On Tue, Jul 14, 2009 at 11:03:11AM -0400, Tom Shaw wrote: > Steve and Bill, > > Personally I think "ham" testing will not add as much "safety" as being > asserted. > > 1st your ham and my ham are vastly different as are others on the list. > Further, ham for Europe is different than ham for an Asian than ham for a > South America user, etc. > > OK, ham testing theoretically could have detected "acebook.com" but I > have friends and clients who do not have facebook.com in their ham > because they wash their ham every 14 days and so would have never > detected the problem prior to a facebook message appearing. FUrther, I > expect that the next FP to happen will not be in whatever "ham" set you > are testing against which might make ham testing intrinsically > problematic. Sorry Tom. I do appreciate your good check methods, but you are now way off on this. Just because your friends and clients might not have a decend ham set doesn't mean that such check is pointless and shouldn't additionally be used. For example many people dealing with SpamAssassin have wide corpuses. It might not be feasible to do a comprehensive check with massive corpus just before releasing, but I'm thinking people could offer to get the signatures just as they are released, run checks and send reports back if something fishy is found. Lets take acebook.com.. I run it through 117216 recent hams (fuzzily uniqued) and found 895 hits (took 5 minutes). It seriously suggests that the signature should be reviewed. Want to know how many "com" hits there were? 78145. Cheers, Henrik