spamassassin-users March 2012 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Request to change rule RCVD_IN_RP_CERTIF

Re: Request to change rule RCVD_IN_RP_CERTIFIED

From: Kevin A. McGrail <KMcGrail_at_nospam>
Date: Thu Mar 29 2012 - 22:06:39 GMT
To: Michael Scheidell <michael.scheidell@secnap.com>

On 3/29/2012 3:47 PM, Michael Scheidell wrote:
> If you go back, I and many others have complained about the 'pay to
> spam' rules currently in SpamAssassin.
>
> Some of these, like linked in, are blatant violations of US federal
> CAN Spam laws.
> Last time I got a spam from linked in, they insisted: (the company
> that certified them, and took money to let them spam), insisted:
> A) that somehow _I_ was at fault (you must have signed up)
> B) that it was my responsibility to unsubscribe (Sorry, you have to
> sign up, and agree to their terms, which allow them to spam you, this
> was the only way to unsubscribe)
>
> Well, today, at least they have a link in their spam that lets you
> unsubscribe without joining linked in. However, they still don't have
> a full physical address of the sender in their emails.
>
> This email was sent to an email address used for technical mailing
> lists (I am on the development team for FreeBSD/) and, or harvested
> from a web site that archives emails (again, either of these is a
> violation of federal can spam laws)
>
> Why bring this up? I want SA to disable all these pay to spam rules
> as defaults.
> I have brought this up with linked in, and the 'spam for hire' company
> that sends these, and all I get is the runaround.
>
> if this rule is truly CERTIFIED not to spam, then they had better
> review us federal laws, and make this company conform.
> <http://pastebin.com/K0r29v6F>
> (even pastebin thought this was spam and made me type in chars to
> prove I wasn't a robot/zombot)
>

I read your complaint but have some procedural and technical concerns.
Boiling down to the top two points:

A - CANSPAM is of very little concern to the SA project. We use a
vastly different definition of spam than the legal definition.

B - If a rule such as RP_CERTIFIED starts to hit on more ham than spam,
then it becomes primarily a scoring issue

Looking at my personal corpus, I have 1186 HAMs, 0 tagged as spams and 4
spams that slipped past. In otherwords, the rule is clearly a good
indicator of Spam for me.

As a side note, linkedin likely had someone from FreeBSD list use the
email address to invite people. I doubt linkedin actually did it. They
are an easily abused system but I've never seen them actually support spam.

regards,
KAM