Foehl wrote:
> The last complaint filed with Habeas was answered with something like
> "this customer appears to be following their business model"
Oh for pete's sake. If that's their criteria for acceptability then Habeas
is useless. After all, a spammer's business model is to send huge volumes
of unsolicited commercial email...
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Any time law enforcement becomes a revenue center, the system
becomes corrupt.
-----------------------------------------------------------------------
11 days until Benjamin Franklin's 303rd Birthday
Re: more habeas spam
Posted by Rob Foehl <rw...@loonybin.net>.
On Tue, 6 Jan 2009, Greg Troxel wrote:
> In https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5902 I asked
> why HABEAS_ACCREDITED_SOI still got a negative score, and after posting
> in public did get a response from habeas. But my experience has been
> that non-public complaints are ignored.
My experiences with Habeas have been so poor that I've actually been
toying with the idea of assigning fairly large positive scores to the
HABEAS_ACCREDITED_* rules. There is a rather stunning overlap with URIBL
hits here, and no evidence of a useful effect on legitimate mail.
The last complaint filed with Habeas was answered with something like
"this customer appears to be following their business model", which was
namely that they "contact people who have posted on certain web sites".
I wonder if they're willing to accredit everyone with that particular
business model...
> I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
> value. But, I wonder if SA should apply higher standards than that, and
> not give negative scores to databases that don't behave reasonably.
HABEAS_ACCREDITED_SOI still earns a -4.3 in the default scores for 3.2.5.
I'd love to know why this is still the case.
-Rob
Re: more habeas spam
Posted by rafa <ra...@bolso.ptraced.net>.
Jason Bertoch wrote:
>> -----Original Message-----
>> From: Kai Schaetzl [mailto:maillists@conactive.com]
>> Sent: Tuesday, January 06, 2009 1:31 PM
>> To: users@spamassassin.apache.org
>> Subject: Re: more habeas spam
>>
>
> There is also bug 5977 for BSP who still doesn't have a clear way to file a
> complaint. I just received a spam matching both RCVD_IN_BSP_TRUSTED and
> RCVD_IN_DNSWL_LOW. Personally, I'd prefer to see all of these white list
> rules go away.
You can request DNSWL to move that IP to NONE.
RE: more habeas spam
Posted by Jason Bertoch <ja...@electronet.net>.
> -----Original Message-----
> From: Kai Schaetzl [mailto:maillists@conactive.com]
> Sent: Tuesday, January 06, 2009 1:31 PM
> To: users@spamassassin.apache.org
> Subject: Re: more habeas spam
>
There is also bug 5977 for BSP who still doesn't have a clear way to file a
complaint. I just received a spam matching both RCVD_IN_BSP_TRUSTED and
RCVD_IN_DNSWL_LOW. Personally, I'd prefer to see all of these white list
rules go away.
Re: more habeas spam
Posted by Justin Mason <jm...@gmail.com>.
On Thu, Jan 8, 2009 at 15:37, Karsten Bräckelmann
<gu...@rudersport.de> wrote:
> On Tue, 2009-01-06 at 19:31 +0100, Kai Schaetzl wrote:
>> It appears to me that the HABEAS rules are hitting only a very tiny fraction of
>> mail, many of the nightly mass-checks don't have a hit at all (or is it that those
>> checks don't contain any network checks?). The aggregated view shows no hits at all
>> for these rules.
>
> Network tests are done once a week, not daily.
>
>> I'm not sure if I'm reading the ruleqa correctly, although I read it's help.
>> 1. I'm wondering why many rules show a score of 0.0
>
> These appear to be network tests.
>
>> 2. do I understand it correctly that a nightly check contains only the spam
>> received over the last 24 hours?
>
> No. The nightly mass-checks contain the full corpora.
>
>> 3. I don't see any explanation for s/o and rank. (Rank seems to be some sort of
>> ranking according to the hit rate, but I find it hardly understandable that a rule
>> that hits a lot of messages, like URIBL_SURBL, scores 1.0 as rank and a rule that
>> hits almost no messages still scores at half of that. s/o seems to show the
>> ham/spam ratio cleanliness?)
>
> Correct, S/O is the Spam / Overall ratio. The higher that ratio, the
> better the rule and the lower the ham hits (in percent, not absolute
> numbers).
it's also worth noting that rules intending to hit ham need to have a
very _low_ S/O ratio -- as near to 0.0 as possible.
--j.
Re: more habeas spam
Posted by Greg Troxel <gd...@ir.bbn.com>.
Theo Van Dinter <fe...@apache.org> writes:
> On Thu, Jan 08, 2009 at 04:37:37PM +0100, Karsten Bräckelmann wrote:
>> > It appears to me that the HABEAS rules are hitting only a very tiny
>> > fraction of mail, many of the nightly mass-checks don't have a hit
>> > at all (or is it that those checks don't contain any network
>> > checks?). The aggregated view shows no hits at all for these rules.
>>
>> Network tests are done once a week, not daily.
>
> Just to share some data, my last weekly run shows:
>
> 0.084 0.0000 1.2638 0.000 0.58 0.00 HABEAS_ACCREDITED_SOI
> 0.010 0.0000 0.1484 0.000 0.47 0.00 HABEAS_ACCREDITED_COI
> 0.000 0.0000 0.0000 0.500 0.44 0.00 HABEAS_CHECKED
>
> and generating stats from the last weekly run results from everyone:
>
> 0.039 0.0001 0.6879 0.000 0.62 0.00 HABEAS_ACCREDITED_SOI
> 0.003 0.0000 0.0573 0.000 0.51 0.00 HABEAS_ACCREDITED_COI
> 0.000 0.0000 0.0000 0.500 0.49 0.00 HABEAS_CHECKED
>
> There's a handful of spam hits for a couple of people, so it's not
> clear if that's misfiling or an abusive sender. But these results are
> pretty good IMO.
I searched all of my mail on two machines for HABEAS (I expire a lot of
it, though), and came up with a few messages in a spam complaints folder
(such as the one that I started this thread with), discussion on this
list, private messages to me from people saying they find that these
days habeas accredits spammers, and one other message - a misdirected
political rant from a friend-of-a-friend-.... that was about gitmo, not
spam.
So I wonder if the reality is that
most of the places habeas accredits are legitimate newsletter senders
some of them are spammers
habeas does not respond to complaints in any reasonable/useful way
people like me who don't get the kind of junky newsletters that need
accreditation to be deliverable only get HABEAS-marked mail that is
spam
and thus I have a different local reality than the overall statistics --
a handful of messages received that are accredited, all of them spam,
and no response to complaints. This seems to be the experience of a
number of others.
So, my point was basically that even if in some statistical sense the
rule is valid, is it reasonable to let a for-profit third party sell -4
spamassassin points unless we are convinced that they are very diligent
and respond so quickly and appropropriately to complaints that problems
are very rare? (Obviously I think habeas does not meet the above test.)
If this were -0.2 I wouldn't be so cranky.
Re: more habeas spam
Posted by Theo Van Dinter <fe...@apache.org>.
On Thu, Jan 08, 2009 at 04:37:37PM +0100, Karsten Bräckelmann wrote:
> > It appears to me that the HABEAS rules are hitting only a very tiny fraction of
> > mail, many of the nightly mass-checks don't have a hit at all (or is it that those
> > checks don't contain any network checks?). The aggregated view shows no hits at all
> > for these rules.
>
> Network tests are done once a week, not daily.
Just to share some data, my last weekly run shows:
0.084 0.0000 1.2638 0.000 0.58 0.00 HABEAS_ACCREDITED_SOI
0.010 0.0000 0.1484 0.000 0.47 0.00 HABEAS_ACCREDITED_COI
0.000 0.0000 0.0000 0.500 0.44 0.00 HABEAS_CHECKED
and generating stats from the last weekly run results from everyone:
0.039 0.0001 0.6879 0.000 0.62 0.00 HABEAS_ACCREDITED_SOI
0.003 0.0000 0.0573 0.000 0.51 0.00 HABEAS_ACCREDITED_COI
0.000 0.0000 0.0000 0.500 0.49 0.00 HABEAS_CHECKED
There's a handful of spam hits for a couple of people, so it's not clear if
that's misfiling or an abusive sender. But these results are pretty good IMO.
Other related services/rules to compare to (everyone's results):
0.076 0.0000 1.7505 0.000 0.68 0.00 RCVD_IN_BSP_TRUSTED
0.008 0.0003 0.1722 0.002 0.52 0.00 RCVD_IN_BSP_OTHER
0.143 0.0118 3.0312 0.004 0.62 0.00 RCVD_IN_DNSWL_LOW
0.203 0.0376 3.8239 0.010 0.55 0.00 RCVD_IN_DNSWL_MED
0.001 0.0002 0.0143 0.011 0.50 0.00 RCVD_IN_DNSWL_HI
0.054 0.0001 0.9585 0.000 0.66 0.00 __RCVD_IN_IADB
0.054 0.0001 0.9495 0.000 0.65 0.00 RCVD_IN_IADB_LISTED
0.053 0.0001 0.9352 0.000 0.65 0.00 RCVD_IN_IADB_SPF
0.025 0.0000 0.4425 0.000 0.59 0.00 RCVD_IN_IADB_DOPTIN
0.012 0.0000 0.2042 0.000 0.55 0.00 RCVD_IN_IADB_SENDERID
0.005 0.0000 0.0842 0.000 0.51 0.00 RCVD_IN_IADB_VOUCHED
0.002 0.0000 0.0287 0.000 0.50 0.00 RCVD_IN_IADB_UNVERIFIED_2
0.001 0.0000 0.0215 0.000 0.50 0.00 RCVD_IN_IADB_OPTIN_GT50
0.001 0.0000 0.0143 0.000 0.50 0.00 RCVD_IN_IADB_EPIA
0.001 0.0000 0.0125 0.000 0.50 0.00 RCVD_IN_IADB_LOOSE
0.001 0.0000 0.0107 0.000 0.49 0.00 RCVD_IN_IADB_EDDB
0.001 0.0000 0.0107 0.000 0.49 0.00 RCVD_IN_IADB_ML_DOPTIN
[the other IADB rules show 0 hits]
--
Randomly Selected Tagline:
"We use a NetApp 820 with Oracle8i (running on win2k)- The machine
itself is amazing. Fast, reliable, smarter than us when it breaks,
and support is great."
- JoAnne Martone in <00...@oit.ads.umass.edu>
Re: more habeas spam
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Tue, 2009-01-06 at 19:31 +0100, Kai Schaetzl wrote:
> It appears to me that the HABEAS rules are hitting only a very tiny fraction of
> mail, many of the nightly mass-checks don't have a hit at all (or is it that those
> checks don't contain any network checks?). The aggregated view shows no hits at all
> for these rules.
Network tests are done once a week, not daily.
> I'm not sure if I'm reading the ruleqa correctly, although I read it's help.
> 1. I'm wondering why many rules show a score of 0.0
These appear to be network tests.
> 2. do I understand it correctly that a nightly check contains only the spam
> received over the last 24 hours?
No. The nightly mass-checks contain the full corpora.
> 3. I don't see any explanation for s/o and rank. (Rank seems to be some sort of
> ranking according to the hit rate, but I find it hardly understandable that a rule
> that hits a lot of messages, like URIBL_SURBL, scores 1.0 as rank and a rule that
> hits almost no messages still scores at half of that. s/o seems to show the
> ham/spam ratio cleanliness?)
Correct, S/O is the Spam / Overall ratio. The higher that ratio, the
better the rule and the lower the ham hits (in percent, not absolute
numbers).
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: more habeas spam
Posted by Kai Schaetzl <ma...@conactive.com>.
Greg Troxel wrote on Tue, 06 Jan 2009 10:51:57 -0500:
> In https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5902 I asked
I read that bug report now and followed the link to the ruleqa. I have a slightly
different twist on that: should rules with such a low hit rate (whatever they hit)
have such high
scores? I mean, just a few hits on the "other side" will "out-balance" such
a rule quickly. Should such a rule be allowed to have such a great influence?
It appears to me that the HABEAS rules are hitting only a very tiny fraction of
mail, many of the nightly mass-checks don't have a hit at all (or is it that those
checks don't contain any network checks?). The aggregated view shows no hits at all
for these rules.
I'm not sure if I'm reading the ruleqa correctly, although I read it's help.
1. I'm wondering why many rules show a score of 0.0
2. do I understand it correctly that a nightly check contains only the spam
received over the last 24 hours?
3. I don't see any explanation for s/o and rank. (Rank seems to be some sort of
ranking according to the hit rate, but I find it hardly understandable that a rule
that hits a lot of messages, like URIBL_SURBL, scores 1.0 as rank and a rule that
hits almost no messages still scores at half of that. s/o seems to show the
ham/spam ratio cleanliness?)
There's also something wrong with the ruleqa.cgi. When I click a rule to get the
explanation I get a software error at the bottom, for instance:
http://ruleqa.spamassassin.org/20090103-r730938-n/HABEAS_ACCREDITED_SOI/detail
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: more habeas spam
Posted by Jon Trulson <jo...@radscan.com>.
On Fri, 9 Jan 2009, John Hardin wrote:
> On Fri, 9 Jan 2009, Jon Trulson wrote:
>
>> On Wed, 7 Jan 2009, Anthony Peacock wrote:
>>
>>> I zeroed the scores for all of these rules about a year ago. They were
>>> only hitting on SPAM emails and pushing them into the FN range.
>>
>> I second that - habeas stopped being useful a long time ago (IMO of
>> course :). Just zero them out.
>
> Erm. If they're hitting on nothing but spam, doesn't that mean you should
> assign them a *positive* score? ;)
>
I didn't say they hit on nothing *but* spam :) I really have no idea
how much ham they hit, but I sure noticed it when spam was allowed
through because of it.
So I zero'd them out, and haven't missed them at all.
--
Happy cheese in fear | Jon Trulson
against oppressor, rebel! | mailto:jon@radscan.com
Brocolli, hostage. -Unknown | 4E2A 697F 66D6 7918 B684
| FEB6 4E98 16C1 25F8 A291
Re: more habeas spam
Posted by John Hardin <jh...@impsec.org>.
On Fri, 9 Jan 2009, Jon Trulson wrote:
> On Wed, 7 Jan 2009, Anthony Peacock wrote:
>
>> I zeroed the scores for all of these rules about a year ago. They were
>> only hitting on SPAM emails and pushing them into the FN range.
>
> I second that - habeas stopped being useful a long time ago (IMO of
> course :). Just zero them out.
Erm. If they're hitting on nothing but spam, doesn't that mean you should
assign them a *positive* score? ;)
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The problem is when people look at Yahoo, slashdot, or groklaw and
jump from obvious and correct observations like "Oh my God, this
place is teeming with utter morons" to incorrect conclusions like
"there's nothing of value here". -- Al Petrofsky, in Y! SCOX
-----------------------------------------------------------------------
8 days until Benjamin Franklin's 303rd Birthday
Re: more habeas spam
Posted by Jon Trulson <jo...@radscan.com>.
On Wed, 7 Jan 2009, Anthony Peacock wrote:
> LuKreme wrote:
>> On 6-Jan-2009, at 08:51, Greg Troxel wrote:
>>> I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
>>> value. But, I wonder if SA should apply higher standards than that, and
>>> not give negative scores to databases that don't behave reasonably.
>>
>>
>> This has been brought up on the list in the past (there was a long thread
>> on it last February). The best suggestion I saw in that thread was
>>
[...]
>> was something quite different from what it had been under her stewardship.
>
> I zeroed the scores for all of these rules about a year ago. They were only
> hitting on SPAM emails and pushing them into the FN range.
I second that - habeas stopped being useful a long time ago (IMO of
course :). Just zero them out.
--
Happy cheese in fear | Jon Trulson
against oppressor, rebel! | mailto:jon@radscan.com
Brocolli, hostage. -Unknown | 4E2A 697F 66D6 7918 B684
| FEB6 4E98 16C1 25F8 A291
Re: more habeas spam
Posted by Anthony Peacock <a....@chime.ucl.ac.uk>.
LuKreme wrote:
> On 6-Jan-2009, at 08:51, Greg Troxel wrote:
>> I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
>> value. But, I wonder if SA should apply higher standards than that, and
>> not give negative scores to databases that don't behave reasonably.
>
>
> This has been brought up on the list in the past (there was a long
> thread on it last February). The best suggestion I saw in that thread was
>
> score HABEAS_ACCREDITED_COI -1.0
> score HABEAS_ACCREDITED_SOI -0.5
> score HABEAS_CHECKED 0
>
> The other suggestion that seemed reasonable was setting all scores to
> 0. Some people suggested setting the scores to positive numbers. Based
> on my own mail, a small positive score for Habeas is reasonable:
>
> score HABEAS_ACCREDITED_COI 0.5
> score HABEAS_ACCREDITED_SOI 1.0
> score HABEAS_CHECKED 0
>
> It's about 90% Spam for my own mailspool. It used to be used a lot more,
> at least in my mail. A lot of commercial or semi-commercial
> mailing-lists that I was on tried it out back around 2003-2005, iirc.
> Since then, all have stopped using it. The last one to remove them was
> the TidBITS mailing list which dropped them on 1-Jan-2007. Certainly
> having the very low scores (are they still defaulting to -4.5 and -8.0?)
> seems like a spectacularly bad idea.
>
> If you want the real history of Habeas in a nutshell, the company went
> to hell when Anne Mitchell left (the same Anne Mitchell who was part of
> MAPS back in the day). She's now at the Institute for Spam and Internet
> Public Policy <http://www.isipp.com/about.php>. What habeas became
> after she left was something quite different from what it had been under
> her stewardship.
I zeroed the scores for all of these rules about a year ago. They were
only hitting on SPAM emails and pushing them into the FN range.
--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
Study Health Informatics - Modular Postgraduate Degree
http://www.chime.ucl.ac.uk/study-health-informatics/
Re: more habeas spam
Posted by mouss <mo...@ml.netoyen.net>.
McDonald, Dan a écrit :
> On Fri, 2009-01-09 at 13:21 +0300, Sergey Kovalev wrote:
>> mouss wrote:
>>>> On 6-Jan-2009, at 08:51, Greg Troxel wrote:
>>>>> I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
>>>>> value. But, I wonder if SA should apply higher standards than that, and
>>>>> not give negative scores to databases that don't behave reasonably.
>>> meta DNS_FROM_DOB (0)
>>> meta RCVD_IN_DOB (0)
>>> meta URIBL_RHS_DOB (0)
>>>
>>> They weren't bringing anything, so I preferred to reduce the network
>>> usage...
>> I may be wrong, but I thought that "0" disables the rule, not "(0)".
>>
>> Probably I should re-read Mail::SpamAssassin::Conf(3).
>
> score 0 disables the rule. meta (0) always returns false.
> So he is still querying the RBLs, but throwing the results on the floor.
>
really? I see
meta RCVD_IN_DSBL (0)
in the updates. I doubt this means SA still queries dsbl.
Can someone please clarify?
Re: more habeas spam
Posted by "McDonald, Dan" <Da...@austinenergy.com>.
On Fri, 2009-01-09 at 13:21 +0300, Sergey Kovalev wrote:
> mouss wrote:
> >> On 6-Jan-2009, at 08:51, Greg Troxel wrote:
> >>> I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
> >>> value. But, I wonder if SA should apply higher standards than that, and
> >>> not give negative scores to databases that don't behave reasonably.
> >
> > meta DNS_FROM_DOB (0)
> > meta RCVD_IN_DOB (0)
> > meta URIBL_RHS_DOB (0)
> >
> > They weren't bringing anything, so I preferred to reduce the network
> > usage...
>
> I may be wrong, but I thought that "0" disables the rule, not "(0)".
>
> Probably I should re-read Mail::SpamAssassin::Conf(3).
score 0 disables the rule. meta (0) always returns false.
So he is still querying the RBLs, but throwing the results on the floor.
--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com
Re: more habeas spam
Posted by Sergey Kovalev <sp...@kovalev.com.ru>.
mouss wrote:
>> On 6-Jan-2009, at 08:51, Greg Troxel wrote:
>>> I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
>>> value. But, I wonder if SA should apply higher standards than that, and
>>> not give negative scores to databases that don't behave reasonably.
>
> I have
>
> # Disable Habeas
> meta HABEAS_ACCREDITED_COI (0)
> meta HABEAS_ACCREDITED_SOI (0)
> meta HABEAS_CHECKED (0)
>
> # Disable Bonded Sender
> meta RCVD_IN_BSP_OTHER (0)
> meta RCVD_IN_BSP_TRUSTED (0)
>
> meta DNS_FROM_DOB (0)
> meta RCVD_IN_DOB (0)
> meta URIBL_RHS_DOB (0)
>
> They weren't bringing anything, so I preferred to reduce the network
> usage...
I may be wrong, but I thought that "0" disables the rule, not "(0)".
Probably I should re-read Mail::SpamAssassin::Conf(3).
Re: more habeas spam
Posted by mouss <mo...@ml.netoyen.net>.
LuKreme a écrit :
> On 6-Jan-2009, at 08:51, Greg Troxel wrote:
>> I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
>> value. But, I wonder if SA should apply higher standards than that, and
>> not give negative scores to databases that don't behave reasonably.
>
>
> This has been brought up on the list in the past (there was a long
> thread on it last February). The best suggestion I saw in that thread was
>
> score HABEAS_ACCREDITED_COI -1.0
> score HABEAS_ACCREDITED_SOI -0.5
> score HABEAS_CHECKED 0
>
> The other suggestion that seemed reasonable was setting all scores to
> 0. Some people suggested setting the scores to positive numbers. Based
> on my own mail, a small positive score for Habeas is reasonable:
>
> score HABEAS_ACCREDITED_COI 0.5
> score HABEAS_ACCREDITED_SOI 1.0
> score HABEAS_CHECKED 0
>
I have
# Disable Habeas
meta HABEAS_ACCREDITED_COI (0)
meta HABEAS_ACCREDITED_SOI (0)
meta HABEAS_CHECKED (0)
# Disable Bonded Sender
meta RCVD_IN_BSP_OTHER (0)
meta RCVD_IN_BSP_TRUSTED (0)
meta DNS_FROM_DOB (0)
meta RCVD_IN_DOB (0)
meta URIBL_RHS_DOB (0)
They weren't bringing anything, so I preferred to reduce the network
usage...
> It's about 90% Spam for my own mailspool. It used to be used a lot more,
> at least in my mail. A lot of commercial or semi-commercial
> mailing-lists that I was on tried it out back around 2003-2005, iirc.
> Since then, all have stopped using it. The last one to remove them was
> the TidBITS mailing list which dropped them on 1-Jan-2007. Certainly
> having the very low scores (are they still defaulting to -4.5 and -8.0?)
> seems like a spectacularly bad idea.
>
> If you want the real history of Habeas in a nutshell, the company went
> to hell when Anne Mitchell left (the same Anne Mitchell who was part of
> MAPS back in the day). She's now at the Institute for Spam and Internet
> Public Policy <http://www.isipp.com/about.php>. What habeas became
> after she left was something quite different from what it had been under
> her stewardship.
>
>
Habeas were acquired by ReturnPath back in August. I however don't know
what RP want to do with that...
Re: more habeas spam
Posted by LuKreme <kr...@kreme.com>.
On 6-Jan-2009, at 08:51, Greg Troxel wrote:
> I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
> value. But, I wonder if SA should apply higher standards than that,
> and
> not give negative scores to databases that don't behave reasonably.
This has been brought up on the list in the past (there was a long
thread on it last February). The best suggestion I saw in that thread
was
score HABEAS_ACCREDITED_COI -1.0
score HABEAS_ACCREDITED_SOI -0.5
score HABEAS_CHECKED 0
The other suggestion that seemed reasonable was setting all scores to
0. Some people suggested setting the scores to positive numbers.
Based on my own mail, a small positive score for Habeas is reasonable:
score HABEAS_ACCREDITED_COI 0.5
score HABEAS_ACCREDITED_SOI 1.0
score HABEAS_CHECKED 0
It's about 90% Spam for my own mailspool. It used to be used a lot
more, at least in my mail. A lot of commercial or semi-commercial
mailing-lists that I was on tried it out back around 2003-2005, iirc.
Since then, all have stopped using it. The last one to remove them was
the TidBITS mailing list which dropped them on 1-Jan-2007. Certainly
having the very low scores (are they still defaulting to -4.5 and
-8.0?) seems like a spectacularly bad idea.
If you want the real history of Habeas in a nutshell, the company went
to hell when Anne Mitchell left (the same Anne Mitchell who was part
of MAPS back in the day). She's now at the Institute for Spam and
Internet Public Policy <http://www.isipp.com/about.php>. What habeas
became after she left was something quite different from what it had
been under her stewardship.
--
I hear hurricanes a-blowing, I know the end is coming
soon. I fear rivers over-flowing. I hear the voice
of rage and ruin.