On Tue, 19 Jun 2012, Jeff Mincy wrote:
From: John Hardin <jhar...@impsec.org>
I'd suggest instead a lint warning if it is used, alerting the admin that
it's discouraged and that it has problems like this and is very easy to
spoof.
How about creating a different score for whitelist_from that is
separate from whitelist_from_rcvd? For example, whitelist_from could
trigger USER_IN_SIMPLE_WHITELIST (or some other variation). The
description of the test could include warnings about how easy
it is to spoof whitelist_from.
My suggestion was intended to minimize the effect on existing behavior. I
agree, it would probably be a very good idea to allow whitelist_from to be
scored differently than the other whitelist variants, and to ship it with
a smaller default score, but that change is fairly disruptive.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Usually Microsoft doesn't develop products, we buy products.
-- Arno Edelmann, Microsoft product manager
-----------------------------------------------------------------------
15 days until the 236th anniversary of the Declaration of Independence
