Okay, I'll mess around with negative scoring for the from header. That's a good idea which I should have thought of. Thank ou
On Thu, Nov 12, 2020 at 5:01 AM Thomas Eckardt <[email protected]> wrote: > >NO - an empty header field is a fault > > - disable the penaltybox for the connected IP > ... > ... there are more possible solutions in assp > ... > - score a nagtive value for the from header in bombHeaderRe > > Thomas > > > > > Von: "K Post" <[email protected]> > An: "ASSP development mailing list" < > [email protected]> > Datum: 11.11.2020 16:41 > Betreff: [Assp-test] Blank SENDER: header w/ valid from > ------------------------------ > > > > We've got an annoying insurance carrier that staff uses who sends emails > with a valid reply-to and from in the header along with a completely blank, > but there, SENDER header. > > TO: *[email protected]* <[email protected]> > FROM: [email protected] > SENDER: > SUBJECT: Claim documents > > This triggers invalid from and does some high scoring. There's no way the > insurance carrier can get me to their IT, so I've got to live with this. I > really like the high scoring for invalid from, that's usually scammers, but > with this one, it's just catching their lousy claims emailing system. > > I've seen this happen before, as one offs, but this is dozens of messages > a month like this from the insurer. > > Might it make sense in general to change ASSP to only evaluate header > fields that contain something other than spaces after the colon? I assume > that the RFC makes sender: (followed by nothing) invalid syntax, but it > appears that some automated systems are doing just that that. > > FROM empty + SENDER empty would still be cause for scoring, but an empty > header line (with only the field name: but nothing else after it), could > simply be ignored. > > What do you think? > > Thanks > ken > > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test >
_______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
