ietf-asrg
[Top] [All Lists]

Re: pros and cons of RMX (Re: [Asrg] Declaration to the world) (fwd)

2003-03-07 10:53:35
In <00d101c2e4cc$a9fa4e10$4d9cf140(_at_)rtr(_dot_)com> "Gary Feldman" 
<gaf(_at_)rtr(_dot_)com> writes:


I think this is backwards.  The mail headers I see from this
mailing list keep From: set to the original sender, and add
a Sender: field identifying asrg-admin as the true sender.

There is a difference between the From_ header and the From: header.


As William points out, this raises the point of "which headers should
be authenticated?"

Because I cut and pasted code, my 20 line patch to SpamAssassin
currently checks the From_ header and the Reply-to: header.  I'm not
sure if that is the right thing to do.  The Sender: header should
certainly be considered, but as others have pointed out, you will get
false positives.

One thing I like about SpamAssassin is that a false positive on one
test will not automatically cause a false positive as a result.  So,
now that I've implemented a domain specific DNSBL for midwestcs.com,
if someone sends me email forged to say that it came from
midwestcs.com, it will likely still make it into my inbox.  Unless, of
course, there are several other indications that it is spam.


Personally, the biggest problem I've had with "people" forging my
domain name is from KLEZ worms and such.  I've had several people
nastily accuse me of sending them the worm, just because the worm
forged my name.



-wayne

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg