DavidMerrill wrote:Hi Jim,
Thanks for sharing your thoughts on this.
I wasn't clear on this statement?
Given you probably digitally sign your domains, it would be harder to spoof and an additional clause could strengthen against FN/FP's?
Hi David,
That was in reference to some pseudo-code you had written to strengthen those checks.
Code: Select all
header __RETURNPATH_FROM Return-Path =~ /\@examplel\.com|\@example\.net/i
header __SEARCHTERM ... list of stuff to search for
meta REPORT2USER_1 (!__RETURNPATH_FROM && !DKIM_VALID_AU && __SEARCHTERM)
score REPORT2USER_1 0.001
describe REPORT2USER_1 Warning this not allowed
I wonder if a zimlet that reported based on specific rules listed in
X-Spam-Status would provide enough flexibility without becoming a maintenance problem... you could add SA rules to trigger how or if you wanted it reported... ie. for subset of domains, foreign delivery, external urls, bad words, dangerous attachments, tracking, stealthy techniques like bayes busting text off the view-able screen, etc. In other words, anything you could write a SA rule for is potentially on the table to have the zimlet fire on and alert the user. The zimlet would then only need to check to see if its included rules are present and if so do something to alert the user. That would allow you to update the triggers without updating the zimlet. Just update the sauser.cf file. Could use a convention for the rules like 'Report2User_' that the zimlet searches for as the prefix to notify the zimlet to jump into action.
How would the zimlet report or alert the user to a trigger? Adding a tag to the email? adding some text before the message when the user viewed the email? Change the subject line, move it to a folder, lock it so it can 't be displayed. It would suffer from the problem that new rules would not be seen in previously processed email and that other MUA don't get the warnings. The benefit is you don't need an admin interface and the code for the zimlet would be much simpler as all it needs to do is search for X-Spam-Status header and perform some action should one of its rules be included.
I had written a zimlet 2-3 years ago that might be a starting point for me to experiment with. I don't remember where I left off other than this comment in the code. In fact, I feel like I have now forgotten everything I had learned about zimlets so that is par for the course these days with me.
Code: Select all
/**
* This zimlet checks for X-Spam-Score message header. The X-Spam-Score is displayed below the message subject when the message is opened.
*
*/
Still thinking out loud here or rambling a lot perhaps.
Jim