bbs.spamgourmet.com

[Gauner]

I recognized mails adressed to anything of the type
website.com.username@spamgourmet.com
with "website" as exclusive sender come through with "website: addressed to exclusive sender for this address" added to the subject line.
But the email was sent from a different adress, the exclusive sender word "website" is NOT in the from, nor in the reply-to field!

Tests show, it lets EVERY Email adressed to website.com.username@spamgourmet.com through!

What is wrong?

Seems as if spamgourmet looks through the whole header for the exclusive sender word?
But this doesn't make sense, since the word will always be in the header, if the email is adressed TO it!?

Another test showed, even if I put the adress website.com.username@spamgourmet.com only into the bcc of an Email, the mail goes through!("website.com.username@spamgourmet.com" was somewhere in the header under "received: ... for ...")

Thanks for any help!

[josh]

The exclusive sender uses regex matching against the From: address and the To: address -- this feature was added so that spamgourmet users could subscribe to mailing lists that have different From: senders all the time, but the same To: address (the mailing list address, usually). A side effect of that is that the disposable address itself is matched if it is the To: address (which is often the case, of course).

[Gauner]

But this doesn't make sense at all! This totally makes the exclusive sender feature senseless, if my exclusive sender (i.e. the webpage I subscribe to) is contained in my disposable adress. And to put their name into my disposable adress on subscribing on a webpage is the main reason to use spamgourmet at all!
Only that way I can track back leaking adresses without making my own lists, on which keyword I gave to which domain.
I'm sorry, but this is really stupid...

Why is it called anyway exclusive SENDER, if it searches the RECEIVER as well!?

Any workaround for this?

My demand: DON'T let the exclusive sender pattern search through the RECEIVER!

[SysKoll]

Maybe you can solve the problem by not setting "website" as an exclusive sender for this address?

I understand the demand you formulate, but we have to balance that against the demands of our many mailing list users...

[Gauner]

Maybe you can solve the problem by not setting "website" as an exclusive sender for this address?

But then I have to manage a list, which adress I gave to which website... Way too much work for 335 + x disposable adresses...

Solution could be: Let the software check only for the exclusive sender word, but OUTSIDE the disposable adress itself.
I mean: If found the exclusive sender, check, if this match is NOT (part of) the disposable adress itself.

Then we would have satisfied both problems...

I hope, it will be implemented.

Until then: Can in the exclusive sender really the whole regex be used? Maybe, until the final solution, I could program it there by myself. But still, I would have to visit spamgourmet for every new adress, because normally I generate the exclusive sender by giving webite.domain.username@spamgourmet.com, in that way, the first senders domain is used. Then I would have to go to the adress config and exclude the adress itself... again quite an annoying work everytime.

Still thank You guys!

[SysKoll]

Would trusted senders (which are account-wide) solve your problem? Trusted senders only match the From part (Josh, correct me if I'm wrong).

[Gauner]

Would trusted senders (which are account-wide) solve your problem? Trusted senders only match the From part (Josh, correct me if I'm wrong).

No, not really, because 1. Again I would have to visit spamgourmet for every new disposable adress, 2. For Every Adress I have exactly 1 trusted sender, and that's the first who uses the adress, so he is automatically the exclusive sender (adress wide). account wide makes no sense for this case, because he uses only this adress.

[josh]

Is your spamgourmet username Gauner?

If so, let me know and I'll turn on a feature that prevents the code from matching recipients for the exclusive sender (yes, syskoll, I burned another prime number ).

If we ever get up the courage to do a terminology overhaul, we really need to come up with something better than 'exclusive sender' for that. "white-pattern"?

Gauner, don't you have to visit the site for every address anyway, so that you can shorten the automatically snarfed exclusive sender to be just the keyword portion of it?

[Gauner]

Is your spamgourmet username Gauner?

If so, let me know and I'll turn on a feature that prevents the code from matching recipients for the exclusive sender

Oh, yes, please, that would be nice.
Yes, gauner is my username.

If we ever get up the courage to do a terminology overhaul, we really need to come up with something better than 'exclusive sender' for that. "white-pattern"?

[x] yes

Gauner, don't you have to visit the site for every address anyway, so that you can shorten the automatically snarfed exclusive sender to be just the keyword portion of it?

Hmm, if I did get You right here:
The ...domain.username...-Feature adds the first sender's domain to the white-pattern (NEW TERM )
So, I have nor control over what gets in there, without visiting sg. And anyway, even if there is only the keyword, still it would match the adress itself!?
Maybe I didn't understand You right...?

[josh]

OK - I set up the feature for you. Let us know how it works.

If you sign up at a site called example.org, and you provide them a disposable like example.domain.[user]@spamgourmet.com, and they send you a message from welcome@example.org, then the exclusive sender / white pattern will be set to 'example.org' (but not just 'example')

later (even without the new feature), if someone sends a message from spammer@spam.example.com to that address, it won't match, because the string 'example.org' (yes, with a wildcard where the dot is) won't match either the sender or the address itself. Only in the case where you had visited the site and changed the exclusive sender / white pattern to 'example' would it match either the sender or the address (both, in this case). Does that make sense?

[Gauner]

OK - I set up the feature for you. Let us know how it works.

I will test it on friday, I have not much time right now.

later (even without the new feature), if someone sends a message from spammer@spam.example.com to that address, it won't match, because the string 'example.org' (yes, with a wildcard where the dot is) won't match either the sender or the address itself. Only in the case where you had visited the site and changed the exclusive sender / white pattern to 'example' would it match either the sender or the address (both, in this case). Does that make sense?

It sounds good (as a workaround). Thank You!

Still my feature request: I would consider it better, if the disposable adress itself simply is _always_ excluded from the results of the white pattern match.
Then I could use also simply the keyword and though also allow mails sent from subdomains of the allowed domain or from a different tld-ending, if it is nessesary, by telling just the keyword=domain (without ending) to the white pattern.

[josh]

Still my feature request: I would consider it better, if the disposable adress itself simply is _always_ excluded from the results of the white pattern match.
Then I could use also simply the keyword and though also allow mails sent from subdomains of the allowed domain or from a different tld-ending, if it is nessesary, by telling just the keyword=domain (without ending) to the white pattern.

A number of users (including me ) have set up things based on the exact opposite of that feature -- that is, that the match *will* include the address itself, so we'd need to take that into consideration.

[Gauner]

A number of users (including me ) have set up things based on the exact opposite of that feature -- that is, that the match *will* include the address itself, so we'd need to take that into consideration.

Hmm, but why? For what is it useful?

[mysticturner]

I just discovered this feature (which Gauner would consider a bug) and it solves a problem I've taken lots of grief over (from the wife). Our HOA sends out notices from several different people (including the women's club - see aforesaid wife) to a long list of addresses. The problem is that the sending list originates with several persons (who can change thier address at will) and who is on the list changes (new president gets elected for example).

Now I can take the HOA SG address and add that SG address as the exclusive sender (which really appears in in the receiver list), and we get all the email - from whomever sent it. But more importantly, (THE FEATURE) is that I never have to give out my real address. If the spammer's find this address by raiding someone, I'll change to a new SG address and close the first address down.

I guess that another way of saying it is that I can create unlimited addresses that I can close off later if I wish. The concept of an unlimited address is something that has been proposed by several people in the forums, but is not provided. This is a way to do it.

[josh]

That's pretty much it -- it's obscure and unobvious, because it must be -- our server couldn't handle a whole bunch of unexpiring addresses.