-----Original Message----- From: mouss [mailto:mo...@ml.netoyen.net] Sent: woensdag 29 april 2009 20:53 To: users@spamassassin.apache.org Subject: Re: 'anti' AWL
> on the other hand, a spammer can forge Received headers. and this is > a serious problem. Using "untrusted" received headers is broken. I've been following this discussion for a while; and while I can go along with some of the latest rationale 'pro' AWL, I really do have to agree with mouss (and others) here, that trusting any Received header other than that of your own mail server(s) is inherently broken behavior, and asking for trouble. It opens a whole can of worms, like 'Received-header-poisoning' (not so much to get oneself whitelisted, but to give a legit mail server a bad rep over time). At least with DNS poisoning you'd have to be reasonably knowledgeable to exploit it: 'Received-header-poisoning', on the other hand, requires as little as ill will. > another approach would be to check both (the last external hop and the > first possibly-fake "out relay") and use "the worst" result. but this > is easier to say than to assess... I'm sure some meaningful statistical correlation between the two could be established over time (meaningful enough to predict fakes and all). But somehow I feel that's still like adding a bad element to otherwise clean waters, and then adding lots of extra water to dilute the end result again; in other words: let's just not poison the well to begin with. - Mark
