Bug 3430 - HABEAS_SWE rule is trivially forged and should be off by default
Summary: HABEAS_SWE rule is trivially forged and should be off by default
Status: RESOLVED FIXED
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (show other bugs)
Version: 2.63
Hardware: PC Linux
: P5 normal
Target Milestone: 3.1.0
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-05-26 11:48 UTC by George Caswell
Modified: 2004-05-26 04:08 UTC (History)
0 users


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description George Caswell 2004-05-26 11:48:42 UTC 
Anyone who wishes to send spam and defeat Spamassassin filtering with a high
success rate need only include the Habeas SWE haiku in their mail headers.  The
SWE header is completely static and well-known, so any spammer targeting
Spamassassin can include the header and get an 8 point bonus - enough to
obfuscate a message to the point Spamassassin can't read it well and still
receive a passing score.
Comment 1 Justin Mason 2004-05-26 12:08:13 UTC 
fixed in 3.0.0.   I'd mark this a dup of the bug in question, but I can't find it ;)