Bugtraq mailing list archives
RE: Is predictable spam filtering a vulnerability?
From: David Brodbeck <DavidB () mail interclean com>
Date: Fri, 25 Jun 2004 16:11:53 -0400
-----Original Message----- From: PSE-L () mail professional org [mailto:PSE-L () mail professional org]
Many sites employ SpamAssassin and the like to simply FLAG messages and pass them along to the intended recipient, who can then employ their own filter process within their email client
This is what I do. Spam is tagged by a statistical filter, then tagged messages are filtered into a "Junk Mail" folder by the user's email client. In a corporate environment, where silently dropping mail from a customer is totally unacceptable, this is a good compromise. The user can skim their junk mail folder now and then and pick out anything that looks like it's important. (I do this about once a day; only takes a few seconds. A non-spam message in a folder full of spam tends to be surprisingly obvious.)
Of course, what do I know? Up till now, I assumed intelligent folk could manage to send a reply to a listserv without also sending an unnecessary carbon to the original message poster, and if not, at least courteous people would pay attention to the sigline making such a request...
If I did this earlier, I'm sorry. I correspond with a lot of people who prefer to get carbon copies of list replies, especially on moderated lists. I'm also not in the habit of reading signatures because they tend to be a waste of time. After seeing several dozen with bogus disclaimers and the like in them you lose interest...
John Fitzgibbon wrote:Archiving the dropped mail *and* terminating with a 5xx would be a much better approach.
To me that seems *totally* broken. A 5xx response means you didn't deliver the mail, and the failure was permanent. Terminating with a 5xx and then delivering the mail somewhere isn't kosher; in fact, it's the worst of both worlds. You've still accepted the spam, *and* you've potentially created a DSN.
Current thread:
- Re: Is predictable spam filtering a vulnerability? (silently dropping messages), (continued)
- Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Seth Breidbart (Jun 25)
- Re: Is predictable spam filtering a vulnerability? Ilya Sher (Jun 18)
- Re: Is predictable spam filtering a vulnerability? Gadi Evron (Jun 19)
- Re: Is predictable spam filtering a vulnerability? krispykringle (Jun 21)
- RE: Is predictable spam filtering a vulnerability? Romulo M. Cholewa (Jun 19)
- RE: Is predictable spam filtering a vulnerability? Andrew Hunter (Jun 19)
- Re: Is predictable spam filtering a vulnerability? Crispin Cowan (Jun 22)
- [OT] Safe spam filtering methods (was: Is predictable spam filtering a vulnerability?) The Fungi (Jun 22)
- Re: Is predictable spam filtering a vulnerability? Phil Barnett (Jun 23)
- RE: Is predictable spam filtering a vulnerability? Lance James (Jun 19)
- RE: Is predictable spam filtering a vulnerability? David Brodbeck (Jun 25)