[sanesecurity] Re: local.ign updates
- From: "Mark Valiukas" <Mark.Valiukas@xxxxxxxxx>
- To: <sanesecurity@xxxxxxxxxxxxx>
- Date: Wed, 24 Jun 2009 10:15:07 +1000
Tom Shaw wrote, regarding winnow.spam.ts.xmailer.hc.24
> I would love feedback from the folks on the list.
> The signature detects a violation of RFC 2821/2822
> on header line terminations. We have never has a FP
> on them although some on this list have.
(I have, and seem to recall having posted about it too...)
> I have kept the signature in due to its
> violation of RFC's however, if the community
> feel this is too agressive I will remove it
> from the public distro. Feedback?
Well... I've still got it in my local.ign, but I'm considering
re-enabling that signature.
My "False Positive" came when an external sender managed to misconfigure
Eudora in interesting ways.
How much does it catch in practice? If it catches relatively little, it
might be worth dropping. If it catches a lot of real junk I'd suggest
leaving it in, but if it mostly just catches people who break their
email client it's probably worth dropping, regardless of the RFC
violation.
Mark.
Other related posts:
