Ability to add whitelisted addresses
Brought to you by:
paulcockings,
sbajic
Menu
▾
▴
#8 Ability to add whitelisted addresses
DSPAM can be a bit slow to learn emails you only get say once every few months it would be great if you could manually add a whitelisted address in the DSPAM UI.
While this can be done at the MTA level that would mean bypassing DSPAM and missing an opportunity to train the database.
Imported comment from dspam-community # 2475637
Paul Cockings ( paulcockings ) - 2008-12-29 20:59
WHITELIST IMPROVEMENT IDEAS
Option via web gui to set whitelist from day one.
Instead of waiting for 10+ email to pass for auto white listing, it would
be good to setup your known buddies from day 1 of using dspam-community
Imported Comment: dspam-community ticket 2475637
Date: 2009-01-09 17:40
Sender: steeeeeveee
Hallo Paul
This would be possible to do. But one issue is that DSPAM does use the
whole FROM line for the white list and white listing your buddies from day
one would require you to know the exact FROM line of their mails. Another
option would be to weaken the white listing algorithm to just include the
bare email address and white list just the pure bare email address.
I could write easy a patch for that. Let me know if you need/want that.
Kind Regards from Switzerland
Steve
Imported Comment: dspam-community ticket 2475637
Date: 2009-01-15 06:41
Sender: dovzamir
In itself, this looks like good idea and it has come up as a feature
request many times on the dspam-users list.
However, using the "bare address" can be easily abused by spammers
masquerading as someone you know (which, I believe, is quite common right
now). This would completely defeat the purpose of dspam. We need to rethink
this one if we want to implement it.
How about looking through your address book to whitelist everything in
there automatically? Steeve, what do you think, could your patch achieve
this? But we still need to figure out how to do it without making a
convenient security hole for spammers. I have some far-fetched ideas, but
they all seem to need the cooperation of the sender.
Ideas?
The problem with the addressbook lookup is that not everyone has the possibility to query the addressbook for each and every user. Some mail clients have their addressbook locally and querying the addressbook is not possible.
I think we NEED to educate the DSPAM user base that whitelisting manually in DSPAM is a bad thing. I mean: If whitelisting in DSPAM is the most significant thing keeping mail from a certain sender to not get tagged by DSPAM as spam, then you have definitely a big problem. Then your data/tokens in DSPAM are in a very, very bad shape and it's good, that DSPAM tagged the message as SPAM (forcing you to reclassify and help DSPAM learn).
I do however have some things in my mind that could help accelerating whitelisting in DSPAM. One thing would be to add a special whitelist token for the senders domain and use that to slightly tune the probability towards innocent if there is a positive match or a higher hit in innocent then in spam. Another thing could be to parse all the received header lines and construct some kind of "trusted delivery path" in relation to a sender and/or sender domain. And have that "trusted delivery path" behave +/- the same as mentioned above. Or forget all that token thing and introduce a plain text file or preference where one can just add the bare email address and use that to whitelist BUT in case of whitelisting that way NOT automatically train DSPAM with the tokens (that would come +/- to the same technique as doing it on the MTA level).
But again: I am not that hot in adding users manually to the DSPAM whitelist. I know, I know... people like it but as I wrote above: If whitelisting is the thing keeping your DSPAM instance in not tagging a big part of your mail communication as spam, then your tokens are in a very bad shape.
Having an option through either the quarantine (or mail history) on the GUI to white-list permanently add an entire from address would be great. Having one email from a person go into quarantine isn't too bad its when it happens over and over that is the problem its a good workaround to the problem without just allowing bare email addresses to be white-listed.
It only seems to be with emails which are legitimate, infrequent and the contents are easily taken as SPAM my own personal example is a monthly specials email from a motorcycle store every time it went to my quarantine there wasn't much to the email other than a un-subscribe link, and an embedded image not much for DSPAM to learn from I tried to train dspam for ages fortunately they changed their email to be html based and the problem went away for that particular address.
In the meantime I am doing white-listing on the MTA to bypass DSPAM for email addresses that prove troublesome nearly all of these are the specials/newsletter type emails.