You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Jason J. Ellingson" <ja...@ellingson.com> on 2004/09/19 03:05:29 UTC
AWL DoS?
I'm sure someone thought of this, but I don't see it asked before... so...
=====
1) Person X regularly gets emails from Person Y (good friends)
2) Person Z is a bad guy... so he sends Person X a GTUBE email with a faked
FROM: address of Person Y.
3) Now, GTUBE scores a 1000 points, and gets set to the AWL database.
4) Future emails from Person Y to Person X now get tagged as spam since AWL
keeps bumping up the score because of the GTUBE that was sent earlier.
=====
I hope that makes sense...
I gotta think this isn't gonna happen... but anyone know if it can? If so,
I'm not going to enable AWL on my server.
------------------------------------------------------------
Jason J Ellingson
Technical Consultant
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
jason@ellingson.com