https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6908
--- Comment #7 from David Hill <[email protected]> --- <<<SNIP>>> AWL base IP address is a way to identify the sender's IP address they frequently send from, in an approximate way, but remaining hard for spammers to spoof. The algorithm is as follows: - take the last Received header that contains a public IP address -- namely one which is not in private, unrouted IP space. - chop off the last two octets, assuming that the user may be in an ISP's dynamic address pool. <<</SNIP>>> If the last header is spoofed like it's the case, we AWL the wrong IP. So the code is doing exactly that. But I'm wondering, why aren't we taking the first hop instead? Spamming domains should be blacklisted from the internet IMHO and thus, putting it the other way around would naturally discriminate the spammy domains. They would have to take their spamming issues seriously if they are an ISP ... Or simply remove AWL because it's now exploitable ... but I "like" my patch ! If hotmail sends me half spam and half ham, theoritically, I would still get my mails. Don't you think? -- You are receiving this mail because: You are the assignee for the bug.
