I told you to score such domains elsewhere - just do it and the result is the same like you wanted.
for example: bombHeaderRe: \nDKIM-Signature:(?:[ \t]*[^= \;]+=[^= \;]+\;(?:\r\n)?)+?[ \t]*([di]=\@?( The_Wanted_IDENTITY))\;=>the_wanted_negative_score currently the (?(DEFINE).......) is not working with assp (is destroyed if a-d-n-o-r is not set for the file) - but the next version will do it - and you can use: (?(DEFINE)(?<IDENTITY10>the_wanted_identity |ident2|ident3|......))\nDKIM-Signature:(?:[ \t]*[^= \;]+=[^= \;]+\;(?:\r\n)?)+?[ \t]*([di]=\@?(?&IDENTITY10))\;=> the_wanted_negative_score - e.g. -10 (?(DEFINE)(?<IDENTITY20>the_wanted_identity |ident5|ident6|......))\nDKIM-Signature:(?:[ \t]*[^= \;]+=[^= \;]+\;(?:\r\n)?)+?[ \t]*([di]=\@?(?&IDENTITY20))\;=> the_wanted_negative_score - eg -20 ... CLOSED for me Thomas Von: "K Post" <nntp.p...@gmail.com> An: "ASSP development mailing list" <assp-test@lists.sourceforge.net> Datum: 05.11.2021 20:03 Betreff: Re: [Assp-test] Another Concept Question: DKIMBousScoreList Having the dkimBonusScoreList would be like applying dkimBonusValancePB but ONLY for those that DKIM validate AND are on the scorelist. Here's why I think that would be helpful and what you proposed could be problematic. Essentially: I'm thinking: "look, this organization usually sends good stuff, but not always. They might also have people sending non-dkim signed messages through a myriad of channels. Deal with them separately, but if we KNOW it's from them because of their DKIM signature, help that message get through with the idea that it'll be stored in okmail unless whitelisted through something other than dkim." > there is already dkimOkValencePB - increase it But a high percentage of all messages that are received, spam and not, have valid signatures. I don't think we should use that to give a bonus regardless of who the signer is. All gmail messages are signed, almost everyting from office365. Yes, I could do a univieral bonus then reduce gmail and onmicroosft.com, but that doesn't get 365 users with their own signatures and all of the millions of other domains out there. It was one thing when DKIM signing was a new concept and only legit businesses signed messages. Now that most senders are signing, giving a bonus would let an awful lot of spam slip through under the rejection scoring threshold. >reduce the score for certain domains by blackListedDomains, SenderBase or anywhere else - if needed Senderbase won't work for those using AWS as an example - too many spammers use them, so adding to senderbase can't be negated using blacklist/bombs, etc because I obviously don't know all of the bad senders using AWS. I could reduce the score based on a BombRe match on squaremktg, but then I'm reducing when I haven't validated the signature. It would probably work for this specific example, but it would be generally helpful to be able to reduce the score on a message based solely on the signature when I'm sure they're actually the sender Dare I say that I'm in love with DKIM? Would it be life changing like DoDKIMWLAddresses? No absolutely not, but if it's not a major task to add the functionality, I think there would be wide appeal. I >>almost<< want to suggest that the dkimBonusValancePB feature be removed altogether. I can't think of a scenario where you'd want to give a bonus universally just because a message has a valid signature from anyone. Same thing for the SPF pass bonus and it's default of -10!!! I'm sure there are people using one or both, I just can't think of a scenario in which it's a good idea. On Fri, Nov 5, 2021 at 10:37 AM Thomas Eckardt <thomas.ecka...@thockar.com > wrote: Another useless post about concepts without reading the manual. >dkimBonusValancePB there is already dkimOkValencePB - increase it and reduce the score for certain domains by blackListedDomains, SenderBase or anywhere else - if needed Thomas Von: "K Post" <nntp.p...@gmail.com> An: "ASSP development mailing list" < assp-test@lists.sourceforge.net> Datum: 04.11.2021 22:38 Betreff: [Assp-test] Another Concept Question: DKIMBousScoreList SUMMARY: Would there be benefit (that wouldn't be terrible to code) in adding the ability for use to assign a score to emails that match a list of DKIM signature identities? The DKIMWLAddress and DKIMNPAddress functionality has been an absolute game changer here. Thank you so much for implementing that (it was my idea, but we all know that I could never code such a thing). I've combined that functionality with closely monitored SenderBase lists to dramatically improve ASSP's accuracy. One place where Senderbase shines is it's scoring ability for bulk senders. For example, I can give anything that Senderbase says is coming from constant contact's network a -10 score, by adding it into whiteSenderBase like ^constantcontact\.com$=>-10 I don't want to blindly let through constant contact signed messages, but if it's coming from their network, make it a little easier for messages to pass through. That's worked well for a long long time. Recently, I'm seeing several bulk senders having legitimate messages DKIM signed by the bulk sender them, but being sent through Amazon AWS ( amazonses.com) and is classified by senderbase as being Amazon / amazonses.com. There's a lot of volume coming in from amazonses.com, but unfortunately, it's a mix of perfectly legitimate messages and others that are pure garbage. So that takes Senderbase off the table. Coming from amazonses shouldn't impact the score either way. And I can't DKIMWLAddress the signature, then bad stuff would absolutely get through. An example is Square, the credit card processor and software company. They send mail, DKIM signed @squaremktg.com on behalf of clients. Most mail from square is good, but sometimes it gets spammy, just like we see with mail from other bulk senders. Real world, I paid for a car wash using their mobile payment platform, I received the receipt and later got an email with a promotion from the car wash. All good. The provider's signature was in DKIMWLAddresses. Today, I received an advertisement from them for what is apparently a "gentleman's club" next door, offering a complimentary car wash (I took that literally) for visiting the establishment. The language in that email would have absolutely had it rejected if it hadn't been on DKIMWLAddresses. Worse, it wound up in the not-spam corpus. So, I'd like for certain DKIM signatures to be able to SCORE. DKIM scoring would help it get through (or make it harder depending on the score) without automatically passing it and adding it to the corpus like DKIMWLAddresses does. That would let me give the message a negative score based on the DKIM but still let Bayesian/HMM and other features stay in play to score the message further. Conceptually, I could see this working similarly to senderbase. There would be a default valance like dkimBonusValancePB set to a default of -25 Then we'd have a list, maybe called DKIMBousScoreList. Like DKIMWLAddresses, it would match the end of the validated DKIM identity, but also accepts a score override: (@|.)squaremktg.com <--- gets the default of -25 (@|.)someUsuallyOKsigner.com=>-12 <-- gets -12 for a score (@|.)prettygood.com=>5 <--- gets 1/5 of the default -25 -25/5 = -5 (@|.)UsuallyBad.com=>-5 <-- this isn't a bonus, a negative default divided by a negative is a positive. it will be -25/-5 or adding 5 to the score >From a management standpoint, it would certainly be easier to "just" be able to assign an optional 2nd parameter to DKIMWLAddresses that would score instead of whitelisting, but I feel like that could be too big of a coding project. I tried to come up with a way to accomplish the same thing based on DKIM signature, but came up very short. I know I could ignore DKIM and just score based on the from line, but I really appreciate the certainty that DKIM gives that the message is really from that organization. What do you think? Would a DKIMBousScoreList feature have universal appeal? _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test