Prediction [was: spam addrs]
David Relson
relson at osagesoftware.com
Tue Jun 29 18:08:30 CEST 2004
On Tue, 29 Jun 2004 10:49:23 -0400
Tom Anderson wrote:
> The spammers are still learning too. Likely, if there is a hole, they
> will find it. If I were a spammer and I noticed that a relatively
> popular spam filter was identifying my IP, I'd try everything to
> prevent it. Such as using square bracketed IPs in the HELO string as
> above. The filter (or filter writers) should attempt to predict and
> prevent any such circumvention methods.
Tom,
I've seen many software projects where time was spent trying to
anticipate everything the user wanted. I've seen others where the time
was spent addressing the needs. The "needs" based projects tended to be
more successful than the "wants" project -- because it's impossible to
anticipate what is really valuable.
So I'm willing to deal with what actually affects people and am not
willing to try to predict future spammer tricks.
Bogofilter can be modified to recognize square bracketed addresses in
Received: statements. I know that's useful because postfix uses that
format. The test can even require whitespace before the left bracket.
'Tis nice that spamitarium can correctly process
Received: from helo-[1.2.3.4] 65.126.137.220 as209
by oac-design.com 216.109.145.120
but what MTA delivers this format (unbracketed address)? I'm interested
in "out of the box" delivery formats, not "I'm going to customize _my_
MTA's format so that it's different."
The present cvs code includes a square bracket test, which removes the
need for the "received state" state machine, but doesn't have a
whitespace check. If you want a copy of the patch to update 0.92.0 to
cvs, let me know.
David
More information about the Bogofilter
mailing list