RW a écrit : > On Wed, 29 Apr 2009 20:49:29 +0200 > mouss <mo...@ml.netoyen.net> wrote: > > >> on the other hand, a spammer can forge Received headers. and this is a >> serious problem. Using "untrusted" received headers is broken. > > The point of AWL is to tweak ham scores towards the mean to avoid > outlying high-scores causing FPs.
The "W" in AWL is a (historical) misnomer. ARL (automatic reputation list) is probably a better name. in short, it works in both directions. > The AWL score arithmetic doesn't > involve BAYES scores or whitelisting scores, so a spammer that > spoofs an existing AWL entry isn't going to pickup all that much > advantage. if you check the archives, you'll find that sometimes, some entries in AWL get a very significant score, enough to move the message to the wrong class. and since Mark named it, AWL poisoning is not hard if using untrusted headers. > Most spam either wouldn't be protected by spoofing an > entry, or scores low-enough without it. And spammers don't know > much about your AWL database in the first place. > while it's not trivial, the risk is here. and I personally don't feel confortable. maybe someone can do a better assessment and qualify the real risk. but I don't see the benefit of using an untrusted header. yes, I understand the issue with large *SPs but this can be fixed, and I believe it should be anyway: currently the trust path parsing is (almost) binary. it could be either extended (bu adding more layers than internal and trusted) or made "dynamic" (adding code that handles different situations). > [snip]
