This very fact can cause headaches when trying to unsubscribe from, say, a mailing list that you joined long ago when you used a different email address in your "From:" field than you do now (and the unsubscribe mechanism of the list wants to see the correct address in your "From: " header line). Since the "To:" line of the stuff you get from the list usually says something like "To: Members of the blah-blah list", you could be in for a lot of hassle getting unsubscribed.
Some MTA's (Exim is one) let you tell it to add a field to incoming mail (in Exim's case, it's called "Envelope-To:", I think) which contains the address that the remote host asked the mail to be delivered to when it was speaking SMTP. However, not all MTA's do this, so SpamAssassin can't be guaranteed that it can get its hands on the address that the spammers are ROT13-ing and encoding into the URI's.
Besides, as Matthew pointed out, the ROT13 of your email address grows to prominence in your Bayes DB fairly quickly anyway, so.... (shrug).....
Jesse Houwing wrote:
This would make a great eval test to automatically test against the users emailaddress. I think the actual to address is already extracted, so it should be easy to check against this information.
BTW does anyone know who made that page? His link to the SARE website is no longer accurate.
Jesse SARE Ninja
-----Original Message----- From: "Genchev, Sergei" <[EMAIL PROTECTED]> To: "'Joe Emenaker'" <[EMAIL PROTECTED]>, Steve Thomas <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Date: Tue, 18 May 2004 12:13:13 -0500 Subject: RE: SPAM multiplying since use of spamassassin
There is a great web page that will write ROT-13, BASE64 and other types of encoding rules for your domain.
http://www.wot.no-ip.com/cgi-bin/detoken.pl
Steve Thomas wrote:
On Tue, May 11, 2004 at 12:35:12AM -0400, [EMAIL PROTECTED] isrumored
to have said:
I started using spamassassin on my RedHat 7.3 system a few weeks ago.
been...
Any ideas?
Spammers are sending more spam.
There's no way for them to know what happens to a message once it's
accepted by the receiving system.
Actually, I've seen HTML spam where it had IMG tags that pointed to their server, where the URL of the image had some querystring gobbledegook after the name of the image, which certainly translates back to my email address somehow. So, if you view it, there are ways of
finding out....
- Joe
------------------------- This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient. If you are not the intended
recipient, please be aware that any disclosure, copying, distribution
or use of this e-mail or any attachment is prohibited. If you have
received this e-mail in error, please contact the sender and delete all
copies. Thank you for your cooperation
smime.p7s
Description: S/MIME Cryptographic Signature
