John Fleming wrote: > Real novice here - Would someone please explain how a stock spam was > able to use my whitelist to get a huge negative score? I do have a > whitelist, but the user shown below is not in it. Check the Return-Path header.
Is [EMAIL PROTECTED] in your whitelist_from? If so, there's you culprit. To fix this, switch to whitelist_from_rcvd. NEVER use whitelist_from for ANYTHING unless you've exhausted all other options first. whitelist_from is trivially forgeable. And before you complain about whitelist_from matching the return-path, this header is no more difficult to forge than the real From: header. whitelist_from'ing yourself or your domain is just asking to be abused, no matter how many or how few headers it checks, they're all easy to forge. > I do have one > Italian (.it) domain in the whitelist, but it is a different/address > domain. How did this msg get whitelisted? > > And, why did it get autolearned as "Spam" with a huge negative score > and end up in my inbox?? Seems very strange to me on several fronts! > > Thanks! - John > > Viewing Full Header - View message > Return-Path: <[EMAIL PROTECTED]>
