Rob Fantini wrote: > Bob Proulx wrote: > > To improve the accuracy you need to avoid whitelists. > Should I avoid whitelists them altogether, or just for local networks > checking?
The real problem is forgeries and spoofs. Anyone can put any from address they want on a mail message. Viruses especially do this routinely. Any whitelist based only on the From: address will be fooled by these. You whitelist your network and those will pass right through the checks. If you can ensure that mail on your network is not forged then whitelists for your network will be fine. But if not, then some viruses will undoubted forge your address and fool your whitelists. On my network I try hard to make sure that spoofed mail address from my own domain cannot enter my domain. But it is hard. I really can't do it. For example this message to the mailing list leaves my network, goes to the mailing list, then comes back into my network. The message contains my From: address. Any whitelist I would have on my domain would be fooled if that were spoofed. Because of this problem I don't like any algorithm that by design trusts the user. "Who goes there, friend or foo?" "Friend!" "Well, okay fine, you may pass." Therefore I don't like simple "From: name" whitelists. They have that fundamental flaw. I always try to avoid them. So then you ask what is the alternative? In spamassassin it follows the chain of hosts through the trusted_networks variable backtracking through the Received: headers. When it finds the point that mail enterred your network it can use that foreign machine's IP address and perform network checks. If the mail never left the network it sets ALL_TRUSTED which is good for negative points pushing the message to the non-spam classification. It would be great to have that capability available as a standalone script outside of the full spamassassin check. It was a check like that I was suggesting to really know if the mail came from your network. But as far as I know it is not available outside of spamassassin at this time. If someone had the inclination they could write that check in a standalone form. Bob
