I agree. We see forging attacks like this periodically. While not every day, there's usually one every week, and when they hit, they hit hard. If we whitelisted or even negative-weighted addresses people sent to, when these attacks hit we would let through a ton of spam.
We would _never_ consider this technique, though admittedly our filters are doing well and our leak rate is less than 0.5%. In fact, one of our biggest problems is people who put their own address in the webmail address book and effectively whitelist their own email address, letting through anything that forges. Every time over the past 8 years a customer has complained about spam, that has been the cause. Darin. ----- Original Message ----- From: "Andy Schmidt" <andy_schm...@hm-software.com> To: <Declude.JunkMail@declude.com> Sent: Thursday, February 17, 2011 10:03 AM Subject: RE: [Declude.JunkMail] Idea for new Declude add-on >> I couldn't think of any specific instances where you would not want to >> whitelist a recipient's address. Obviously nobody should be emailing a >> spammer. << In general, that's reasonable - but certainly not bullet-proof. Since spammers always use other people's email addresses (specially phishing, trojan and virus emails), these messages will now be white-listed instead of being caught. This is specially true when people's mailboxes or PC have been infiltrated (millions of them are) and the malware will send it's infected messages (or links to phishing site) to everyone in THAT person's address book - so that their friends trust the email was being from their friend/acquaintance. All these messages will now be trusted by Imail just because they CLAIM to come from the "friend". So - it does open a potentially big garage door for malware link and infected emails to make it past Declude. -----Original Message----- From: Dave Beckstrom [mailto:db...@atving.com] Sent: Thursday, February 17, 2011 9:20 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Idea for new Declude add-on I couldn't think of any specific instances where you would not want to whitelist a recipient's address. Obviously nobody should be emailing a spammer. I was tryng to cover the bases for those instances that exist but can't be foreseen yet. Pondering it a little more -- one type of an exclusion that would be needed is if you had a forum where users register and your server sends out a confirmation/activation email. Or you send an email as a result of someone submitting a contact form on your site. In those cases, the "from" address for your forum or "from" address from your submission form would be the excluder so that no recipient of email from those automated systems would be given any credit. -----Original Message----- From: David Barker [mailto:dbar...@declude.com] Sent: Thursday, February 17, 2011 7:49 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Idea for new Declude add-on Great idea Dave thanks. Question. If a user emails a recipient in what scenario would we not want to whitelist the recipients address ? -----Original Message----- From: Dave Beckstrom [mailto:db...@atving.com] Sent: Thursday, February 17, 2011 8:45 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Idea for new Declude add-on I have an idea for something I think would be a useful add-on for declude. Every time someone sends an outbound SMTP email to someone, the add-on would add an entry to a filter giving the recipient's "to" address a weight of minus one. Therefore, giving the recipient a credit. Any time the recipient sends an email to my server, minus one gets subtracted from the total score of their email. If a user on my server sends a second email to the same recipient, another minus one credit is added to the filter. Now that recipient has a credit of minus two. The add-on would be configurable to limit the maximum credit a single address could reach. It would also have an exclusion ability where you could enter a list of email addresses that would never receive any credit. The idea being that the more frequently you email someone, the less likely that email from them would be spam. I know some will argue that "from" addresses can be forged and that perhaps its not a good idea to give credit based on a "from" address. But its not very often at all I ever receive a spam that came from a friend's forged "from" address. I think something along the lines of this type of system could be useful. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
