>R> The BADHEADERS test only will catch mail with malformed headers, so it
>R> won't catch any legitimate mail, unless it was sent from a broken mail
>R> client (in which case it is likely the mail would get deleted somewhere
>R> along the line, or otherwise wouldn't make it to the intended recipient).
>
>Like others, we have experienced that this does catch legitimate
>mail generated by CGIs and the like. We have to back off this as
>it was capturing CGI that was from our machines as well as a few
>others.
FYI, we strongly recommend that people in this situation fix the problem
(the broken headers being generated by the CGIs), rather than patch the
symptoms (turning off the BADHEADERS test or whitelisting the web servers
sending these mails).
The reason for this is that the E-mails have a good chance of getting lost
(such as when an invalid time zone is used, and the mail client can't sort
the E-mail by date), or deleted (by a mail server or client that thinks it
is spam, or just can't handle the broken headers).
>We tested the weighting feature over the holidays and found this
>to be really wonderful. Like your email indicated Scott, that you
>were able to capture about 95% of all spam, we have had similar
>results and were able to back off the delete SpamCop we used before.
>Properly tweaked we found this to be one of Declude's most powerful
>features.
Thanks -- this is something that we will be working on some more, and it
should be very powerful.
>We have had to whitelist some with this new configuration. I suppose
>whitelisting could be used to qualify BADHEADERS as long as you know
>the IPs or FROMs of the originating CGI..?
Yes, whitelisting can be used to handle that (although as mentioned above,
it's not the best solution). The best way is to whitelist the IP address,
to help minimize the chances that a spammer will spoof the whitelisted
"From" address.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". You can E-mail
[EMAIL PROTECTED] for assistance. You can visit our web
site at http://www.declude.com .
