[spambayes-dev] Regarding Whitelisting
T. Alexander Popiel
popiel at wolfskeep.com
Tue Sep 2 12:40:33 EDT 2003
In message: <001b01c37171$795e9270$0a00a8c0 at Aleem>
"Aleem B" <aleem.bawany at utoronto.ca> writes:
>>> With whitelists mail would not get "mis-classified" in the
>>> first place.
>> Not true. Thanks to spoofing, you'd end up with lots of
>> false-negatives. Or if you personally don't, many other
>> spambayes users
>This is the part that I don't understand. How often do
>you receive spam forged from people in your address book?
I get about six a day, presumably because one of the spammers
that raped a mailing list got a clue and uses other members
of that mailing list as from addresses when sending to
addresses culled from that source.
>>> Besides, the decision to whitelist an email address (and risk
>>> getting mail from a spammer forging that very address),
>>> should be left to the user.
>> We're not stopping you whitelisting; we're simply not adding it to
>I'm trying to make a case for it, because the case against it is
What I don't understand is why people want one tool to do everything.
I have multiple MTAs which are separate from my MDA which is separate
from my MUA, with several filters in between... why should whitelisting
be added to spambayes, when spambayes does what it does very well, and
other tools (like procmail) can trivially do whitelisting very well,
and they can be easily used in conjunction?
Is this another case of unix mentality (use multiple tools which each
do their own thing well) is getting in the way of general acceptance
by the masses?
>> False positives are much worse than false negatives, yes. But you're
>> still basing this on no evidence that there will be these false
>The classifier can generate false positives - what evidence do I need?
The same evidence that you're demanding for false negatives from
whitelists (which I provide anecdotally above).
More information about the spambayes-dev