[SURBL-Discuss]
{Spam?} RE: Another Possible FP and header parsing issues
Rob McEwen
webmail at powerviewsystems.com
Thu Aug 12 09:51:43 CEST 2004
I have a two-part question:
(1) header parsing issues...
I was reading a web site discussing an implementation of SURBL on the
IceWarp web server (using a third party add-on). One person complained that
there are too many false positives when submitting IPs and domains found in
the header of the e-mail. They felt like ONLY the body of the message should
be examined. I see good arguments both ways. For example, parsing the header
can catch spam which was originally sent to one place, but then forwarded to
another. On the other hand, actual affiliate URLs would only normally occur
in the body of the message. Any thoughts or suggestions?
(2) Another Possible FP...
This person was asked to give an example of a message which shouldn't have
been blocked and which would have gone through if the header wasn't parsed.
They provided an example which had the following line in the header:
Message-ID: <000b01c47f1a$e02f73e0$0200a8c0 at MUNGED-callatg.com>
The offending domain was MUNGED-callatg.com
Therefore, I must ask, could MUNGED-callatg.com be a FP? The reason I
suspect so is because they mentioned that this company is a division of GE.
Please check on this.
More information about the Discuss
mailing list