http://bugzilla.spamassassin.org/show_bug.cgi?id=3417
------- Additional Comments From [EMAIL PROTECTED] 2004-05-26 22:45 ------- >I think you missed the point of my previous mail. So I'm not going to >post any more in the ticket after this mail. >The rule, as proposed, looks through all the untrusted received headers, >and uses the header From domain, so it's trivial for a spammer to >put in any matching forged From and Received header and hit the rule. >Definitely not a good whitelist. Thanx for your time and I am sorry. You are right about my first patch. In my second patch I check all IPs in header. All IP (not only one of them) should be in MX lists. Lets speak about "forging" From Spamers use hacked servers, many of that dont send or received mail. There are no domains, mx lists of that have this servers. It is impossible to forge "From" from this servers. Spamers and viruses should create a map "sender IP"->"correct From" to forge rule. It is very hard task. It is impossible for many spamer servers. The percentage of spams for rule can rise, but remain at low level. The potencial "forging" of rule is low. If you use AWL,BAYES_00,RCVD_IN_BSP_TRUSTED and plan to use SPF_CHECK, tell me criteria, why this rules better than my? They have low level of "forging"? They are hard to forge? How do you compute "the level of potential forging"? Lets define a new criteria of accepting new whitelisted rules: Forging*Wide*Ratio If we cannot define "Forging", lets use current Wide*Ratio. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
