Ronald F. Guilmette said:
The mail host sees that news(_at_)cnn(_dot_)com has been added to the white
list and
allows mail to be sent without computation time...
... after which the mose astute portion of the spammer community figures
out that they will increase their odds of delivery dramatically, simply
by sending out their spams with the forged envelope sender address of
<news(_at_)cnn(_dot_)com>.
Yep. This is exactly what's happened with some default whitelists, such
as the Amazon.com one distributed in early versions of SpamAssassin; the
concept was that spammers would be unlikely to fake the sender as
<something(_at_)amazon(_dot_)com>, since they're a big, well-funded, litigious
company, and there's a legal precedent for such a co suing a spammer (ie
flowers.com).
I was wrong, it turned out. Spammers had *no* problem faking their From
addresses that way, and we've seen lots of examples. I don't think
Amazon have taken any cases either :(
The other anti-whitelisting technique spammers use, is to fake your
address as both From and To, on the basis that you usually appear
in your own whitelist. This is quite reliable, it seems.
Keep in mind, as covered in the overview, white lists do not exclude people
from sending mail to an end user, but rather slows the ability to rapidly
send mail to unknown persons.
Except for the trusted ones... or anybody masquerading as trusted one.
Yep. And solve the masquerading problem, as has been said before here, and
you're halfway there anyway.
--j.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg