false positives

Vernon Schryver vjs@calcite.rhyolite.com
Thu Oct 20 14:00:44 UTC 2005


> From: "Dan Mahoney, System Admin" 

> If people flag those things as spam and report them, then they will score.
>
> At least, that's my thinking.

Not exactly.  As Sven Willenberger wrote, the DCC detects bulk mail.
You must add a local whitelist to distinguish solicited bulk mail
(e.g. legitiamte newsletters) from spam or unsolicited bulk mail.

Mailing lists are bulk mail and should be detected as bulk.  Most
legitimate bulk mail should not have target countss of millions, but
it could.  The DCC "MANY" value is in fact any target greater than or
equal to 16,777,200.  If you are seeing legitimate bulk mail with
target counts of "MANY," it is probably because someone has miswired
a system to report all incoming mail with the bloated counts common
to spam traps.

All of this is why I keep saying (despite zillions of people who seem
to disagree) that the right way to use the DCC is with per-user
whitelists.  Whitelists let individual users enforce their individual
notions of which bulk mail is solicited.  For example, Microsoft has
sent me unsolicited bulk mail.  That it is spam for me should have no
bearing on whether it is spam for you.

There is an odd second order effect.  Bulk mail that is popularly
whitelisted at DCC clients tends to not be recognized as bulky as
it is.  This is because the checksums of whitelisted messages are
not reported to DCC servers.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.