I've been tuning the spamassassin parameters for my account a little bit; I've managed to get the spam that doesn't go into the greymail to be down to a few messages per day (tolerable).
In doing so, I noticed one strange thing. Lots of ham (good messages, from real people, sent from reputable ISPs or hosts) trigger the T_DKIM_INVALID test. Meaning their systems are misconfigured to generate bad DKIM. The list includes my kid's high school principal (using the school district's system, and this is a very large, wealthy and sophisticated district), a building contractor using his default SBC e-mail address that comes with his DSL, and my son's instrument teacher using his default Comcast e-mail. These are not smart but sloppy computer hackers, who think they configured DKIM but got it wrong, but non-computer folks using preconfigured systems.
On the other hand, a large fraction of the spam that still makes it through the filters also has T_DKIM_INVALID (makes sense, much of it forges the address).
The bad news: This means I can't use T_DKIM_INVALID to help seriously suppress the remaining spam.
The annoying part: Why do administrators for large systems not configure DKIM correctly?
This is not a complaint about Sonic, nor is the e-mail configuration problem Sonic-specific. I'm just venting that adjusting my spamassassin parameters is hard or impossible, because the world is full of fail. Thank you for listening to my rant.
In doing so, I noticed one strange thing. Lots of ham (good messages, from real people, sent from reputable ISPs or hosts) trigger the T_DKIM_INVALID test. Meaning their systems are misconfigured to generate bad DKIM. The list includes my kid's high school principal (using the school district's system, and this is a very large, wealthy and sophisticated district), a building contractor using his default SBC e-mail address that comes with his DSL, and my son's instrument teacher using his default Comcast e-mail. These are not smart but sloppy computer hackers, who think they configured DKIM but got it wrong, but non-computer folks using preconfigured systems.
On the other hand, a large fraction of the spam that still makes it through the filters also has T_DKIM_INVALID (makes sense, much of it forges the address).
The bad news: This means I can't use T_DKIM_INVALID to help seriously suppress the remaining spam.
The annoying part: Why do administrators for large systems not configure DKIM correctly?
This is not a complaint about Sonic, nor is the e-mail configuration problem Sonic-specific. I'm just venting that adjusting my spamassassin parameters is hard or impossible, because the world is full of fail. Thank you for listening to my rant.
