cbeust at bea.com
Mon Apr 12 10:55:23 EDT 2004
> Whitelists and blacklists are problematic anyway, because 'spoofing' (pretending you are someone else) is > reasonably simple, and also very common.
Spoofing is simple indeed, but I don't believe it's very common for spammers to impersonate people that I know, and I actually don't think it ever happened to me. Spams are delivered blindly, so the odds that the forged From: will match someone from my Address Book are very slim.
> Also, blacklisting is really a server side responsibility.
Agreed, but whitelisting is a client-side responsibility. I only want people from *my* address book to be whitelisted.
> If you really need whitelisting, consider implementing rules in your mailer to intercept the messages
> before they're passed to SpamBayes.
I don't believe this is realistic: you would have to add rules so that emails from people in your Address Book get moved to a "Verified" folder that wouldn't be watched by SpamBayes (or it would filter them anyway). So I will end up with folders named "Inbox/Verified/Spam/Suspected Spam", which is not the friendliest way of solving this problem. All of this could be avoided if SpamBayes did Address Book whitelisting, like Thunderbird.
Tony, philosophical reasons aside, are there any technical reasons why Whitelisting isn't in SpamBayes or do you believe it would be an easy fix?
More information about the Spambayes