http://bugzilla.spamassassin.org/show_bug.cgi?id=3417
------- Additional Comments From [EMAIL PROTECTED] 2004-05-27 22:10 ------- > AWL could be forged by checking active state of email accounts. > BAYES rules can be forged by sending anekdots or japan hoku. > SPF and my rule can be forged by seaching "right" emails. I think the points about these could be made more explicit. AWL can no longer be forged since we added the Received header to the information along with the From address. A spammer not only has to use a valid >From address that you receive ham from (assuming they can customize the spam to you that way) but it has to come from the same server that your ham from that email address comes from. BAYES cannot be forged by sending jokes or haiku unless a large portion of your ham consists of similar jokes or haiku. Bayes looks for words that are common only in your ham or only in your spam. Random infrequently seen words are not used. A spammer would need to have access to your personal Bayes database to be able to forge ham. SPF is not a ham rule. A message can fail the SPF test, which detects spam, or it can pass, which scores -0.001 to allow it to be used in a meta rule, or the result can be unknown. I'm not sure what you mean by forging by 'searching "right" emails' but if you think that a spammer can just copy headers from good email, that's wrong. The test looks for "trusted relays" and does not believe the information from untrusted ones. So spf_pass cannot be forged. It is possible for a spammer to send spam through a server that is properly configured with SPF, and that mail would still be spam. That's why it is not a ham rule. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
