View previous topic :: View next topic |
Author |
Message |
GJim
Joined: 07 Feb 2007 Posts: 5
|
Posted: Thu Dec 13, 2007 1:25 pm Post subject: Spoofed Friendly Address |
|
|
I'm getting a bit of SPAM that has a 'spoofed' 'From' address that matches an address in my 'Friendly' list. It's an address that is associated with a web info submission form of an organization to which I belong -- I'm one of the intended recipients of the form info. The messages aren't coming via the web-form, just as regular EMail messages with the spoofed address. The particular entry in my 'Friendly' list is a 'catch-all' (*@xxxx.org).
Does ASS always check the 'Friendly' list first, and give a passing grade to anything that matches?
Any ideas on how to filter for such occurrences?
AtDhVaAnNkCsE
G'Jim c):{- |
|
Back to top |
|
|
vetaltm Author
Joined: 05 Feb 2006 Posts: 751
|
Posted: Fri Dec 14, 2007 8:45 am Post subject: |
|
|
This address should be deleted from the whitelist, because by default the plug-in classifies and learns all messages from the whitelisted addresses as ham.
To prevent the plug-in from adding the sender addresses to whitelist and blacklist, you can turn off the option 'Add friends automatically' on Filtering tab. Or delete this address from the whitelist and blacklist manually after training the plug-in on the messages from 'catch-all' address.
In general, the situation when spam and ham arrive from the same address is unusual. It makes sense to add some spam protection to your webform (captcha or javascript for example), or at least set the different "from" addresses for each request. The simplest method is adding the mandatory field 'E-mail' on the webform, and using this address in From for generated email messages. Even if the requests are impersonal and don't require answers, it is possible to generate unique From addresses (e.g. userxxx@xxxx.org) for each webform message. This would allow the plug-in to distinguish the different messages.
There is a third way, allowing using the internal plug-in features for avoiding the whitelist issues for the webform messages. Add the header field "List-id: *@xxxx.org" to each webform message. The plug-in uses a separate way for filtering the mailing list messages, even with the same From field. List-id value is used instead of From in this case. When both spam and ham messages arrive from the same mailing list, the plug-in assigns the name '#untrusted#' to the correspondent whitelist address and stops using the whitelist during classifying the messages with the specified List-id. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|