SUMMARY: Would there be benefit (that wouldn't be terrible to code) in adding the ability for use to assign a score to emails that match a list of DKIM signature identities?
The DKIMWLAddress and DKIMNPAddress functionality has been an absolute game changer here. Thank you so much for implementing that (it was my idea, but we all know that I could never code such a thing). I've combined that functionality with closely monitored SenderBase lists to dramatically improve ASSP's accuracy. One place where Senderbase shines is it's scoring ability for bulk senders. For example, I can give anything that Senderbase says is coming from constant contact's network a -10 score, by adding it into whiteSenderBase like ^constantcontact\.com$=>-10 I don't want to blindly let through constant contact signed messages, but if it's coming from their network, make it a little easier for messages to pass through. That's worked well for a long long time. Recently, I'm seeing several bulk senders having legitimate messages DKIM signed by the bulk sender them, but being sent through Amazon AWS ( amazonses.com) and is classified by senderbase as being Amazon / amazonses.com. There's a lot of volume coming in from amazonses.com, but unfortunately, it's a mix of perfectly legitimate messages and others that are pure garbage. So that takes Senderbase off the table. Coming from amazonses shouldn't impact the score either way. And I can't DKIMWLAddress the signature, then bad stuff would absolutely get through. An example is Square, the credit card processor and software company. They send mail, DKIM signed @squaremktg.com on behalf of clients. Most mail from square is good, but sometimes it gets spammy, just like we see with mail from other bulk senders. Real world, I paid for a car wash using their mobile payment platform, I received the receipt and later got an email with a promotion from the car wash. All good. The provider's signature was in DKIMWLAddresses. Today, I received an advertisement from them for what is apparently a "gentleman's club" next door, offering a complimentary car wash (I took that literally) for visiting the establishment. The language in that email would have absolutely had it rejected if it hadn't been on DKIMWLAddresses. Worse, it wound up in the not-spam corpus. So, I'd like for certain DKIM signatures to be able to SCORE. DKIM scoring would help it get through (or make it harder depending on the score) without automatically passing it and adding it to the corpus like DKIMWLAddresses does. That would let me give the message a negative score based on the DKIM but still let Bayesian/HMM and other features stay in play to score the message further. Conceptually, I could see this working similarly to senderbase. There would be a default valance like dkimBonusValancePB set to a default of -25 Then we'd have a list, maybe called DKIMBousScoreList. Like DKIMWLAddresses, it would match the end of the validated DKIM identity, but also accepts a score override: (@|.)squaremktg.com <--- gets the default of -25 (@|.)someUsuallyOKsigner.com=>-12 <-- gets -12 for a score (@|.)prettygood.com=>5 <--- gets 1/5 of the default -25 -25/5 = -5 (@|.)UsuallyBad.com=>-5 <-- this isn't a bonus, a negative default divided by a negative is a positive. it will be -25/-5 or adding 5 to the score >From a management standpoint, it would certainly be easier to "just" be able to assign an optional 2nd parameter to DKIMWLAddresses that would score instead of whitelisting, but I feel like that could be too big of a coding project. I tried to come up with a way to accomplish the same thing based on DKIM signature, but came up very short. I know I could ignore DKIM and just score based on the from line, but I really appreciate the certainty that DKIM gives that the message is really from that organization. What do you think? Would a DKIMBousScoreList feature have universal appeal?
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
