|Summary:||autowhitelist easily spoofed|
|Product:||Spamassassin||Reporter:||don taber <dtaber>|
|Component:||Rules||Assignee:||Craig Hughes <craig>|
Description don taber 2002-02-04 12:35:06 UTC
If a user sends himself email, his own address will be in the autowhitelist. Then if a spammer simply includes that address in the (forged) From field, it will get through thanks to the default score of -100. Easy enough to fix for a unix person willing to read the configuration docs, but such an easy spoof should not work against the default configuration. Other than that, thank you very, very much for a great program. I am EXTREMELY pleased.