/dev/rob0 wrote:
On Tuesday 26 September 2006 11:57, Matt wrote:
In general, I agree - but once you've seen ASSP in action, you'll never look back. Does ASSP support vhosted mailboxs? Can I allow each user to configure their own white/black lists like spam assassin allows?
This is going way off topic ... okay, not going, it's gone. :) But I contribute to the problem by tossing out this bit:
I don't see the point in per-user spam controls. Spam is spam. If a site's sending out UBE, that is a spam site, period. Block it.
Spam is not "mail that $USER doesn't want to see". Spam is UBE. If
$USER subscribed to something and confirmed it before the mailings started, that's not spam. If $USER happens to be interested in the stock tips or pharmaceuticals or other such spammer spew, it's STILL spam, and should be treated as such.Furthermore, users rarely understand how mail works. They think that sender addresses really mean something. You got spam from some sender address, so you should blacklist that address? Well duh, it probably wasn't really that sender. Maybe you just blocked a real person, an innocent victim of spammers.
Whitelisting by sender address is just as bad for the same reasons. Suppose you whitelist an Outhouse Distress user who gets a virus, and the virus goes out to everyone in the address book.
I'd disagree with this point. A spam whitelist doesn't have to allow viruses to pass. Also, most automated server side anti-spam systems, especially those that are content based, like SpamAssassin, need per user whitelists to allow the system to adjust to the needs of individual users. This may not be true for Corporate users, where policy reigns supreme, but for a general email provider, like an ISP, per user whitelists are a necessary evil. Without them, content based filters would have to be very lame.
Ken A. Pacific.Net
End users occasionally discover the great FUSSP of C/R systems ... and thus join the legions of spammers. All out of ignorance. Spam "solutions" implemented by people who don't understand spam and SMTP always make the problem worse for everyone.
I'm not paternalistic, at least I don't think so, but I'd like to see movement away from user spam controls and toward *clueful* server-side spam abatement. Maybe that would indeed be a FUSSP? No telling, because it will never happen.