David, I agree.
But I do think the whitelisting needs to be changed. I think you should add a WhitelistUnique tag. EG: WhitelistUnique TO: [EMAIL PROTECTED] The way the tag would function is that the email would only be treated as whitelisted if [EMAIL PROTECTED] was the only address in the "TO" field and if the carbon copy field is also blank. This insures that spammers can't stack multiple email addresses in the "TO" or "CC" fields, one address of which is whitelisted, thus forcing the email to pass through Declude to ALL RECIPIENTS rather than just to the whitelisted recipient. Besides the listserver problem I described, I can see some places wanting to whitelist email to [EMAIL PROTECTED] or [EMAIL PROTECTED] Spammers who have figured out this gaping hole in Declude could easily force all email to a site to be whitelisted by simply sending email to [EMAIL PROTECTED] and tagging a dozen other addresses onto the "TO" field. Not good. Is my suggestion something that you can implement? > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David > Barker > Sent: Wednesday, October 18, 2006 8:30 AM > To: declude.junkmail@declude.com > Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? > > To create a duplicate message for each recipient is not a trivial issue. > This is a function of the mail server not Declude. > > David Barker > Director of Product Development > Your Email security is our business > 978.499.2933 office > 978.988.1311 fax > [EMAIL PROTECTED] > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin > Bilbee > Sent: Tuesday, October 17, 2006 5:08 PM > To: declude.junkmail@declude.com > Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? > > Delcude has always functioned like this. > > What declude could do in this case is to duplicate the message for each > recipient and write a new header file to each recipient. Not a big issue. > Deliver to the one that whitelists and run the spam checks for the others. > > > > Kevin Bilbee > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > > Darin Cox > > Sent: Tuesday, October 17, 2006 12:37 PM > > To: declude.junkmail@declude.com > > Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? > > > > It's actually more of an issue of how the mail server handles the > > message. > > In the case of multiple recipients, since there is only one message > > file addressed to multiple recipients in the headers, it's either > > deliver or not deliver unless you rewrite the headers to modify the > > recipient list. I think I'd rather not have the spam filtering system > > alter that. Add to the header, yes. Alter the recipients, no. > > > > Also, I have not come across a situation where I wanted to let a > > message go through to one recipient and not to others, except in the > > situation of lists which is a whole other topic. > > > > Darin. > > > > > > ----- Original Message ----- > > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > > To: <declude.junkmail@declude.com> > > Sent: Tuesday, October 17, 2006 3:11 PM > > Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? > > > > > > I would call that a flaw, then, in how Declude processes the whitelist. > > > > I have a listserver email address for which I do not want email spam > > checked. This is because I don't want messages going out to the list > > that say SPAM in the subject line. Because nobody who is not a member > > on the list can post to the list, there is no problem whitelisting the > > "TO" > > address > > for mail sent to the list server email address. > > > > However, spammers will send an email to a dozen of our mail addresses > > (12 > > recipients) one of which is the whitelised "TO" address for the > > listserver. > > Because of the way Declude processes the whitelist, that means that > > the other 11 recipient receive the spam even though mail to them is > > not whitelisted. > > > > That is a bad design on Declude's part, wouldn't you agree? Anyone > > else feel that this needs to be rectified? > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > > Darrell > > > ([EMAIL PROTECTED]) > > > Sent: Tuesday, October 17, 2006 11:25 AM > > > To: declude.junkmail@declude.com > > > Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? > > > > > > If one user is whitelisted they all will be whitelisted for that > > email. > > > There are some things you can do to prevent this like > > > BYPASSWHITELIST > > test. > > > > > > Darre;; > > > > > > -------------------------------------------------------------------- > > > - > > --- > > > Check out http://www.invariantsystems.com for utilities for Declude > > And > > > Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI > > integration, > > MRTG > > > Integration, and Log Parsers. > > > > > > ----- Original Message ----- > > > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > > > To: <declude.junkmail@declude.com> > > > Sent: Tuesday, October 17, 2006 11:18 AM > > > Subject: [Declude.JunkMail] Whitelisting flaw in Declude? > > > > > > > > > If an email is received that is addressed to multiple recipients, > > > one > > of > > > whom is whitelisted, does Declude treat the email as whitelisted for > > all > > > recipients? > > > > > > > > > > > > > > > > > > --- > > > This E-mail came from the Declude.JunkMail mailing list. To > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > > "unsubscribe Declude.JunkMail". The archives can be found at > > > http://www.mail-archive.com. > > > > > > > > > > > > > > > > > > --- > > > This E-mail came from the Declude.JunkMail mailing list. To > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > > "unsubscribe Declude.JunkMail". The archives can be found at > > > http://www.mail-archive.com. > > > > > > > > > > > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > "unsubscribe Declude.JunkMail". The archives can be found at > > http://www.mail-archive.com. > > > > > > > > > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > "unsubscribe Declude.JunkMail". The archives can be found at > > http://www.mail-archive.com. > > > > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe > Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
