On Wed, Aug 14, 2002 at 04:55:13PM +0300, Pekka Savola wrote: > > So people know what address to use when they want to spam the whole IETF > (just forge From: to be scoya@ietf.org or whatever, a couple of tries and > you're in.)? > > Not that it seems such a big secret now either.. Err, no. That's not how SpamAssassin works. It works based on looking at characteristics of mail messages, to see if they "look" like Spam. It's what many of us do automatically. For example if there is a HTML only body, and no text, I'm very likely to hit the 'D' key and go on, unless there's some very good reason why I think it might not be spam. Similarly, if the character set is Korean or Chinese or Japanese, I will also assume that it is spam, and likely hit the 'd' key very quickly. SpamAssassin merely automates this. What I was suggesting was that there are ways in which mail sent to the IETF Announce mailing list "looks" like spam. By making it look less like spam, it makes it easier for spam filtering tools to work. This is not a big deal; I can put in an explicit rule which whitelists the IETF announce list. But it's better if I don't have to do that, since then the whitelist gives the spammers something they can imitate, per your criticism above. (Not that IETF'ers represent a big enough market that spammers would be likely to try to hit us, in any case.) - Ted