Justin Mason wrote:
A quick note on Dave's summary sheet (thanks Dave, it's great!) --
under 'Transformation Protection' it speculates
'Con: Does copying [IIM's "copy protected headers" concept] really
increase protection?'
I would like to note that this is, indeed, *ideal* for us in SpamAssassin;
it lets us adopt new heuristics to deal with moderately-broken gateways
like old, unupgraded Mailman mailing list managers. Detecting Subject
line modification, where such modification is mailing-list-style
subject-tag prepending, is very easy in this case.
So, in my opinion, "copy protected headers" does increase protection, by
allowing verifiers to "rescue" some mails from becoming false positives
when rewritten by to nonconformant gateways -- and in that case, not
having to apply a blanket exemption for list-gated messages that fail the
signature check.
Exactly. The point of the copied headers is not extra protection;
rather, it is to allow the verifier to (optionally) be more tolerant of
header modifications. Arguably this is a feature in the opposite
direction from "protection", but we believe it doesn't provide a
significant opening unless the verifier decides to ignore header
modifications entirely. We're trying to help as many messages as
possible to pass verification without creating an opening for attackers
(ultimately, spammers and phishers).
-Jim