On Wed, 2002-11-06 at 10:46, Jean-Paul van de Plasse wrote: > > > > > Hmm Then it might be wise to change the header to match your site. > > Maybe have Qmail Scanner report "X-Spam-Status-mysite: No" > > > maybe I see this a bit silly, but that does not sound like a very good > solution. > I mean the "lowlife" can also fake this, so what good is it.
It's simply security by obscurity. The spammer wants to bypass your filter, so he throws in common headers saying his mail isn't Spam. Odds are pretty good that a batch mailer isn't going to modify each email before it's sent out. Hell, if I made money on bulk email, I would purchase every spam blocker system, and see how to get around it. Merely falsifying headers just might do the trick. If you change the X-Spam-Status header on your site, you'll probably be fine, and hidden from that 'lowlife'. This is, of course, assuming that enough Spam is already getting past your filters because they've faked a header, requiring you to change your header. Said 'lowlife' could then adjust, but how likely is it that he's > %1 of your spam? And how likely is it that once that header becomes site specific, 'lowlife' would be able to adjust to ALL variances? Just one guy getting past is a minor nuisance, but if it's a trend, then it may become an issue. That's how I see it being of use. Then again, X-Spam-Status should be at the top of the header list, because it hit your server last. I wonder if some client filters aren't stopping at the first positive hit? I think I'm going nowhere fast. Rick -- -- Rick Romero IT Manager Valeo, Inc. ph: 262.695.4841 Sussex, WI. fax: 262.695.4850 [EMAIL PROTECTED] ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
