Robert, > would rules that hurt unsigned or invalid signature email from these > domains be worthwhile, since they are a target for phishing emails
Yes, quite worthwhile. Those covering yahoo, gmail, ebay and paypal are already in 25_yg.cf (as posted yesterday). Note that I'm only adding 2.8 points for unsigned (and failed signature) mail from yahoo and gmail, as some people still post directly, without going through their free mail provider's mailers. Penalizing score other domains like ebay and paypal can be much higher. I'm not receiving noticable amount of spam claiming to be from amazon.com, cisco.com, alert.bankofamerica.com, cnn.com, skype.net and similar domains which do sign all their mail, so I don't have yet any rules for them. But it is worth to keep an eye on these and similar domains and act when phishing mail or spam starts ariving claiming to be from such domains. As more phishing-target domains start signing, it will be necessary to add rules for them. I hope the ASP (author signing policy publishing) catches up in a near future, eliminating a need to manually add penalizing rules. Mark ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/