On Tuesday, May 13, 2003, at 14:24 Europe/London, Eric Dean wrote:
I've started a new thread to discuss list detectiom just to be search
engine
friendly.
There seem to be a variety of methods that lists use including
preserving
the original sender as well as sending witht the list's email address.
This
particular list sends with the list's email address. For C/R systems,
this
often works fine because you often have to send to a list-subscribe in
order
to join the list. A C/R will then send a challenge to the list and
subsequently get denied.
For lists that preserve the sender's email address, a C/R system can
be a
bit unfriendly. However, we have seen that most list's use a "Sender"
header somewhere inside the message body. for example, this list
sends:
Sender: asrg-admin(_at_)ietf(_dot_)org
If we encounter such a header, we will then not challenge the sender
but
will require the user to take an action. I'm not trying to have
another C/R
discussion but rather am interested in the various list detection
methods
available. I've sorted through procmail to see what methods are
available
to that source and the above was the best I could come up with.
There's lots of good code in SpamAssassin that I added to detect
legitimate mailing lists. It would probably be a good starting point
(and it's easy to find - look for the file called "MailingList.pm").
But I don't quite understand. Spammers don't care much who they send
to, and the bad ones just want to not have to process bounces (which is
why they use freemail or forged return paths). Surely if you do this
the spammers are just going to add enough headers in to look like a
"legitimate" mailing list, and thus force the user to take the action?
I'm speculating, of course, but I don't think it will take long for
them to decide to do that if it gets widely implemented (spot the
number of spammers taking steps to bypass SpamAssassin now).
Matt.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg