TSA wants people to turn off their spam filters:
i'd suggest some sort of tsa whitelist rule, but i'm guessing if that
happens i'll soon start seeing mail from the tsa's department of
herbal viagra.
-faisal

whitelist_from_rcvd *@tsa.dot.gov tsa.dot.gov or whatever works.
{^_^}
Message
From: "Faisal N Jawdat" <faisal (AT) faisal (DOT) com>
To: <users (AT) spamassassin (DOT) apache.org>
Sent: 2005 August, 12, Friday 14:34
Subject: tsa vs., well, us

TSA wants people to turn off their spam filters:

i'd suggest some sort of tsa whitelist rule, but i'm guessing if that
happens i'll soon start seeing mail from the tsa's department of
herbal viagra.
-faisal

Whitelist_from_rcvd makes more sense than your approach, Gene. At least
it would if your name was on the don't fly list for some reason.
{^_^}
Message
From: "Gene Heskett" <gene.heskett (AT) verizon (DOT) net>

Friday 12 August 2005 17:34, Faisal N Jawdat wrote:
>>TSA wants people to turn off their spam filters:
>>
>>

Ya gotta be kidding. Tell ya what, this is my machine, and I'll
filter as I damned well please within my ability to write filter
rules. Screw em and the camel that rode in on them

>>i'd suggest some sort of tsa whitelist rule, but i'm guessing if
>that happens i'll soon start seeing mail from the tsa's department
>of herbal viagra.
>>
faisal

jdow wrote:
Whitelist_from_rcvd makes more sense than your approach, Gene. At least
it would if your name was on the don't fly list for some reason.

so they send mail saying:
I just called to say I listed you
I just called to say you're not free
I just called to say you cannot fly
And I mean it from the tarmac of my planes
?

I really don't see:
- why and how do they have people's email?
- what is the point of such email? (why not phone?)
- why not send an email that doesn't trigger spam checks? after all,
motivated spammers manage to do so.

I have nothing against these guys (they are traceable after all), but I
fear whitelist explosion.

From: "mouss" <usebsd (AT) free (DOT) fr>

jdow wrote:
>Whitelist_from_rcvd makes more sense than your approach, Gene. At least
>it would if your name was on the don't fly list for some reason.

so they send mail saying:
I just called to say I listed you
I just called to say you're not free
I just called to say you cannot fly
And I mean it from the tarmac of my planes
?

I really don't see:
- why and how do they have people's email?
- what is the point of such email? (why not phone?)
- why not send an email that doesn't trigger spam checks? after all,
motivated spammers manage to do so.

I have nothing against these guys (they are traceable after all), but I
fear whitelist explosion.

The original fellow complaining in the article had his name on the do not
fly list and was trying to negotiate with the TSA to get off the list. He
initiated contact.

{^_^}

jdow wrote:

The original fellow complaining in the article had his name on the do not
fly list and was trying to negotiate with the TSA to get off the list. He
initiated contact.

Understood, but he can whitelist them locally. Anyway, they can still
send mail that get past reasonably-configured spam filters (good helo,
rdns, message-id, should be enough, but plain text should help a
lot). or they could sign the email so rcpt can check the sig and accept
the mail. And they could say "if you have a spam filter, make sure you
don't discard our messages" instead of "disable your filter". if a
filter still discards such mail, then it is the recipient's problem.

I mean that whitelisting shouldn't be _the_ approach.

From: "mouss" <usebsd (AT) free (DOT) fr>

jdow wrote:
>>
>The original fellow complaining in the article had his name on the do not
>fly list and was trying to negotiate with the TSA to get off the list. He
>initiated contact.
>
Understood, but he can whitelist them locally. Anyway, they can still send
mail that get past reasonably-configured spam filters (good helo, rdns,
message-id, should be enough, but plain text should help a lot). or
they could sign the email so rcpt can check the sig and accept the mail.
And they could say "if you have a spam filter, make sure you don't discard
our messages" instead of "disable your filter". if a filter still
discards such mail, then it is the recipient's problem.

I mean that whitelisting shouldn't be _the_ approach.

The TSA simply told him he'd best turn off all spam filters. I can imagine
you in a help center trying to describe how a fellow can get his ISP's
spam filter to ignore emails from the TSA. It's easier to say "turn it
off." For people on this group the whitelist is the canonical approach.
Signed email proves nothing more than that the sender has barely enough
brains to figure out how to sign an email - or even forge signing an
email. How many people out in the wilds are equipped or savvy enough to
be able to check every email? Where are the check keys stored? How does
Joe average user find the right key to check against an email? Most people
ignore the signatures and consider them a bother.

whitelist_from_rcvd is UR friend. But how in God's name am I going to
explain to Joe user that he has to get his ISP to use this command in
his anti spam setup. I'm stuck in the middle at the moment between a
fellow in London and a fellow on Whidbey Island who is desperately trying
to configure SpamAssassin to please the guy in London - who receives a
Merchant Marine news letter from a movable Korean address formatted in
classical "into the twenties" spam format. I've given up. It cannot be
done. Neither person cares to listen so "scroom". I think that is why
the TSA, faced with more than just one anti-spam filter, said "Just turn
it off." And the silly critter was pissing and moaning about that arrogant
advice. Screw HIM and the boat he road in on, IMA He's the one who is
being an arrogant pissant.

{^_^}