On Sun, Jul 07, 2002 at 04:20:20PM -0400, Andrew Kohlsmith wrote:
| > There are really only two ideal spam indicators:
| >
| > (1) Who sent it.
| > (2) What proportion of the people who got it, didn't want it.

(3)  Is my copy unsolicited junk?

| > Unfortunately there's no way to directly apply either of those criteria.

Ditto.

| OT: is it possible to add a configuration option which lists the domain 
| mailservers and their IPs?  And add a test which scores rather highly for 
| mail claiming to come from domain.dom but which isn't actually from one of 
| the mailservers for domain.dom?

This belongs at the MTA level, if it belongs at all.  How about this:

    You legitimately find a copy of my old/other email address (for
    example you read exim-users and reply to one of my posts).  You
    send me a message at that address, which is From: your domain.  My
    MTA sees it coming from the server pony-express.cs.rit.edu
    because that's where the .forward is that redirects that address
    to my real/current address.  

There are lots of legitimate ways for a From: header to come from a
seemingly unrelated server.

Not to mention one of your users could have his mail forwarded
off-site, and then forwarded back in.
 
| I am seeing a lot of spam that is tripping up the whitelist because it's from 
| a whitelisted domain (the domain I run SA on).

That's the problem with whitelists.  It is easy enough to forge the
"From:" sender.

-D

-- 
 
Do not be afraid of those who kill the body but cannot kill the soul.
Rather be afraid of the One who can destroy both soul and body in hell.
        Matthew 10:28
 
http://dman.ddts.net/~dman/

Attachment: msg07127/pgp00000.pgp
Description: PGP signature

Reply via email to