On Wed, 29 Apr 2009 20:49:29 +0200 mouss <mo...@ml.netoyen.net> wrote:
> on the other hand, a spammer can forge Received headers. and this is a > serious problem. Using "untrusted" received headers is broken. The point of AWL is to tweak ham scores towards the mean to avoid outlying high-scores causing FPs. The AWL score arithmetic doesn't involve BAYES scores or whitelisting scores, so a spammer that spoofs an existing AWL entry isn't going to pickup all that much advantage. Most spam either wouldn't be protected by spoofing an entry, or scores low-enough without it. And spammers don't know much about your AWL database in the first place. If a spammer wants to exploit AWL the easiest way is to send some low-scoring dummy spams ahead of the real one - this doesn't require forging headers. > another approach would be to check both (the last external hop and the > first possibly-fake "out relay") and use "the worst" result. but this > is easier to say than to assess...
