Karsten =?ISO-8859-1?Q?Br=E4ckelmann?= writes: > On Mon, 2008-02-18 at 09:51 -0800, Philip Prindeville wrote: > > Daryl C. W. O'Shea wrote: > > > Philip Prindeville wrote: > > > >> Yeah, I'll talk to the Outlook folks, and file a bug against > > >> Thunderbird... (I think the latter only does it to be compatible with > > >> the former...) > > > > > > Yeah, good luck with that. > > > > > > Do you really have an issue with SA, or is it just that you're pissed > > > off that somebody rejected spam sent to their abuse account and you're > > > taking your frustration out on how SA detected that spam? > > > > I don't like going down the slippery slope of "Well, it's not really an > > URI, but Outlook treats it like one, so we will too." (substitute URI > > and Outlook with an number of alternate permutations here). > > > > Half of the security holes that viri, etc. exploit probably exist > > because of woolly-minded thinking and bent definitions like that in the > > first place. So what could be a well-intentioned attempt to make things > > better just ends up making them worse. > > While this might be true, it is entirely irrelevant. > > SA is a security and privacy tool. The users are exposed to the threat > by their MUAs, and SA is here to protect them. > > There is no point in arguing over MUA behavior. Whatever they do that > exposes the users to a risk, SA needs to do, too.
Exactly -- this has been a design principle of SpamAssassin for quite a while... --j.
