[Spambayes] Forged header?

Meyer, Tony T.A.Meyer at massey.ac.nz
Thu Feb 13 17:39:32 EST 2003

> It occurs to me that for a spammer to get past the entire filtering
> process, they simply need to include the  
> <X-Spambayes-Classification: ham; 0.00> header.  
> Even if the classifier runs, it's still 50-50 whether the further
> downstream processing (e.g. procmail) matches the "real" header or the
> bogus one. While pop3proxy.py has a "remove any
> X-Spambayes-Classification headers in the incoming mail" item in the
> TODO list, is there some equivalent in hammie/outlook land?

I don't know about hammie, but the Outlook plugin doesn't use the header.  The plugin sets an Outlook user-property field to the spam 'probability'.  A spammer couldn't get access to that without running code on the end-system, in which case there are more serious problems afoot!

=Tony Meyer

More information about the Spambayes mailing list