Robert Menschel wrote:
Hello Steven,
Thursday, December 1, 2005, 6:57:45 PM, you wrote:
SS> In order to keep our mail flowing to AOL members, I've signed up through
SS> the AOL postmaster service to receive TOS reports. Basically, whenever
SS> someone reports mail from our domains as spam, AOL forwards it to me.
SS> Anyhow, when it arrives, SA classifies it as spam. What's the reason for
SS> the SARE_SPEC_CLIENT rules? Would it be a problem for other spam if I
SS> overrode them by whitelisting the sender ([EMAIL PROTECTED])?
The reason is that people on our systems here that have not subscribed
to this service are receiving spam with exactly these characteristics.
I believe that some spammer (or ratware) is mimicking the AOL
service's characteristics in order to get their spam through people's
whitelists.
When I put these rules together, I wasn't aware of AOL's service and
its email characteristics, and nobody else in any of the several SARE
mass-checks had any hits at all, so there was no indication through
that means that this was a Bad Rule (tm).
1) If you subscribe to this service, or any domain you process mail
for does, zero the score on these rules.
2) As soon as I get back from vacation, I'll zero the scores on those
rules in the production files, and see if I can figure out how to
identify the spammer as opposed to the service.
3) Yes, whitelist [EMAIL PROTECTED], but do so through an unforgeable
means, such as SPF or RCVD. Do not use a simple whitelist from, since
that's what the spammer is hoping you will do.
Bob Menschel
Thanks. I'm using the whitelist_from_spf successfully.
--
Steve
