RE: [Declude.JunkMail] Whitelisting flaw in Declude?
Yeah, what Matt said. Message splitting before junkmail filtering would bepunishing for CPU time and somewhat more for disk time; message splitting for the sake of whitelisting (or alternate actions)after junkmail filtering would be an incremental cost. And message splitting before junkmail filtering on a system that has a wildcard email address would be lethal for that system. Andrew. p.s. In my corporate network, we email each other a lot, and we see that Exchange "single instance storage" of a message only saves us 20% of the disk space. And that includes single storage of a message in my Sent Items as well as in my neighbour's Inbox and the next guy's Deleted Items. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Wednesday, October 18, 2006 8:20 PMTo: declude.junkmail@declude.comSubject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? I have some stats here that suggest otherwise. We only have 5% more recipients than messages that make it through our gateway, and we only return permanent errors presently for mail bombing related activities. This however is a dedicated gateway and not a hosted mail server, so stats from a hosted mail server would see a slightly higher rate since most multiple-recipient E-mails are internal to a server. If you are splitting on a gateway and not splitting internal E-mail, you should see no increase beyond my numbers.It's a doable solution if one has the need.MattJay Sudowski - Handy Networks LLC wrote: Also, realize that on servers processing a large volume of messages per day, the additional IO necessary to create duplicate messages and header files for each specific recipient would be a death sentence... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Barker Sent: Wednesday, October 18, 2006 9:30 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? To create a duplicate message for each recipient is not a trivial issue. This is a function of the mail server not Declude. David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin Bilbee Sent: Tuesday, October 17, 2006 5:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Delcude has always functioned like this. What declude could do in this case is to duplicate the message for each recipient and write a new header file to each recipient. Not a big issue. Deliver to the one that whitelists and run the spam checks for the others. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darin Cox Sent: Tuesday, October 17, 2006 12:37 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? It's actually more of an issue of how the mail server handles the message. In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no. Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic. Darin. - Original Message - From: "Dave Beckstrom" [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 3:11 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the "TO" address for mail sent to the list server email address. However, spammers will send an email to a dozen of our mail addresses (12 recipients) one of which is the whitelised "TO" address for the listserver. Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted. That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, October 17, 2006 11:25 AM To: declude.junkmail@de
RE: [Declude.JunkMail] Whitelisting flaw in Declude?
A new tag (whitelistunique) which only would whitelist if the email had a single recipient would solve the problem and be much safer. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Colbeck, Andrew Sent: Thursday, October 19, 2006 11:45 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Yeah, what Matt said. Message splitting before junkmail filtering would bepunishing for CPU time and somewhat more for disk time; message splitting for the sake of whitelisting (or alternate actions)after junkmail filtering would be an incremental cost. And message splitting before junkmail filtering on a system that has a wildcard email address would be lethal for that system. Andrew. p.s. In my corporate network, we email each other a lot, and we see that Exchange single instance storage of a message only saves us 20% of the disk space. And that includes single storage of a message in my Sent Items as well as in my neighbour's Inbox and the next guy's Deleted Items. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Wednesday, October 18, 2006 8:20 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? I have some stats here that suggest otherwise. We only have 5% more recipients than messages that make it through our gateway, and we only return permanent errors presently for mail bombing related activities. This however is a dedicated gateway and not a hosted mail server, so stats from a hosted mail server would see a slightly higher rate since most multiple-recipient E-mails are internal to a server. If you are splitting on a gateway and not splitting internal E-mail, you should see no increase beyond my numbers. It's a doable solution if one has the need. Matt Jay Sudowski - Handy Networks LLC wrote: Also, realize that on servers processing a large volume of messages perday, the additional IO necessary to create duplicate messages and headerfiles for each specific recipient would be a death sentence...-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf OfDavid BarkerSent: Wednesday, October 18, 2006 9:30 AMTo: declude.junkmail@declude.comSubject: RE: [Declude.JunkMail] Whitelisting flaw in Declude?To create a duplicate message for each recipient is not a trivial issue.This is a function of the mail server not Declude.David BarkerDirector of Product DevelopmentYour Email security is our business978.499.2933 office978.988.1311 fax[EMAIL PROTECTED] -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf OfKevinBilbeeSent: Tuesday, October 17, 2006 5:08 PMTo: declude.junkmail@declude.comSubject: RE: [Declude.JunkMail] Whitelisting flaw in Declude?Delcude has always functioned like this.What declude could do in this case is to duplicate the message for eachrecipient and write a new header file to each recipient. Not a bigissue.Deliver to the one that whitelists and run the spam checks for theothers.Kevin Bilbee -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darin CoxSent: Tuesday, October 17, 2006 12:37 PMTo: declude.junkmail@declude.comSubject: Re: [Declude.JunkMail] Whitelisting flaw in Declude?It's actually more of an issue of how the mail server handles the message.In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no.Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic.Darin.- Original Message -From: Dave Beckstrom [EMAIL PROTECTED]To: declude.junkmail@declude.comSent: Tuesday, October 17, 2006 3:11 PMSubject: RE: [Declude.JunkMail] Whitelisting flaw in Declude?I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the TOaddressfor mail sent to the list server email address.However, spammers will send an email to a dozen of our mail addresses(12recipients) one of which is the whitelised TO address for the listserver.Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted.That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message-From
RE: [Declude.JunkMail] Whitelisting flaw in Declude?
To create a duplicate message for each recipient is not a trivial issue. This is a function of the mail server not Declude. David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, October 17, 2006 5:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Delcude has always functioned like this. What declude could do in this case is to duplicate the message for each recipient and write a new header file to each recipient. Not a big issue. Deliver to the one that whitelists and run the spam checks for the others. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, October 17, 2006 12:37 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? It's actually more of an issue of how the mail server handles the message. In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no. Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 3:11 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the TO address for mail sent to the list server email address. However, spammers will send an email to a dozen of our mail addresses (12 recipients) one of which is the whitelised TO address for the listserver. Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted. That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, October 17, 2006 11:25 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? If one user is whitelisted they all will be whitelisted for that email. There are some things you can do to prevent this like BYPASSWHITELIST test. Darre;; - --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 11:18 AM Subject: [Declude.JunkMail] Whitelisting flaw in Declude? If an email is received that is addressed to multiple recipients, one of whom is whitelisted, does Declude treat the email as whitelisted for all recipients? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail
RE: [Declude.JunkMail] Whitelisting flaw in Declude? - David Barker
David, I agree. But I do think the whitelisting needs to be changed. I think you should add a WhitelistUnique tag. EG: WhitelistUnique TO: [EMAIL PROTECTED] The way the tag would function is that the email would only be treated as whitelisted if [EMAIL PROTECTED] was the only address in the TO field and if the carbon copy field is also blank. This insures that spammers can't stack multiple email addresses in the TO or CC fields, one address of which is whitelisted, thus forcing the email to pass through Declude to ALL RECIPIENTS rather than just to the whitelisted recipient. Besides the listserver problem I described, I can see some places wanting to whitelist email to [EMAIL PROTECTED] or [EMAIL PROTECTED] Spammers who have figured out this gaping hole in Declude could easily force all email to a site to be whitelisted by simply sending email to [EMAIL PROTECTED] and tagging a dozen other addresses onto the TO field. Not good. Is my suggestion something that you can implement? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, October 18, 2006 8:30 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? To create a duplicate message for each recipient is not a trivial issue. This is a function of the mail server not Declude. David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, October 17, 2006 5:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Delcude has always functioned like this. What declude could do in this case is to duplicate the message for each recipient and write a new header file to each recipient. Not a big issue. Deliver to the one that whitelists and run the spam checks for the others. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, October 17, 2006 12:37 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? It's actually more of an issue of how the mail server handles the message. In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no. Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 3:11 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the TO address for mail sent to the list server email address. However, spammers will send an email to a dozen of our mail addresses (12 recipients) one of which is the whitelised TO address for the listserver. Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted. That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, October 17, 2006 11:25 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? If one user is whitelisted they all will be whitelisted for that email. There are some things you can do to prevent this like BYPASSWHITELIST test. Darre;; - --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 11:18 AM Subject: [Declude.JunkMail] Whitelisting flaw
Re: [Declude.JunkMail] Whitelisting flaw in Declude? - David Barker
Hi Dave, A comment on the whitelist to required monitoring addresses... We don't whitelist email to abuse@ or postmaster@ addresses. Instead we have a user-specific Declude config that allows mail through to those addresses. So, we configure Declude to use this separate config for all postmaster and abuse addresses for all domains. That way we don't have a need to whitelist to these addresses, and we have fine-grained control over what we let through to them. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, October 18, 2006 12:06 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? - David Barker David, I agree. But I do think the whitelisting needs to be changed. I think you should add a WhitelistUnique tag. EG: WhitelistUnique TO: [EMAIL PROTECTED] The way the tag would function is that the email would only be treated as whitelisted if [EMAIL PROTECTED] was the only address in the TO field and if the carbon copy field is also blank. This insures that spammers can't stack multiple email addresses in the TO or CC fields, one address of which is whitelisted, thus forcing the email to pass through Declude to ALL RECIPIENTS rather than just to the whitelisted recipient. Besides the listserver problem I described, I can see some places wanting to whitelist email to [EMAIL PROTECTED] or [EMAIL PROTECTED] Spammers who have figured out this gaping hole in Declude could easily force all email to a site to be whitelisted by simply sending email to [EMAIL PROTECTED] and tagging a dozen other addresses onto the TO field. Not good. Is my suggestion something that you can implement? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, October 18, 2006 8:30 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? To create a duplicate message for each recipient is not a trivial issue. This is a function of the mail server not Declude. David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, October 17, 2006 5:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Delcude has always functioned like this. What declude could do in this case is to duplicate the message for each recipient and write a new header file to each recipient. Not a big issue. Deliver to the one that whitelists and run the spam checks for the others. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, October 17, 2006 12:37 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? It's actually more of an issue of how the mail server handles the message. In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no. Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 3:11 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the TO address for mail sent to the list server email address. However, spammers will send an email to a dozen of our mail addresses (12 recipients) one of which is the whitelised TO address for the listserver. Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted. That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, October 17, 2006 11:25 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw
RE: [Declude.JunkMail] Whitelisting flaw in Declude? - David Barker
Darin, We don't whitelist those addresses at all. But I could see other companies wanting to do so. This idea that if one address is whitelisted, then they all are, is not a good situation. It is good in that some folks might want Declude to process that way, in which case the current whitelist will work for them. Its not good from the standpoint that there is no alternative mechanism. If Declude has access to all of the envelope information, they should easily be able to add a new tag that only whitelists an address if it's the only address in the envelope. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, October 18, 2006 11:15 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? - David Barker Hi Dave, A comment on the whitelist to required monitoring addresses... We don't whitelist email to abuse@ or postmaster@ addresses. Instead we have a user-specific Declude config that allows mail through to those addresses. So, we configure Declude to use this separate config for all postmaster and abuse addresses for all domains. That way we don't have a need to whitelist to these addresses, and we have fine-grained control over what we let through to them. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, October 18, 2006 12:06 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? - David Barker David, I agree. But I do think the whitelisting needs to be changed. I think you should add a WhitelistUnique tag. EG: WhitelistUnique TO: [EMAIL PROTECTED] The way the tag would function is that the email would only be treated as whitelisted if [EMAIL PROTECTED] was the only address in the TO field and if the carbon copy field is also blank. This insures that spammers can't stack multiple email addresses in the TO or CC fields, one address of which is whitelisted, thus forcing the email to pass through Declude to ALL RECIPIENTS rather than just to the whitelisted recipient. Besides the listserver problem I described, I can see some places wanting to whitelist email to [EMAIL PROTECTED] or [EMAIL PROTECTED] Spammers who have figured out this gaping hole in Declude could easily force all email to a site to be whitelisted by simply sending email to [EMAIL PROTECTED] and tagging a dozen other addresses onto the TO field. Not good. Is my suggestion something that you can implement? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, October 18, 2006 8:30 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? To create a duplicate message for each recipient is not a trivial issue. This is a function of the mail server not Declude. David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, October 17, 2006 5:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Delcude has always functioned like this. What declude could do in this case is to duplicate the message for each recipient and write a new header file to each recipient. Not a big issue. Deliver to the one that whitelists and run the spam checks for the others. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, October 17, 2006 12:37 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? It's actually more of an issue of how the mail server handles the message. In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no. Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 3:11 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want
Re: [Declude.JunkMail] Whitelisting flaw in Declude? - David Barker
Dave, By using BYPASSWHITELIST you can kinda set this functionality up. Have you looked at that? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, October 18, 2006 12:06 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? - David Barker David, I agree. But I do think the whitelisting needs to be changed. I think you should add a WhitelistUnique tag. EG: WhitelistUnique TO: [EMAIL PROTECTED] The way the tag would function is that the email would only be treated as whitelisted if [EMAIL PROTECTED] was the only address in the TO field and if the carbon copy field is also blank. This insures that spammers can't stack multiple email addresses in the TO or CC fields, one address of which is whitelisted, thus forcing the email to pass through Declude to ALL RECIPIENTS rather than just to the whitelisted recipient. Besides the listserver problem I described, I can see some places wanting to whitelist email to [EMAIL PROTECTED] or [EMAIL PROTECTED] Spammers who have figured out this gaping hole in Declude could easily force all email to a site to be whitelisted by simply sending email to [EMAIL PROTECTED] and tagging a dozen other addresses onto the TO field. Not good. Is my suggestion something that you can implement? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, October 18, 2006 8:30 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? To create a duplicate message for each recipient is not a trivial issue. This is a function of the mail server not Declude. David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, October 17, 2006 5:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Delcude has always functioned like this. What declude could do in this case is to duplicate the message for each recipient and write a new header file to each recipient. Not a big issue. Deliver to the one that whitelists and run the spam checks for the others. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, October 17, 2006 12:37 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? It's actually more of an issue of how the mail server handles the message. In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no. Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 3:11 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the TO address for mail sent to the list server email address. However, spammers will send an email to a dozen of our mail addresses (12 recipients) one of which is the whitelised TO address for the listserver. Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted. That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, October 17, 2006 11:25 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? If one user is whitelisted they all will be whitelisted for that email. There are some things you
RE: [Declude.JunkMail] Whitelisting flaw in Declude?
Other mail gateways do it. Why would it be so difficult to duplicate the message and the header changing the recipients in the individual header files? Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, October 18, 2006 6:30 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? To create a duplicate message for each recipient is not a trivial issue. This is a function of the mail server not Declude. David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, October 17, 2006 5:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Delcude has always functioned like this. What declude could do in this case is to duplicate the message for each recipient and write a new header file to each recipient. Not a big issue. Deliver to the one that whitelists and run the spam checks for the others. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, October 17, 2006 12:37 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? It's actually more of an issue of how the mail server handles the message. In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no. Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 3:11 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the TO address for mail sent to the list server email address. However, spammers will send an email to a dozen of our mail addresses (12 recipients) one of which is the whitelised TO address for the listserver. Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted. That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, October 17, 2006 11:25 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? If one user is whitelisted they all will be whitelisted for that email. There are some things you can do to prevent this like BYPASSWHITELIST test. Darre;; --- - - --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 11:18 AM Subject: [Declude.JunkMail] Whitelisting flaw in Declude? If an email is received that is addressed to multiple recipients, one of whom is whitelisted, does Declude treat the email as whitelisted for all recipients? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
Re: [Declude.JunkMail] Whitelisting flaw in Declude?
Mail gateways or anti-spam products for mail gateways? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Kevin Bilbee [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, October 18, 2006 1:16 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Other mail gateways do it. Why would it be so difficult to duplicate the message and the header changing the recipients in the individual header files? Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, October 18, 2006 6:30 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? To create a duplicate message for each recipient is not a trivial issue. This is a function of the mail server not Declude. David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, October 17, 2006 5:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Delcude has always functioned like this. What declude could do in this case is to duplicate the message for each recipient and write a new header file to each recipient. Not a big issue. Deliver to the one that whitelists and run the spam checks for the others. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, October 17, 2006 12:37 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? It's actually more of an issue of how the mail server handles the message. In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no. Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 3:11 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the TO address for mail sent to the list server email address. However, spammers will send an email to a dozen of our mail addresses (12 recipients) one of which is the whitelised TO address for the listserver. Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted. That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, October 17, 2006 11:25 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? If one user is whitelisted they all will be whitelisted for that email. There are some things you can do to prevent this like BYPASSWHITELIST test. Darre;; --- - - --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 11:18 AM Subject: [Declude.JunkMail] Whitelisting flaw in Declude? If an email is received that is addressed to multiple recipients, one of whom is whitelisted, does Declude treat the email as whitelisted for all recipients? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED
RE: [Declude.JunkMail] Whitelisting flaw in Declude?
Anti-spam\virus mail gateways. I know barracuda, (now Symantec), does the splitting for whitelisting. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, October 18, 2006 10:48 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? Mail gateways or anti-spam products for mail gateways? Darrell --- - Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Kevin Bilbee [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, October 18, 2006 1:16 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Other mail gateways do it. Why would it be so difficult to duplicate the message and the header changing the recipients in the individual header files? Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, October 18, 2006 6:30 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? To create a duplicate message for each recipient is not a trivial issue. This is a function of the mail server not Declude. David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, October 17, 2006 5:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Delcude has always functioned like this. What declude could do in this case is to duplicate the message for each recipient and write a new header file to each recipient. Not a big issue. Deliver to the one that whitelists and run the spam checks for the others. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, October 17, 2006 12:37 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? It's actually more of an issue of how the mail server handles the message. In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no. Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 3:11 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the TO address for mail sent to the list server email address. However, spammers will send an email to a dozen of our mail addresses (12 recipients) one of which is the whitelised TO address for the listserver. Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted. That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, October 17, 2006 11:25 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? If one user is whitelisted they all will be whitelisted for that email. There are some things you can do to prevent this like BYPASSWHITELIST test. Darre;; - -- - - --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers
RE: [Declude.JunkMail] Whitelisting flaw in Declude?
Also, realize that on servers processing a large volume of messages per day, the additional IO necessary to create duplicate messages and header files for each specific recipient would be a death sentence... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, October 18, 2006 9:30 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? To create a duplicate message for each recipient is not a trivial issue. This is a function of the mail server not Declude. David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, October 17, 2006 5:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Delcude has always functioned like this. What declude could do in this case is to duplicate the message for each recipient and write a new header file to each recipient. Not a big issue. Deliver to the one that whitelists and run the spam checks for the others. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, October 17, 2006 12:37 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? It's actually more of an issue of how the mail server handles the message. In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no. Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 3:11 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the TO address for mail sent to the list server email address. However, spammers will send an email to a dozen of our mail addresses (12 recipients) one of which is the whitelised TO address for the listserver. Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted. That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, October 17, 2006 11:25 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? If one user is whitelisted they all will be whitelisted for that email. There are some things you can do to prevent this like BYPASSWHITELIST test. Darre;; - --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 11:18 AM Subject: [Declude.JunkMail] Whitelisting flaw in Declude? If an email is received that is addressed to multiple recipients, one of whom is whitelisted, does Declude treat the email as whitelisted for all recipients? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com
Re: [Declude.JunkMail] Whitelisting flaw in Declude? - David Barker
What I was trying to do was outline a solution that didn't include whitelisting. I'm against whitelisting due to it's inability to differentiate between levels of grey in the spam-fighting process. Instead, pure weighting systems can assign negative weights as needed, but still block _really_ bad mail, but I probably deviated from the main point too much. Back to the argument and playing devil's advocate on myself, rewriting of the Q*.SMD file is something we do to assist in adjusting weights in the spam filtering process, or reporting FPs or missed spam to sniffer. We have fairly simple VBS scripts that do it for us, so something like that could adopted for use in exploding the Q file and create the appropriate message copies to each recipient. I do agree with David B. that it is better handled by the mail server, though. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, October 18, 2006 12:27 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? - David Barker Darin, We don't whitelist those addresses at all. But I could see other companies wanting to do so. This idea that if one address is whitelisted, then they all are, is not a good situation. It is good in that some folks might want Declude to process that way, in which case the current whitelist will work for them. Its not good from the standpoint that there is no alternative mechanism. If Declude has access to all of the envelope information, they should easily be able to add a new tag that only whitelists an address if it's the only address in the envelope. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, October 18, 2006 11:15 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? - David Barker Hi Dave, A comment on the whitelist to required monitoring addresses... We don't whitelist email to abuse@ or postmaster@ addresses. Instead we have a user-specific Declude config that allows mail through to those addresses. So, we configure Declude to use this separate config for all postmaster and abuse addresses for all domains. That way we don't have a need to whitelist to these addresses, and we have fine-grained control over what we let through to them. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, October 18, 2006 12:06 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? - David Barker David, I agree. But I do think the whitelisting needs to be changed. I think you should add a WhitelistUnique tag. EG: WhitelistUnique TO: [EMAIL PROTECTED] The way the tag would function is that the email would only be treated as whitelisted if [EMAIL PROTECTED] was the only address in the TO field and if the carbon copy field is also blank. This insures that spammers can't stack multiple email addresses in the TO or CC fields, one address of which is whitelisted, thus forcing the email to pass through Declude to ALL RECIPIENTS rather than just to the whitelisted recipient. Besides the listserver problem I described, I can see some places wanting to whitelist email to [EMAIL PROTECTED] or [EMAIL PROTECTED] Spammers who have figured out this gaping hole in Declude could easily force all email to a site to be whitelisted by simply sending email to [EMAIL PROTECTED] and tagging a dozen other addresses onto the TO field. Not good. Is my suggestion something that you can implement? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, October 18, 2006 8:30 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? To create a duplicate message for each recipient is not a trivial issue. This is a function of the mail server not Declude. David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, October 17, 2006 5:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Delcude has always functioned like this. What declude could do in this case is to duplicate the message for each recipient and write a new header file to each recipient. Not a big issue. Deliver to the one that whitelists and run the spam checks for the others. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, October 17, 2006 12:37 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? It's
Re: [Declude.JunkMail] Whitelisting flaw in Declude?
FYI, Alligate also does splitting. Matt Kevin Bilbee wrote: Anti-spam\virus mail gateways. I know barracuda, (now Symantec), does the splitting for whitelisting. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, October 18, 2006 10:48 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? Mail gateways or anti-spam products for mail gateways? Darrell --- - Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: "Kevin Bilbee" [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, October 18, 2006 1:16 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Other mail gateways do it. Why would it be so difficult to duplicate the message and the header changing the recipients in the individual header files? Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Barker Sent: Wednesday, October 18, 2006 6:30 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? To create a duplicate message for each recipient is not a trivial issue. This is a function of the mail server not Declude. David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin Bilbee Sent: Tuesday, October 17, 2006 5:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Delcude has always functioned like this. What declude could do in this case is to duplicate the message for each recipient and write a new header file to each recipient. Not a big issue. Deliver to the one that whitelists and run the spam checks for the others. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darin Cox Sent: Tuesday, October 17, 2006 12:37 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? It's actually more of an issue of how the mail server handles the message. In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no. Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic. Darin. - Original Message - From: "Dave Beckstrom" [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 3:11 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the "TO" address for mail sent to the list server email address. However, spammers will send an email to a dozen of our mail addresses (12 recipients) one of which is the whitelised "TO" address for the listserver. Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted. That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, October 17, 2006 11:25 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? If one user is whitelisted they all will be whitelisted fo
Re: [Declude.JunkMail] Whitelisting flaw in Declude?
I have some stats here that suggest otherwise. We only have 5% more recipients than messages that make it through our gateway, and we only return permanent errors presently for mail bombing related activities. This however is a dedicated gateway and not a hosted mail server, so stats from a hosted mail server would see a slightly higher rate since most multiple-recipient E-mails are internal to a server. If you are splitting on a gateway and not splitting internal E-mail, you should see no increase beyond my numbers. It's a doable solution if one has the need. Matt Jay Sudowski - Handy Networks LLC wrote: Also, realize that on servers processing a large volume of messages per day, the additional IO necessary to create duplicate messages and header files for each specific recipient would be a death sentence... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Barker Sent: Wednesday, October 18, 2006 9:30 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? To create a duplicate message for each recipient is not a trivial issue. This is a function of the mail server not Declude. David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin Bilbee Sent: Tuesday, October 17, 2006 5:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Delcude has always functioned like this. What declude could do in this case is to duplicate the message for each recipient and write a new header file to each recipient. Not a big issue. Deliver to the one that whitelists and run the spam checks for the others. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darin Cox Sent: Tuesday, October 17, 2006 12:37 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? It's actually more of an issue of how the mail server handles the message. In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no. Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic. Darin. - Original Message - From: "Dave Beckstrom" [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 3:11 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the "TO" address for mail sent to the list server email address. However, spammers will send an email to a dozen of our mail addresses (12 recipients) one of which is the whitelised "TO" address for the listserver. Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted. That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, October 17, 2006 11:25 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? If one user is whitelisted they all will be whitelisted for that email. There are some things you can do to prevent this like BYPASSWHITELIST test. Darre;; - --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: "Dave Beckstrom" [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 11:18 AM Subject: [Declude.JunkMail] Whitelisting flaw in Declude? If an email is received
Re: [Declude.JunkMail] Whitelisting flaw in Declude?
If one user is whitelisted they all will be whitelisted for that email. There are some things you can do to prevent this like BYPASSWHITELIST test. Darre;; Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 11:18 AM Subject: [Declude.JunkMail] Whitelisting flaw in Declude? If an email is received that is addressed to multiple recipients, one of whom is whitelisted, does Declude treat the email as whitelisted for all recipients? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelisting flaw in Declude?
I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the TO address for mail sent to the list server email address. However, spammers will send an email to a dozen of our mail addresses (12 recipients) one of which is the whitelised TO address for the listserver. Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted. That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, October 17, 2006 11:25 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? If one user is whitelisted they all will be whitelisted for that email. There are some things you can do to prevent this like BYPASSWHITELIST test. Darre;; Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 11:18 AM Subject: [Declude.JunkMail] Whitelisting flaw in Declude? If an email is received that is addressed to multiple recipients, one of whom is whitelisted, does Declude treat the email as whitelisted for all recipients? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelisting flaw in Declude?
It's actually more of an issue of how the mail server handles the message. In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no. Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 3:11 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the TO address for mail sent to the list server email address. However, spammers will send an email to a dozen of our mail addresses (12 recipients) one of which is the whitelised TO address for the listserver. Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted. That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, October 17, 2006 11:25 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? If one user is whitelisted they all will be whitelisted for that email. There are some things you can do to prevent this like BYPASSWHITELIST test. Darre;; Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 11:18 AM Subject: [Declude.JunkMail] Whitelisting flaw in Declude? If an email is received that is addressed to multiple recipients, one of whom is whitelisted, does Declude treat the email as whitelisted for all recipients? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelisting flaw in Declude?
Delcude has always functioned like this. What declude could do in this case is to duplicate the message for each recipient and write a new header file to each recipient. Not a big issue. Deliver to the one that whitelists and run the spam checks for the others. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, October 17, 2006 12:37 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? It's actually more of an issue of how the mail server handles the message. In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no. Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 3:11 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the TO address for mail sent to the list server email address. However, spammers will send an email to a dozen of our mail addresses (12 recipients) one of which is the whitelised TO address for the listserver. Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted. That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, October 17, 2006 11:25 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? If one user is whitelisted they all will be whitelisted for that email. There are some things you can do to prevent this like BYPASSWHITELIST test. Darre;; - --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 11:18 AM Subject: [Declude.JunkMail] Whitelisting flaw in Declude? If an email is received that is addressed to multiple recipients, one of whom is whitelisted, does Declude treat the email as whitelisted for all recipients? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelisting flaw in Declude?
Hi Darin, Thanks for the great explanation. You always offer good feedback. Thanks to everyone else who replied, too. Which is the lesser of two evils -- Whitelist email to all recipients even though only one recipient is in the whitelist; or ignore the whitelist request entirely if the email has multiple recipients and only one of whom is in the whitelist? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, October 17, 2006 2:37 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? It's actually more of an issue of how the mail server handles the message. In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no. Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 3:11 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the TO address for mail sent to the list server email address. However, spammers will send an email to a dozen of our mail addresses (12 recipients) one of which is the whitelised TO address for the listserver. Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted. That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, October 17, 2006 11:25 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? If one user is whitelisted they all will be whitelisted for that email. There are some things you can do to prevent this like BYPASSWHITELIST test. Darre;; Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 11:18 AM Subject: [Declude.JunkMail] Whitelisting flaw in Declude? If an email is received that is addressed to multiple recipients, one of whom is whitelisted, does Declude treat the email as whitelisted for all recipients? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelisting flaw in Declude?
Hi Dave, We've always let the message get delivered to everyone. So far no complaints. The only real problem we've had with whitelisting is with auto whitelisting from webmail contact lists. While this is a useful feature, it does result in spam getting through that forges the users address. It would be preferable if some tests could be exempted from whitelisting, or even better, instead of whitelisting applying a negative weight to messages from the webmail contact list. That way SPF FAIL could still filter out forging spam, while contact list whitelisting/negative weighting could allow everything else through. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 8:13 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Hi Darin, Thanks for the great explanation. You always offer good feedback. Thanks to everyone else who replied, too. Which is the lesser of two evils -- Whitelist email to all recipients even though only one recipient is in the whitelist; or ignore the whitelist request entirely if the email has multiple recipients and only one of whom is in the whitelist? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, October 17, 2006 2:37 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? It's actually more of an issue of how the mail server handles the message. In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no. Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 3:11 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the TO address for mail sent to the list server email address. However, spammers will send an email to a dozen of our mail addresses (12 recipients) one of which is the whitelised TO address for the listserver. Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted. That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, October 17, 2006 11:25 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? If one user is whitelisted they all will be whitelisted for that email. There are some things you can do to prevent this like BYPASSWHITELIST test. Darre;; Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 11:18 AM Subject: [Declude.JunkMail] Whitelisting flaw in Declude? If an email is received that is addressed to multiple recipients, one of whom is whitelisted, does Declude treat the email as whitelisted for all recipients? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just
