info about spam messages
Tayfun ASKER
tasker at metu.edu.tr
Fri Jun 11 16:37:39 CEST 2004
Hi Tom,
"From" line is of course very easy to spoof. But, for example, we
receive lots of spam with From address big at boss.com. I think there is no
harm to filter these spams using just the spoofed From info.
Regards,
Tayfun
>
> Looks like the emails I sent from home this morning didn't get out of my
> outbox, because now I'm going to repeat myself. Be very, very careful using
> any information in the header to block out emails at the MTA level. Spams
> use spoofed headers more often than not. Never ever rely on a "From"
> address. You have to use the "Received" lines, and those can be spoofed
> too. The only trustworthy one is the one set by your own server, but even
> in that line, you have to be careful... don't rely on the HELO string, only
> the IP address or rDNS address provided by your own mail server. The logic
> to verify you have valid information can be somewhat complex. I'd recommend
> it not be in bogofilter itself, but in your external script called from
> procmail. See http://orderamidchaos.com/bogofilter/spamitarium for similar
> functionality.
>
> Tom
>
More information about the Bogofilter
mailing list