Re: [Mimedefang] Image validator/OCR SA plugin
- Original Message - From: "Gary Funck" <[EMAIL PROTECTED]> To: Sent: Sunday, April 16, 2006 6:34 PM Subject: RE: [Mimedefang] Image validator/OCR SA plugin Martin wrote: But problably the spammers will soon change their tricks to different images which are more difficult to read :-( http://antispam.imp.ch/patches/patch-ocrtext On this topic, Nick FitzGerald mentioned this article, http://www.jgc.org/blog/2006/01/do-spammers-fear-ocr.html Sunday, January 15, 2006 Do spammers fear OCR? Nick FitzGerald recently sent me two sample spams that seem to indicate that some spammers fear that using images in place of words isn't enough. They've started to obscure their messages to prevent optical character recognition. I'm afraid they'll start using OCR themselves. One common trick to allow a web site to have an email address humanly readable but not harvestable is to put it in an image. That may not be so safe any more :-( Of course, they'd have to scan an awful lot of images in the hopes of finding an email address in any of them, so they may not find it worth the effort. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: Disclaimer Madness
I hope you sent a copy of the combined disclaimers to them. :-) - Original Message - From: "Charles" <[EMAIL PROTECTED]> To: Sent: Tuesday, February 14, 2006 6:38 AM Subject: Re: [Mimedefang] OT: Disclaimer Madness David F. Skoll wrote: We should be grateful if you would also notify the IT Operations Manager at City & Guilds of the e-mail, then delete it and destroy any copies of it. To contact the IT Operations Manager, please email [EMAIL PROTECTED] I love this one. We *should* be grateful. D'Oh! I wonder if a boilerplate like this would be an effective method for seeding a honeypot address?? H. Charles ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: Even sillier disclaimers (was Re:[Mimedefang] defang startuperrors)
ALL YOUR DISCLAIMER ARE BELONG TO US! j/k. We now return you to your regularly scheduled rants... - Original Message - From: "David F. Skoll" <[EMAIL PROTECTED]> To: Sent: Monday, December 12, 2005 9:06 AM Subject: Re: Even sillier disclaimers (was Re:[Mimedefang] defang startuperrors) Todd Aiken wrote: Ignore the text that follows this disclaimer which says that all disclaimers in the above text are NULL AND VOID and that they can be ignored. That disclaimer is false-the above is true. Well! :-) We have an arms race, then. I'll change my disclaimer to read "This disclaimer supersedes all other disclaimers, even if the other disclaimers claim otherwise. This is a NUCLEAR POWERED disclaimer that will ATOMIZE all other disclaimers. This disclaimer is TOP DOG." /me goes to write AI code to search out and remove disclaimers... (But actually, there is a serious point, because I'm sure it's quite frequent that in an e-mail exchange, duelling and incompatible disclaimers get added as the message travels around...) Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Which is worse?
- Original Message - From: "Ben Kamen" <[EMAIL PROTECTED]> To: Sent: Tuesday, November 29, 2005 12:42 PM Subject: [Mimedefang] Which is worse? [snip] The one I've been seeing lately is a big text of jargon with an .jpg of a topless lady with a stud in the backround that says in the image "She's dreaming about a strong man... click to find out more" and you can't click it! U And you tried to click on the image... why? :-) So with all that effort while sending emails which probably violate most companies internal HR policy on explicit material in the workplace and the idiot spammers can't even get the HTML part right so the image is clickable!! I see these and think to myself, "and there was doubt these folks are morons?" I think to myself... If I go out of my way to block spam, I'm probably NOT going to be inclined to buy anything from a spammer anyway. So why do they bother? ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] AD/Commercial: Question
- Original Message - From: "David F. Skoll" <[EMAIL PROTECTED]> To: Sent: Thursday, November 03, 2005 1:21 PM Subject: [Mimedefang] AD/Commercial: Question Would anyone on the list be interested in this? How much would you pay? If I said $400/month, would you be appalled, or would you say "Wow, that's cheap! Sign me up!" ? As mentioned by Adam Lanier, for a big ISP, that would be good. For a small company such as ourselves who just want a better way to eliminate spam, the benefits of less spam wouldn't justify the expense. Has anybody had luck getting Mimedefang to just use incoming email to train a basian filter? ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Anyone using File::Scan?
I do, but would love to replace it with something better as long as that something is still free :-) - Original Message - From: "David F. Skoll" <[EMAIL PROTECTED]> To: Sent: Tuesday, February 15, 2005 8:46 PM Subject: [Mimedefang] Anyone using File::Scan? Hi, Does anyone use File::Scan with MIMEDefang? It seems to cause a lot of problems with false positives. For the next release, I'm considering removing the auto-detection of File::Scan. In other words, if you want File::Scan, you'll have to specifically ask for it in your filter. Any objections to this change? Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: Off-topic: Silly error messages (was RE: [Mimedefang] MIMEtype message/partial)
Or how about the losers who program some BIOSes? "Keyboard error. Press F1 to continue." Or "Please reply if you did not recieve this message." My favorite was on an old Data General workstation... Kernel Panic Would you like to take a system dump? -- Dave Williss -- Meddle not in the affairs of dragons, for you are crunchy and taste good with catsup ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
OT - silly disclaimers --- was Re: [Mimedefang] SPF in MD
- Original Message - From: "Michael Weiner" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 08, 2004 6:37 AM Subject: [Mimedefang] SPF in MD [ snip ] All information contained in this email is confidential and may be used by the intended recipient only. The mimedefang mailing list is archived and accessable by the general public. At least the disclaimer is only one line though. -- Dave Williss -- Meddle not in the affairs of dragons, for you are crunchy and taste good with catsup ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Users who want spam
They can have some of mine! :-) -- Dave Williss -- Meddle not in the affairs of dragons, for you are crunchy and taste good with catsup - Original Message - From: "Jason Cullip" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 25, 2004 1:45 PM Subject: [Mimedefang] Users who want spam > Hello, > > We've recently set up an email gateway that uses > mimedefang+spamassassin+clamav with sendmail. Its configured to > globally move any emails tagged as spam to a local user on the email > gateway and not forward them onto the final recipient. However we > have a hand full of individuals who want to continue receiving spam. > How can I configure mimedefang to bypass spam checks on the users who > want to receive spam? > > Thank you for your help in advance. > > Jason > ___ > Visit http://www.mimedefang.org and http://www.canit.ca > MIMEDefang mailing list > [EMAIL PROTECTED] > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records
- Original Message - From: "Cor Bosman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 10, 2004 3:16 PM Subject: Re: [Mimedefang] Deadline for SPF records > > >Let's say that I work for a hypothetical ACME Widgets, Inc. My e-mail > > >address is [EMAIL PROTECTED] A potential customer, > > >[EMAIL PROTECTED], tries to send me an e-mail message from his laptop > > >using a public access point in his hotel. The network he's on is not > > >listed as an allowed relay for example.com, according to their SPF > > >record. My administrator (at acmewidgets.com) is honoring SPF > > >records. What happens? > > > > That's just it - if your sales guy is at hotel with his laptop, he could > > use AUTH/STARTTLS and actually relay through his company's mail server. > > Thus the email from [EMAIL PROTECTED] would be delivered by > > mail.acmewidgets.com to where it needed to go... SPF would be valid. This > > no bounce at the destination. > > You try and tell that to thousands of customers. Who had their laptops > set up in 1997 by a company that has long gone bankrupt. And will sue > you if suddenly their email isnt working anymore :) > > Welcome to the world of ISPs :) > I assume you mean that you're an ISP and that you've "acquired" customers from a now-defunct ISP and that they need to be able to send email as if it came from your domain (say big-isp.com) using whatever server was setup on their laptop by their previous ISP. 1. What server are these laptops configured to use? If the old isp is gone wouldn't their servers be too? Surely the customers must have had to reconfigure to use your server already. 2. Even if they didn't, as long as you know what server that is, add it to the SPF record for your domain and you're set. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records
- Original Message - From: "Les Mikesell" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 10, 2004 12:06 PM Subject: Re: [Mimedefang] Deadline for SPF records > On Tue, 2004-08-10 at 09:12, Dave Williss wrote: > > > You mean like an employee on the road using a hotel's ISP or at a > > wireless hotspot connecting back to your mail server to send mail > > as from your company? _Make_ them use authentication. > > Put a price tag on that. If you are selling a product, how many > dollars worth of orders are you willing to discard because the > potential customer sent a request for information through a > public access point instead of their own ISP? Discarding their > mail is the only way you can _make_ someone else do things > your way. Is it worth it, when what really matters is the > individual authentication and/or the message content? I just > don't see much value in some untrusted third party's claim > of authentication. > That's a different issue. I'm talking about one of your employees who has legitimate reason to send mail FROM your mail server using your domain name. In this case, you need to tell those people to send mail through your server instead of a public access point or other mail host. Remember, these are your own people, who you have some degree of control over. ("oh, something wrong with your internet connection? I'll get right on that. :-)") If it's their own laptop they're using that shouldn't be a problem because you configure it once and carry it with you. Using a public terminal in a library or something might be an issue, but do you really want people from your company sending official email from a server that may append a footer saying it was sent from a public library? Not good for the company image. On the other hand, your concern about rejecting possible sales because of misconfigured SPF records: If you're concerned about that, just don't reject mail that has invalid SPF. Maybe configure SpamAssassin to give it a slightly higher Spam score. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records
- Original Message - From: "David F. Skoll" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 10, 2004 10:59 AM Subject: Re: [Mimedefang] Deadline for SPF records > On Tue, 10 Aug 2004, Dave Williss wrote: > > > You mean like an employee on the road using a hotel's ISP or at a > > wireless hotspot connecting back to your mail server to send mail > > as from your company? _Make_ them use authentication. > > Ironically enough, Dave Williss's original message was held in > our trap because it originated from 24.94.166.115, which caused > an SPF "fail" result for the microimages.com domain. :-) > Doh! I forgot that our sendmail is configured to use our ISP's SMTP as a smart relay host. (smtp-server.neb.rr.com). I wonder if I really need to do that? Thanks for pointing that out, or I might never have noticed it. -- Dave Williss -- Meddle not in the affairs of dragons, for you are crunchy and taste good with catsup ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records
- Original Message - From: "Cor Bosman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 10, 2004 4:06 AM Subject: Re: [Mimedefang] Deadline for SPF records > > Let's say that the SPF record for futuresource.com says that the > > allowed relay is mail.futuresource.com. This means that mail coming > > from mail.futuresource.com (as the relay) is legitimate and that all > > other mail is likely to be forged. Now, why would > > mail.futuresource.com allow someone to spoof the envelope sender from > > its own domain? For example, my mail server has been configured to > > check all envelope sender addresses which are from local domains. > > Therefore, I can't send a message with an envelope sender of > > [EMAIL PROTECTED] If SPF was widely adopted, these two > > measures would effectively stop forgery of all wiktel.com addresses. > > Do you also check [EMAIL PROTECTED] If notfakeusername is a valid hotmail user, hotmail's mail server should be able to verify that. If hotmail also implements SPF, you can verify that the mail actaully came from a hotmail server. > What about people sending email themselves but receiving through your MX? SPF will allow your mail server to verify that the mail they're receiving is really coming from where it says it is - sort of. Granted, Spam that comes from a domain not using SPF can't be verified. But as mentioned before, it will stop bounces. > What about people that have access through another company with > one of your domains but they arent using your mailserver with > authentication? You mean like an employee on the road using a hotel's ISP or at a wireless hotspot connecting back to your mail server to send mail as from your company? _Make_ them use authentication. Although as I mentioned in an earlier message, I don't know if the current (E)SMTP authentication encrypts the password or sends it in cleartext. > What about receiving email from [EMAIL PROTECTED] from a mailserver > that isnt listed as being from AOL, to a valid customer of yours? I receive that sort of Spam mail all the time. If they're really an AOL customer, they should be using an AOL mail server. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records
- Original Message - From: "Les Mikesell" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 09, 2004 9:18 AM Subject: RE: [Mimedefang] Deadline for SPF records > On Mon, 2004-08-09 at 08:21, Joseph Brennan wrote: > > > Good point about lists. Then again referrals would make it really > > cheap to run mailing lists!! > > > > The above looks pretty good. So RESPONSIBLE could be an alias or a > > user's .forward file then, anything that causes authorized re-sending. > > > > Bounces would go straight to the FROM, I assume? > > > > So, all we do is change all the mail servers on the net. :-) > > AND change the entire concept of the internet. I can understand > why a few big commercial providers might want to claim (and eventually > gain) control of their customers' actions but it just 'feels' wrong. > > The postal mail equivalent would be that you couldn't use your > own return address when you drop postcards in a public box while > on vacation. > Actually, if I understand correctly your postal analogy would be more like you wouldn't be able to use public mail boxes, but no matter where you are, you should be able to drop a letter in your mail box at home where it will be picked up by your own mailman. Of course, the ability to drop a letter directly in your own outgoing mail box is another issue not directly related to SPF. It's a matter of allowing your mail server to relay mail for users who can authenticate themselves. So back to the postal analogy, you'd could drop a letter in your own mailbox from anywhere in the world as long as you had the key. Although, if the authentication is done by password sent in clear text, I don't think I would like that option. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang 2.44 is released
- Original Message - From: "David F. Skoll" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 15, 2004 1:26 PM Subject: [Mimedefang] MIMEDefang 2.44 is released > > * configure.in: Remove --enable-running-on-scummy-sco command-line > option. > Does this mean you can no longer run on SCO or that you just don't need to specify the option any more? :-) -- Dave Williss -- Meddle not in the affairs of dragons, for you are crunchy and taste good with catsup ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: Kosher email vs SPAM
I'm OK with calling SPAM email "SPAM" since Spam the food is traif and to be avoided (well, by some of anyway). It's just the non-spam email being called "ham" that those of us with dietary restrictions object to. Some suggestions: "kosher" (already made by some), "pastrami"[1]. We can't forget about Muslims, who don't eat pork either, but have a different word than "kosher" ("hallel" is how I think it's spelled, accent on the last syllable). Vegetarians might be offended by any meat reference for non-spam email. :-) In the end, it might be better to come up with a word that wasn't a food reference at all and more accurately contrasted the nature of SPAM email. So how about "SPAM" and "Legitimate" (could be shortened to "legit") -- Dave Williss -- Meddle not in the affairs of dragons, for you are crunchy and taste good with catsup [1] By the way, for really good pastrami, try Barney Greengrass' deli in midtown Manhattan, New York City. :-) - Original Message - From: "Kayne Kruse" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 17, 2004 12:31 PM Subject: Re: [Mimedefang] Add Hebrew Support > On Thursday 17 June 2004 10:47 am, Kevin A. McGrail wrote: > > > (Actually, the phrase "Hebrew spam" is quite ironic, considering what > > > SPAM-the-food is made from. :-)) > > > > I just had that discussion re: HAM / SPAM. I vote we change it to kosher > > and non-kosher email ;-) > > Count me as a vote for the change. ;D > > Kayne > > ___ > Visit http://www.mimedefang.org and http://www.canit.ca > MIMEDefang mailing list > [EMAIL PROTECTED] > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Removing read receipts for particular account.
- Original Message - From: "David F. Skoll" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, May 06, 2004 11:09 PM Subject: Re: [Mimedefang] Removing read receipts for particular account. > On Fri, 7 May 2004, Mark Suter wrote: > > > Also consider dropping outbound NDN notices, > > Please don't do that. NDN's were invented for a reason: To make e-mail > reliable. If you drop NDN's, you chip away at e-mail's reliability, > which is worse for people's confidence in e-mail than spam. > Unless somebody can come up with a way to distinguish real NDNs from a) Spam disguised as an NDN and b) NDNs of forged mail that I never sent in the first place (of which I get hundreds if not thousands of a day), then all NDNs on my system get ignored anyway. -- Dave Williss -- Meddle not in the affairs of dragons, for you are crunchy and taste good with catsup ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] How to best populate a spamtrap?
Getting Spam is easy. However, if you really want to feed the Bayesian filter in SpamAssassin, you need to feed it "ham" (non-spam) as well. Although I don't like the "ham" term, because from my point-of-view, ham's not kosher either :-) Anybody got any ideas on how to do that? - Original Message - From: "Martin Bene" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, February 26, 2004 1:25 AM Subject: [Mimedefang] How to best populate a spamtrap? > Ok, unusual request - I'm looking for ways to get MORE spam sent to a new email account: I'm setting up a spam-trap to hopefully help filtering for the other accounts. Obviously, the more spam address lists etc. this trap is on, the better. > > Any ideas how to best get this address used by spammers? > > Thanks, Martin > > ___ > Visit http://www.mimedefang.org and http://www.canit.ca > MIMEDefang mailing list > [EMAIL PROTECTED] > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Another Spammer trick to try to stomp out
Another Spam trick I'm seeing lately is that they'll spell words using accented versions of vowels. For example, the "V" word might be spelled with an "i" with a grave accent above it. Or they'll use an "o" with an umlaut above it or other such stuff. So here's my idea, but I don't know if it will work. In the MD filter, replace all occurrences of the accented vowels in the subject with the unaccented versions. There are a few continents to deal with too, like a d with a slash through it, n with a tilde, etc. Then (and this is the part I don't know if it would work) run it through SpamAssassin. If it falls below the spam threshold, restore the subject line with a copy that you conveniently kept before mucking with it, just in case the accents were legitimate. But the real question is: Can your MD filter modify the subject in such a way that SA will see the change? And if so, how? I'm guessing that the subject variable available to the filter is just a copy and that SA will be passed the raw message with the original subject. -- Dave Williss -- Meddle not in the affairs of dragons, for you are crunchy and taste good with catsup ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] action_bounce - forget it!
- Original Message - From: "Kevin A. McGrail" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 29, 2004 8:36 AM Subject: Re: [Mimedefang] action_bounce - forget it! > > > line ~220) looks like this - see below. No bouncing, no quarantines, > just > > > action_discard. For ALL the viruses/worms. That's it! > > > > Well, in most countries this is however illegal. > > I think common sense and a lack of case law on this would prevail > > "common sense" and lawyers don't mix :-) I agree though. Known viruses should just be dropped. I can see a twisted point of view why it might be illegal in some countries to just blindly filter Spam. -- Dave Williss -- Meddle not in the affairs of dragons, for you are crunchy and taste good with catsup ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang