I haven't read the article recently (it makes me too mad, for one thing), but I read it a couple of times a while back (mainly when you linked it in a kbase article, which I also responded to).
He may have read the documentation, but I don't think he really understands how the scores actually work, or why they're effective.
He's also complaining about some peoples' specific implementation of SA - as used to actually reject incoming mail. I don't think anyone here is advocating that. I don't /dev/null any mail marked by SA (although anything with a score over 15 or 20 is almost definitely spam).
If he wanted to get mad at a particular ISPs use of the tool and / or their configuration, that's one thing, but blame the appropriate people here. SpamAssassin is a tool that can be helpful to some people when configured / used properly. As with any piece of software, it can be configured improperly, or used for things it's not really designed to do, but you can't really blame the authors of the software for that.
His objections are mostly to tests that have low positive or even negative scores, and the scores (again) are based on actual spam, and the liklihood that they contain a certain element. Whether or not you agree with the tests on paper, they're very effective.
ISPs almost never filter abuse@ or postmaster@ accounts for obvious reasons. For instance, we use some internal blocklists, but postmaster@, abuse@, etc. aren't blocked; neither is my personal address as it's also an ARIN contact (which occasionally receives spam complaints and the like). I don't use any content filters at all on the abuse mailbox either... obviously that would be stupid, as one expects to receive spam at this address.
Now if a spammer does send spam to our abuse address, I am almost certain to report it, and very possible to add the originating IP address to our internal blocklists. Spamming abuse@ or postmaster@ is a really stupid thing to do.
We do use SA a little bit on our support box, although the scores have been heavily modified and mail from any email address that's in our customer database is accepted regardless of the score. That's because the amount of spam (especially spam with foreign character sets) was making it very difficult to get work done.
I don't know about you, but I've rarely / never received an email talking about opting in that wasn't spam.
I dont' think this analogy really makes sense; I think that the authors of the software are sincere in wanting it to be used in a way that's appropriate to the application.
Is SA appropriate for naïve users? Probably not, which is one reason we haven't made instructions for setting it up / using it widely available. Anyone using any type of spam filtering system should be responsible for using it properly and checking caught messages once in a while.
I don't think anyone here is advocating this type of behavior. No filter which blocks based on content is 100% effective, and I don't think many responsible ISPs use such a filter to completely prevent mail from reaching a customer.
If we were ever to implement server-side content filtering, the strongest action we'd take would probably be to tag messages with some sort of score.
For me, I'm 100% sure of what the answer is... Without spam filters, I'd go completely insane. I've received over 1500 pieces of spam to my main email account sine Jul 31, and lots more at other accounts. Having this type of mail end up in my inbox totally messes up my organization scheme. I go through my spam folder 3 or 4 times a day and doublecheck that there aren't any false positives in there.
I would like to check out some of the newer pseudo-bayesian spam filters when I have some spare time.