info about spam messages
Tom Anderson
tanderso at oac-design.com
Fri Jun 11 19:53:23 CEST 2004
From: "Chris Wilkes" <cwilkes-bf at ladro.com>
> Now we're lucky as we're only going to use what our own servers put in
> there and that (should) be well formatted, or at least remain consistant
> -- famous last words of course.
If this functionality is in bogofilter though, then all MTAs must be taken
into account. We don't want to start making particular MTAs in particular
configurations a prerequisite to running bogofilter accurately. Some
administrators may decide to configure a completely non-standard received
line in their server. This is why I think bogofilter should stick to its
core purpose of generating a spamicity, and doing it well. Not other
ancilliary stuff.
> It might be easier to have people's MTAs put in a header line like
> "X-Original-IP: 192.168.0.10" and go off of that. I think yahoo's email
> uses something similiar to that to label their outgoing email though.
> Does bogofilter ignore X- headers when tokenizing?
This is just as easily forgeable as the received line, if not moreso. Also,
using non-standard headers is probably not a good idea. If such a thing
were truly useful, it should be included in the standard.
My ultimate point is that email is not currently traceable with absolute
certainty. This is a part of a much grander philosophical discussion about
the tradeoffs between privacy and security on the internet, down to the
internet protocol itself. You're presently taking the position of the RIAA
and other "Trusted Computing" (http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html)
advocates who want to install chips and software on all computers on earth,
enforceable by law, which take away any vestige of privacy you may have. I
don't think you really want to take that position, but I could be wrong. If
you outlaw privacy, only outlaws will have privacy. I think we all know the
Ben Franklin quote about security and liberty. We don't need to get into
this discussion here. Suffice it to say that being able to block spammers
flawlessly via their source IP alone is simply not doable now or in the near
future, nor would it likely be practical anyway since it is so easy to move
on to a different address. The best we can do is take into account known
spammy subnets and ASNs, and rank them within the rest of the bogofilter
calculation along with the rest of the content in the email. That's what I
attempt to do with spamitarium.
Tom
More information about the Bogofilter
mailing list