Bug 6157

Summary: remove open-whois.org rules since domain is cybersquatted
Product: Spamassassin Reporter: Justin Mason <jm>
Component: RulesAssignee: SpamAssassin Developer Mailing List <dev>
Severity: major CC: gary.corrales, jm
Priority: P1    
Version: 3.3.0   
Target Milestone: 3.3.0   
Hardware: All   
OS: All   

Description Justin Mason 2009-07-18 13:15:53 UTC

affects both 3.2.x and 3.3.0:

: 341...; grep -r open-whois rules
rules/72_active.cf:header          DNS_FROM_OPENWHOIS  eval:check_rbl_envfrom('openwhois', 'bl.open-whois.org.')
rules/72_active.cf:describe        DNS_FROM_OPENWHOIS  Envelope sender listed in bl.open-whois.org.
rules/72_active.cf:urirhssub       WHOIS_1AND1PR       bl.open-whois.org.  A
rules/72_active.cf:urirhssub       WHOIS_AITPRIV       bl.open-whois.org.  A
rules/72_active.cf:urirhssub       WHOIS_CONTACTPRIV   bl.open-whois.org.  A
rules/72_active.cf:urirhssub       WHOIS_DMNBYPROXY        bl.open-whois.org.  A
[... etc.]

we need to remove these rules immediately.
Comment 1 Matt Kettler 2009-07-18 19:50:31 UTC
+1 on removing them in the swiftest manner possible, and publishing the updated rules to sa-update.

Clearly this give the squatter the potential to influence SA's accuracy. Not really to their own benefit, but they could cause problems for SA users (false positives).
Comment 2 Justin Mason 2009-07-20 07:24:06 UTC
committed, pushed to 3.2.x updates as of r795855.
Comment 3 Gary C 2009-07-21 05:03:01 UTC

Has this issue been solved? When I run my Spamscore it keeps appearing:

2.43 because of the oepn-whois.org blacklist

Can you give me a hand?

Comment 4 Justin Mason 2010-04-01 10:21:20 UTC
(In reply to comment #3)
> Has this issue been solved? When I run my Spamscore it keeps appearing:

hi -- it is fixed in SpamAssassin, yes.  please ask whoever provides the "Spamscore" service to upgrade their copy of SpamAssassin in turn.