antispamsniper.com Forum Index antispamsniper.com
The reliable anti-spam protection
 
 FAQFAQ   SearchSearch     ProfileProfile   Log inLog in   RegisterRegister 

Spoofed Friendly Address

 
Post new topic   Reply to topic    antispamsniper.com Forum Index -> AntispamSniper for TheBat!
View previous topic :: View next topic  
Author Message
GJim



Joined: 07 Feb 2007
Posts: 5
PostPosted: Thu Dec 13, 2007 1:25 pm    Post subject: Spoofed Friendly Address Reply with quote
I'm getting a bit of SPAM that has a 'spoofed' 'From' address that matches an address in my 'Friendly' list. It's an address that is associated with a web info submission form of an organization to which I belong -- I'm one of the intended recipients of the form info. The messages aren't coming via the web-form, just as regular EMail messages with the spoofed address. The particular entry in my 'Friendly' list is a 'catch-all' (*@xxxx.org).

Does ASS always check the 'Friendly' list first, and give a passing grade to anything that matches?

Any ideas on how to filter for such occurrences?

AtDhVaAnNkCsE

G'Jim c):{-
Back to top
View user's profile Send private message
vetaltm
Author


Joined: 05 Feb 2006
Posts: 748
PostPosted: Fri Dec 14, 2007 8:45 am    Post subject: Reply with quote
This address should be deleted from the whitelist, because by default the plug-in classifies and learns all messages from the whitelisted addresses as ham.

To prevent the plug-in from adding the sender addresses to whitelist and blacklist, you can turn off the option 'Add friends automatically' on Filtering tab. Or delete this address from the whitelist and blacklist manually after training the plug-in on the messages from 'catch-all' address.

In general, the situation when spam and ham arrive from the same address is unusual. It makes sense to add some spam protection to your webform (captcha or javascript for example), or at least set the different "from" addresses for each request. The simplest method is adding the mandatory field 'E-mail' on the webform, and using this address in From for generated email messages. Even if the requests are impersonal and don't require answers, it is possible to generate unique From addresses (e.g. userxxx@xxxx.org) for each webform message. This would allow the plug-in to distinguish the different messages.
There is a third way, allowing using the internal plug-in features for avoiding the whitelist issues for the webform messages. Add the header field "List-id: *@xxxx.org" to each webform message. The plug-in uses a separate way for filtering the mailing list messages, even with the same From field. List-id value is used instead of From in this case. When both spam and ham messages arrive from the same mailing list, the plug-in assigns the name '#untrusted#' to the correspondent whitelist address and stops using the whitelist during classifying the messages with the specified List-id.
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    antispamsniper.com Forum Index -> AntispamSniper for TheBat! All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group