> Grayhat - I agree, and I haven't updated because of my concerns too. > > Thomas has addresses my main concern where ip addresses handed > out by isps are often on blacklists (PWL for example) since these IP's > shouldn't be sending email directly. They'll be in the recieved lines > a ways down, but that shouldn't cause negative scoreing. Thomas > changed ASSp to consider the PWL now, but was unsure if other > blacklists had separate lists or responses for this type of block. > Either way, it scares me.
Well, if you read http://www.spamhaus.org/zen/ and pay care to the section starting with a red "caution", you'll probably notice the following sentence "Do not use ZEN in filters that do any deep parsing of Received headers, or for anything other than checking IP addresses that hand off to your mailservers." the above isn't just true for spamhaus "zen" but for other lists too; see performing "deep parsing" may be ok for a client-side filter, since the user will then be able to revise what was incorrectly blocked and, if needed, restore it, but it's a hell when it comes to server-side filtering even if you have a mechanism like ASSP "blockreport"; let me try an example; let's say Mr. "John Doe" has an account on "gmx.net" and sends you a message; let's also say that the IP of John's connection is 84.10.247.86 Now; John writes his message and sends it using the gmx.net SMTP server and authenticating to the server with his username and password the gmx server will accept the message and try sending it your way; on your side, ASSP will pick the message and start the "deep parsing" The sending IP (gmx) will result ok, the parsing will go on and find the originating IP, that is 84.10.247.86 and... *bang* the email, a totally legit one, will be refused http://www.spamhaus.org/pbl/query/PBL042890 just because the originating IP was "listed" - now, I think it's clear why running "deep parsing" isn't, generally, a good idea and it's also the reason why I'm asking Thomas to make such a feature "optional" that is, allow to disable it if desired (while leaving the regular sending IP checks in place) ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1 _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
