[Spambayes] Forged header?

Tim Stone - Four Stones Expressions tim at fourstonesExpressions.com
Wed Feb 12 22:43:52 EST 2003

2/12/2003 10:36:35 PM, Frank Horowitz <frank.horowitz at csiro.au> wrote:

>It occurs to me that for a spammer to get past the entire filtering
>process, they simply need to include the  
><X-Spambayes-Classification: ham; 0.00> header.  
>Even if the classifier runs, it's still 50-50 whether the further
>downstream processing (e.g. procmail) matches the "real" header or the
>bogus one. While pop3proxy.py has a "remove any
>X-Spambayes-Classification headers in the incoming mail" item in the
>TODO list, is there some equivalent in hammie/outlook land?

The tokenizer will ignore most of the headers in an email, including that one.  
This is not only for the reason you state, but also that they add no value to 
the classification.  The classification is extremely accurate, and most all of  
the tweaking/twiddling/scheming around such things that was done during the 
research phase proved to either have no effect on the outcome, or to add 
expense to it in terms of performance and/or false positive/negative.

What we are now watching closely is how spam will evolve.  Certainly spammers 
will try to come up with schemes to defeat bayesian filtering.  Let the real 
war commence!  - TimS

>	Frank
>Spambayes mailing list
>Spambayes at python.org

c'est moi - TimS

More information about the Spambayes mailing list