Justin Mason wrote: > Theo Van Dinter writes: > >> >> It depends on your SA version. It used to be 256k, but apparently 3.2 >> upped it to 500k. >> >> >>> not be an issue. These messages are well below 256M. milter-spamc >>> only sends down the first 64K of the message in fact. >>> >> Wow, that would be pretty broken IMO. >> > > Strongly agreed. It's trivial for spammers to rewrite HTML email to > contain innocuous content for the first 64K, 128K, 2M or whatever, > then replace it with spammy content, using CSS. > > --j. >
Well, I agree, but it is also pretty easy for them to send messages over 64k, 128, 256k, whatever in order to bypass scanning entirely, as spamc does. This IMO, is actually worse as they're now guaranteed to not be tagged as spam. At least with truncation you get header scanning, and possibly some useful body scanning. Both suck, and are easily abused by spammers, but at least truncation isn't a sure-fire whitelist. Of course, truncation has its negative side effects as well, like FPs on missing mime boundaries, etc, but strictly from the perspective of spammers "stuffing" their mail, the existing spamc behavior is worse.