On Wednesday, May 15, 2002, at 06:58 PM, Michael Moncur wrote: > Since this sort of thing [forged return address from legitimate > business] > is becoming common, I've started using whitelist_to > instead for things like PayPal and Ameritrade, using a special address > for > each. (I tell PayPal my address is [EMAIL PROTECTED], and then > whitelist_to that address since spammers have no way of knowing that > address.) > > Here's an idea: keep the whitelist but make a separate > default_whitelist_from directive that acts the same as whitelist_from > but > can have its own score, and use default_whitelist_from in > 60_whitelist.cf. > That way (a) anyone can turn off the default whitelist with a single > score > entry in a preference file, and (b) spam reports will refer to the > "default > whitelist" so it's easy to diagnose when cases like this happen.
I believe that in the long run (perhaps sooner) it will be necessary to have two types of whitelist_froms. Whitelisting of the domain source of a message (as opposed to an individual address) should ideally be done on a Received line, not the From line. The From line is trivial to forge, and spammers know the value of making spams seem at least glancingly legit, so forgery of the big consumer e-commerce companies like Amazon and eBay is attractive. But hardly any bother to forge Received lines. I'm willing (for my personal mail) to whitelist amazon.com and ebay.com and a number of others based on a Received line, but the From line. So I'd like to see a received_whitelist as well, subject to the existing rules for FORGED_xxxx_RCVD and so forth. (I've also zeroed the scores of FORGED_JUNO_RCVD and FORGED_RCVD_FOUND since both have generated a number of false positives. I'll file that with Bugzilla.) -- Michael C. Berch [EMAIL PROTECTED] _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
