Hello Steven, Thursday, December 1, 2005, 6:57:45 PM, you wrote:
SS> In order to keep our mail flowing to AOL members, I've signed up through SS> the AOL postmaster service to receive TOS reports. Basically, whenever SS> someone reports mail from our domains as spam, AOL forwards it to me. SS> Anyhow, when it arrives, SA classifies it as spam. What's the reason for SS> the SARE_SPEC_CLIENT rules? Would it be a problem for other spam if I SS> overrode them by whitelisting the sender ([EMAIL PROTECTED])? The reason is that people on our systems here that have not subscribed to this service are receiving spam with exactly these characteristics. I believe that some spammer (or ratware) is mimicking the AOL service's characteristics in order to get their spam through people's whitelists. When I put these rules together, I wasn't aware of AOL's service and its email characteristics, and nobody else in any of the several SARE mass-checks had any hits at all, so there was no indication through that means that this was a Bad Rule (tm). 1) If you subscribe to this service, or any domain you process mail for does, zero the score on these rules. 2) As soon as I get back from vacation, I'll zero the scores on those rules in the production files, and see if I can figure out how to identify the spammer as opposed to the service. 3) Yes, whitelist [EMAIL PROTECTED], but do so through an unforgeable means, such as SPF or RCVD. Do not use a simple whitelist from, since that's what the spammer is hoping you will do. Bob Menschel
