Beta release 4.61.4
Matt Hampton
matt at coders.co.uk
Tue Jun 26 20:20:39 IST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Julian Field wrote:
> Quite possibly. Can you see any way around this problem?
>
> --[ UxBoD ]-- wrote:
>> Another question :) If you were to send a email to a mailing list, like
>> this one, could a spammer extract the watermark and spoof the to and from
>> address to bypass MailScanner ?
>
Avoiding top-posting ;-)
Yup they could.
When I wrote this originally it was for two mutually trusted servers to
be able to send messages to each other without having to scan the
message - this avoided IP spoofing etc.
My thoughts on this would be to
a) shorten the validity period
b) use a ruleset to stop the message being signed
c) change the options so:
Check Water Mark = Yes
If Water Mark Is Valid = Skip | Is-Definately-Not-High-Spam
Comments on this one???
matt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGgWcHAA2I10nBC+YRAqmWAJ9ap5dP5x1BKwMPgtkDaVLWoxZtZQCePH1l
HLLD1ZOyvnHumceBOLIBr3Q=
=Bg55
-----END PGP SIGNATURE-----
More information about the MailScanner
mailing list