no To: header in emails
Tom Anderson
tanderso at oac-design.com
Wed Mar 3 15:40:11 CET 2004
On Wed, 2004-03-03 at 09:22, Eric Wood wrote:
> The particular spam I just got was missing a To: and CC: fields completely.
> Would you think it would be safe to /dev/null those emails?
Safer would be to inject an X-header of the form "X-missing: missing-to;
missing-cc;" or something like that. Then, bogofilter could match those
tokens and apply statistical filtering as with other tokens. The result
would be that very hammy messages missing the To: and CC: fields would
still get through (maybe you were BCC'd), but otherwise neutral messages
would get biased toward spam (assuming missing-to or missing-cc were in
fact prevalent in spams). Using /dev/null is only safe when you know
for an absolute fact that you don't want to receive the message. I
don't think missing headers is such a case.
BTW, I'm currently working on a pre-processor which will do just such
modifications. This started after my discussion on this list regarding
the Received: header. I think that bogofilter should not be altered,
but kept strictly a statistical filter. This does not, however, prevent
us from running some heuristics before bogofilter gets the message. My
script will give the option of removing some headers (eg X-mailer) and
emphasizing others (eg rcvd-ip, rcvd-addr, etc.). I'll add the option
for missing-to and missing-cc as well.
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.bogofilter.org/pipermail/bogofilter/attachments/20040303/e86eb323/attachment.sig>
More information about the Bogofilter
mailing list