What I was trying to do was outline a solution that didn't include whitelisting. I'm against whitelisting due to it's inability to differentiate between levels of grey in the spam-fighting process. Instead, pure weighting systems can assign negative weights as needed, but still block _really_ bad mail, but I probably deviated from the main point too much.
Back to the argument and playing devil's advocate on myself, rewriting of the Q*.SMD file is something we do to assist in adjusting weights in the spam filtering process, or reporting FPs or missed spam to sniffer. We have fairly simple VBS scripts that do it for us, so something like that could adopted for use in exploding the Q file and create the appropriate message copies to each recipient. I do agree with David B. that it is better handled by the mail server, though. Darin. ----- Original Message ----- From: "Dave Beckstrom" <[EMAIL PROTECTED]> To: <declude.junkmail@declude.com> Sent: Wednesday, October 18, 2006 12:27 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? - David Barker Darin, We don't whitelist those addresses at all. But I could see other companies wanting to do so. This idea that if one address is whitelisted, then they all are, is not a good situation. It is good in that some folks might want Declude to process that way, in which case the current whitelist will work for them. Its not good from the standpoint that there is no alternative mechanism. If Declude has access to all of the envelope information, they should easily be able to add a new tag that only whitelists an address if it's the only address in the envelope. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox > Sent: Wednesday, October 18, 2006 11:15 AM > To: declude.junkmail@declude.com > Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? - David Barker > > Hi Dave, > > A comment on the whitelist to required monitoring addresses... We don't > whitelist email to abuse@ or postmaster@ addresses. Instead we have a > user-specific Declude config that allows mail through to those addresses. > So, we configure Declude to use this separate config for all postmaster and > abuse addresses for all domains. > > That way we don't have a need to whitelist to these addresses, and we have > fine-grained control over what we let through to them. > > Darin. > > > ----- Original Message ----- > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > To: <declude.junkmail@declude.com> > Sent: Wednesday, October 18, 2006 12:06 PM > Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? - David Barker > > > David, > > I agree. > > But I do think the whitelisting needs to be changed. I think you should add > a WhitelistUnique tag. > > EG: > > WhitelistUnique TO: [EMAIL PROTECTED] > > > The way the tag would function is that the email would only be treated as > whitelisted if [EMAIL PROTECTED] was the only address in the "TO" field and if the > carbon copy field is also blank. This insures that spammers can't stack > multiple email addresses in the "TO" or "CC" fields, one address of which is > whitelisted, thus forcing the email to pass through Declude to ALL > RECIPIENTS rather than just to the whitelisted recipient. > > > Besides the listserver problem I described, I can see some places wanting to > whitelist email to [EMAIL PROTECTED] or [EMAIL PROTECTED] Spammers who have > figured out this gaping hole in Declude could easily force all email to a > site to be whitelisted by simply sending email to [EMAIL PROTECTED] and tagging > a dozen other addresses onto the "TO" field. Not good. > > Is my suggestion something that you can implement? > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David > > Barker > > Sent: Wednesday, October 18, 2006 8:30 AM > > To: declude.junkmail@declude.com > > Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? > > > > To create a duplicate message for each recipient is not a trivial issue. > > This is a function of the mail server not Declude. > > > > David Barker > > Director of Product Development > > Your Email security is our business > > 978.499.2933 office > > 978.988.1311 fax > > [EMAIL PROTECTED] > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin > > Bilbee > > Sent: Tuesday, October 17, 2006 5:08 PM > > To: declude.junkmail@declude.com > > Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? > > > > Delcude has always functioned like this. > > > > What declude could do in this case is to duplicate the message for each > > recipient and write a new header file to each recipient. Not a big issue. > > Deliver to the one that whitelists and run the spam checks for the others. > > > > > > > > Kevin Bilbee > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > > > Darin Cox > > > Sent: Tuesday, October 17, 2006 12:37 PM > > > To: declude.junkmail@declude.com > > > Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? > > > > > > It's actually more of an issue of how the mail server handles the > > > message. > > > In the case of multiple recipients, since there is only one message > > > file addressed to multiple recipients in the headers, it's either > > > deliver or not deliver unless you rewrite the headers to modify the > > > recipient list. I think I'd rather not have the spam filtering system > > > alter that. Add to the header, yes. Alter the recipients, no. > > > > > > Also, I have not come across a situation where I wanted to let a > > > message go through to one recipient and not to others, except in the > > > situation of lists which is a whole other topic. > > > > > > Darin. > > > > > > > > > ----- Original Message ----- > > > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > > > To: <declude.junkmail@declude.com> > > > Sent: Tuesday, October 17, 2006 3:11 PM > > > Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? > > > > > > > > > I would call that a flaw, then, in how Declude processes the whitelist. > > > > > > I have a listserver email address for which I do not want email spam > > > checked. This is because I don't want messages going out to the list > > > that say SPAM in the subject line. Because nobody who is not a member > > > on the list can post to the list, there is no problem whitelisting the > > > "TO" > > > address > > > for mail sent to the list server email address. > > > > > > However, spammers will send an email to a dozen of our mail addresses > > > (12 > > > recipients) one of which is the whitelised "TO" address for the > > > listserver. > > > Because of the way Declude processes the whitelist, that means that > > > the other 11 recipient receive the spam even though mail to them is > > > not whitelisted. > > > > > > That is a bad design on Declude's part, wouldn't you agree? Anyone > > > else feel that this needs to be rectified? > > > > > > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > > > Darrell > > > > ([EMAIL PROTECTED]) > > > > Sent: Tuesday, October 17, 2006 11:25 AM > > > > To: declude.junkmail@declude.com > > > > Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? > > > > > > > > If one user is whitelisted they all will be whitelisted for that > > > email. > > > > There are some things you can do to prevent this like > > > > BYPASSWHITELIST > > > test. > > > > > > > > Darre;; > > > > > > > > -------------------------------------------------------------------- > > > > - > > > --- > > > > Check out http://www.invariantsystems.com for utilities for Declude > > > And > > > > Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI > > > integration, > > > MRTG > > > > Integration, and Log Parsers. > > > > > > > > ----- Original Message ----- > > > > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > > > > To: <declude.junkmail@declude.com> > > > > Sent: Tuesday, October 17, 2006 11:18 AM > > > > Subject: [Declude.JunkMail] Whitelisting flaw in Declude? > > > > > > > > > > > > If an email is received that is addressed to multiple recipients, > > > > one > > > of > > > > whom is whitelisted, does Declude treat the email as whitelisted for > > > all > > > > recipients? > > > > > > > > > > > > > > > > > > > > > > > > --- > > > > This E-mail came from the Declude.JunkMail mailing list. To > > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > > > "unsubscribe Declude.JunkMail". The archives can be found at > > > > http://www.mail-archive.com. > > > > > > > > > > > > > > > > > > > > > > > > --- > > > > This E-mail came from the Declude.JunkMail mailing list. To > > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > > > "unsubscribe Declude.JunkMail". The archives can be found at > > > > http://www.mail-archive.com. > > > > > > > > > > > > > > > > > > > > > --- > > > This E-mail came from the Declude.JunkMail mailing list. To > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > > "unsubscribe Declude.JunkMail". The archives can be found at > > > http://www.mail-archive.com. > > > > > > > > > > > > > > > > > > --- > > > This E-mail came from the Declude.JunkMail mailing list. To > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > > "unsubscribe Declude.JunkMail". The archives can be found at > > > http://www.mail-archive.com. > > > > > > > > > > > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, > > just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe > > Declude.JunkMail". The archives can be found at > > http://www.mail-archive.com. > > > > > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > > > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
