Benny Pedersen wrote: > On Thu, March 26, 2009 13:22, The Doctor wrote: > >> All right then this is really odd!!! >> The person has always sent me mail from the intranet no problem. >> I just updated the perl to 5.10.0 threading >> and then I am like how did AWL change? >> > > spammers begin to use your friends email addr as sender, awl sees this > > to fight back, use spf on mta > > That shouldn't happen, unless your spammers are also using your friends ISP.. or your trusted_networks is broken.
An AWL entry is defined by two fields. email address, and the top two bytes of the IP address of the first untrusted host. So If I send you email, it would be: mkettler...@verizon.net|ip=206.46 206.46.173.7 being the verizon server that my emails goes out over. If Karsten Braeckelmann (picking another person off the thread) forged my address, the AWL entry would be this: mkettler...@verizon.net|ip=213.157 Because 213.157.0.165 is Karsten's outbound server. To the AWL, these are two different senders, with different score histories. Karsten can forge my address all he likes, and it won't affect what the AWL thinks of email I send.
