Hello Chris, Wednesday, March 9, 2005, 7:30:20 AM, you wrote:
>>Summary: A group of volunteers will maintain a collected/distributed >>whitelist, using SpamAssassin's whitelist_from_rcvd capabilities, >>similar to (but in the opposite direction as) William Stearns' >>collected/distributed blacklist at >>http://www.stearns.org/sa-blacklist/sa-blacklist.current.cf CS> This might just be the first time I disagree with you Bob ;) CS> I don't see how this ruleset will not get abused. If I was a CS> spammer I would make sure all my spam hit these rules to let me CS> in. If you was a spammer, I can see you trying to do so. But how are you going to manage it? As I understand whitelist_from_rcvd, SpamAssassin will a) track the received headers to find the oldest header from within the local network. This is the oldest header that was generated by a machine under your control, the oldest header that you can trust. This header contains the name and IP address of the machine which sent the mail into your network. whitelist_from_rcvd compares this information, obtained by your machine during its SMTP interactions, with the From information, and validates whether or not email from that From is known to come in from that machine. If it matches, then we can say that the email from From followed an acceptable path, and since From is known to not spam, we'll accept the email. If From is not whitelisted, the rule doesn't apply. If From is supposedly whitelisted, but the machine that injected the email into your network is not listed in the whitelist_from_rcvd rule, then the rule fails, and the email does not gain any benefit. It could not be used by large hosting farms: good domain A, hosted on farm machine B, sends emails out via machines *.E (the farm's domain). Spam domain C, hosted on farm machine D, also sends emails out via machines *.E -- it's therefore possible for spam domain C to masquerade as good domain A, since you can't tell their SMTP machines apart. However, you won't find United Airlines, or Citibank, or the Washington Post, using those types of services. We can apply these rules to their domains, and whitelist Washington Post emails provided they come from Washington Post SMTP machines. Or do you see a hole in this process? Bob Menschel
