-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dan Mahoney, System Admin writes:
> Hey all,
>
> I just started getting AOL's SCOMP emails, and after a little twiddling to
> keep them from getting seen as spam by SpamAssassin, I've found a couple
> issues with them. I was wondering if anyone else had these issues, and if
> anyone knew of any easy way around them.
>
> 1) AOL seems to like to leave the "To:" header set to
> [EMAIL PROTECTED] rather than setting it explicitly to the
> email address you've registered for the scomp -- apparently they bcc your
> email address. This causes it to set off spam filters big time. My usual
> abuse@ whitelist isn't working for this -- I don't know if anyone knows a
> human to contact at AOL, but this violates a huge standard AFAIK.
I think you really need to figure out how to whitelist that properly ;)
it looks 100% legal to me. the "To" addr really isn't useful for very
much when whitelisting...
> What could I possibly set to find this? I've set up a whitelist_from, but
> I have a feeling this will get abused. I'm also not quite sure aol.net
> (not .com) has an SPF record set up -- and I feel that in a sitation where
> you're expected to blindly trust a "from" address should only be used
> where an SPF fail is a valid reason for a reject. I've already had stupid
> spammers find my abuse box, but I don't dare to think how bad it would be
> if there was an address were were EXPECTING to get bcc'd emails from.
Either
(a) trust their sending SMTP relays using trusted_networks so that
those mails get ALL_TRUSTED
(b) trust those IP ranges at a higher level, e.g. in the MTA
(c) use whitelist_from_rcvd
> 2) This is more a pine issue than anything else, but it seems when you're
> viewing attached messages in pine, they're only seen in their "standard"
> form (i.e. there is NO way) to view full headers for an attachment, other
> than viewing the raw source of the message itself, complete with all MIME
> boundaries). I'll write the pine dev-team on this, but I'm noting it here
> in case anyone seems to have similar issues.
no idea here ;)
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFBf/nzMJF5cimLx9ARAq+YAJwLVHLwkOKGLIfxP8dvuClXOiEwJwCglFmP
r92gTzD2vgwad0beJSvcdpo=
=4Gv+
-----END PGP SIGNATURE-----
