At first glance, you would think that a habeas 'whitelist' would be good, but you have to realize that in many cases, an individual habeas customer may be using a 'major' ISP, which could either be abused, or actually carry a few spammers. Would we want to whitelist the AOL mail servers? |-P
No, Habeas has the right idea, making the LAW work against spammers. - Charles On Sun, 18 Jan 2004, Jonas Eckerman wrote: > A simpler way would be to use a DNS whitelist (like an RBL but white > instead of black, called RWL below). > > HABEAS would need to create a header that specifies that the RWL > should be used. Either a second copyrighted trademarked HABEAS header > or a header that, when combined with the current copyrighted > trademarked header, specifies this. > > If a mail is received with that header SA checks the RWL. If the > sending MTA was not in the RWL, the mail gets a *high* score. If it > was there, the mail gets a *lower* score than for the current HABEAS > check. > > Companies that know what servers they'll be using to send HABEAS > marked mail could ask HABEAS to put their sending MTAs IPs in the RWL > and could then use this new header. > > This requires a few things: > > 1: Mail sent with this mark *must* be sent only from authorized > servers directly to the receiving MX servers. 2: Sa must know about > backup MXes and not check those against the RWL. 3: HABEAS must > implement it, make their subscribers want to use it, and make the RWL > public and free. 4: Their subscribers must start using it. > > Considering that most of the stuff needed for this is allready > implemented in SA and other SPAM checkers, it should be pretty easy to > add this functionality to them. It should also be pretty easy for > HABEAS to implement as they allready have an RBL and an RWL. And for > HABEAS customers it should be easy to just swap to the new HABEAS > header once they're in the RWL. The hardest part'd be for the > customers to find out what IPs they're sending from and make sure > they're never sending from any other IPs. > > Notes: HABEAS allready has an RWL listing trusted sending MTAs. That > RWL is not completely publicly available though, wich is > understandable. Currently, using that RBL would mean checking against > it for a *lot* of incoming mail. The above solution would mean that we > only have to check agains the RWL for mails containing the HABEAS > header telling as to do so, wich will mean that the load will not be > nearly as heavy as it'd be if everyone started checking against their > current RWL. > > Regards /Jonas -- Jonas Eckerman, [EMAIL PROTECTED] > http://www.fsdb.org/ ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
