You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Paul Andrews <pa...@prospeed.net> on 2006/12/28 22:27:40 UTC

whitelisting "from" and not "return path" addresses

HI,
After whitelisting my own email address, it seems that spammers will frequently put my own email address in the "return path" but not in the "from". Is it possible for Spam Assassin to make a distinction between the two so that it will block such messages?  Below is an example of such headers.

----------------------

Return-Path: <pa...@prospeed.net>
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on mail.prospeed.net
X-Spam-Level: 
X-Spam-Status: No, score=-75.6 required=4.7 tests=BAYES_80,EXTRA_MPART_TYPE,
 FORGED_RCVD_HELO,FUZZY_OCR,HTML_90_100,HTML_IMAGE_ONLY_08,
 HTML_MESSAGE,MIME_HTML_MOSTLY,RCVD_HELO_IP_MISMATCH,RCVD_IN_SORBS_WEB,
 RCVD_IN_XBL,RCVD_NUMERIC_HELO,UNPARSEABLE_RELAY,USER_IN_WHITELIST 
 autolearn=no version=3.1.7
Received: from 82.79.197.4 (86-122-136-2.rdsnet.ro [86.122.136.2] (may be forged))
 by mail.prospeed.net (8.13.6/8.13.6) with ESMTP id kBSKH6sn023009
 for <pa...@prospeed.net>; Thu, 28 Dec 2006 15:17:07 -0500
Received: from fm-bank.com.s8b2.psmtp.com (port=6583 helo=upmydjbtqx)
 by 82.79.197.4 with smtp
 id 8fRjB-boT0U-56
 for pandrews@prospeed.net; Thu, 28 Dec 2006 22:17:10 +0200
Message-ID: <00...@upmydjbtqx>
From: "Leonard West" <sc...@fm-bank.com>
To: pandrews@prospeed.net
Subject: wicked shall not; that he his wages be in sending a
Date: Thu, 28 Dec 2006 22:17:10 +0200
MIME-Version: 1.0
Content-Type: multipart/related;
 type="multipart/alternative";
 boundary="----=_NextPart_000_000C_01C72ACD.E74AF4E0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2871
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2871


Thanks,
Paul

Re: whitelisting "from" and not "return path" addresses

Posted by JamesDR <ja...@trusswood.net>.

Paul Andrews wrote:
> HI,
> After whitelisting my own email address, it seems that spammers will 
> frequently put my own email address in the "return path" but not in the 
> "from". Is it possible for Spam Assassin to make a distinction between 
> the two so that it will block such messages?  Below is an example of 
> such headers.

You'd not want to just whitelist your name, you'd want to tie it to 
something, like if you auth'd (not sure how to do this), SPF 
(whitelist_from_spf), or ip (whitelist_from_rcvd).

It is very easy for spammers to use your email as the 'sender'. Another 
option is to (just shots in the dark) to override the whitelist (+100 or 
so) when the mail is from you... to you. I'm not sure how one would do 
this. But these are all ideas.

-- 
Thanks,
James