Whitelist in dcc

Vernon Schryver vjs@calcite.rhyolite.com
Mon Jun 24 15:26:45 UTC 2002


> From: "Cottereau Laurent" <laurent.cottereau@cs.tcd.ie>

> ...
> I thought the From: line of an email could be forged (and the spammer
> always do it). So i don't understand how the whitelist can work with
> effectiveness. It seems that the spammer could customize the From:
> header in the same way it customizes the subject and body with your
> names, etc...
> ...


The sample white list in the DCC source is widely used and among the
most popular of the DCC web pages, but I've not heard of any spammer
using its contents in forged headers.  Many spam filtering systems
involve white lists.  A spammer could subscribe to the CERT mailing
list to see how that mail looks, use that value, and reasonably expect
to bypass many filters, but I've not heard of any spammer doing that
sort of thing for years.  Spam with forged envelope or header From
values has become relatively rare.  A significant fraction of spam
carries envelope or header From values that are invalid, but it is
usually entirely bogus or points to a free mail provider drop-box.
I theorize that is because really forging return addresses is everywhere
discouraged and a crime in many jurisdictions.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.