----- Original Message -----
From: "Jason J. Ellingson" <[EMAIL PROTECTED]>
> I'm sure someone thought of this, but I don't see it asked before... so...
> =====
> 1) Person X regularly gets emails from Person Y (good friends)
>
> 2) Person Z is a bad guy... so he sends Person X a GTUBE email with a
faked
> FROM: address of Person Y.
>
> 3) Now, GTUBE scores a 1000 points, and gets set to the AWL database.
>
> 4) Future emails from Person Y to Person X now get tagged as spam since
AWL
> keeps bumping up the score because of the GTUBE that was sent earlier.
> =====
> I hope that makes sense...
Make sense, but wouldn't work unless bad guy Z was also sending his GTUBE
message from the same address range that Person Y normally send his messages
to Person X from. Here is a snippet from the AWL database:
-2.9 (-2.9/1) -- [EMAIL PROTECTED]|ip=216.33
2.0 (2.0/1) -- [EMAIL PROTECTED]|ip=64.225
5.3 (5.3/1) -- [EMAIL PROTECTED]|ip=67.171
0.4 (0.8/2) -- [EMAIL PROTECTED]|ip=205.244
-4.3 (-4.3/1) -- [EMAIL PROTECTED]|ip=192.209
Note the "ip=xxx.xxx" at the end of each line, after the senders e-mail
address. This helps to prevent malicious activities like you've discribed.
It can happen, but not as easily as you thought (once again, the devs were
thinking ahead).
> I gotta think this isn't gonna happen... but anyone know if it can? If
so,
> I'm not going to enable AWL on my server.
You're safe, go for it.
Bill
