On 28.04.09 08:43, LuKreme wrote: > OK, working on my first cup of coffee this morning, so maybe this has > potential. > > The way the AWL works is by keeping track of the origin of emails, both > the address and the server (the top line Received header?) that send the > email. So, lets say that I have a lot of email from f...@example.com and > that foo's email is sent to me via mail.example.com. > > Now, I get an email claiming to be from f...@example.com but sent to me > from suspiciousserver.tld, so the AWL is not applied. > > But if I've gotten 50 emails from f...@example.com and all came through > mail.example.com it seems that it would be beneficial to have a 'anti' > AWL score score applied to this particular email, since it claims to be > from one place, but doesn't match the AWL entry. This, naturally would > start of a new AWL entry, but with a slightly higher score than > otherwise.
We have more servers users send mail through. Users can't choose which server will they connect. It can also happen when user switched ISP, mail provider, or the mail provider changes IP address, DNS names or what is used there. This would require much more logic that is curerntly in AWL. > This would even be useful if the original AWL entry is spammish since > multiple servers might be a sign of a botnet or host hopping, so > applying a little spammish nudge to these messages is probably going to > help out a lot, especially if spam...@fakedoamin.tld is sending mails > from, say, 10 different server then all those AWL mismatches are going to > feed each other into moving that AWL up very very fast. The question is if users tend to repeatedly get spam from the same sender through the same servers. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. If Barbie is so popular, why do you have to buy her friends?
