On Sun, Sep 23, 2018 at 12:36:41PM -0000, [email protected] wrote: > > More trusted senders from system-generated subdomains that aren't user > mailboxes that can be compromised. > > Modified: > spamassassin/trunk/rules/60_whitelist_auth.cf > > ... > +def_whitelist_auth *@*.bebe.com > +def_whitelist_auth *@*.homeadvisor.com > +def_whitelist_auth *@*.handsonaswegrow.com > +def_whitelist_auth *@*.in.gov > +def_whitelist_auth *@*.oldchicago.com > ...
I'm curious, are there guidelines on what can be added here? How are these lists generated? Who verifies and checks that old domains don't age and go to some spammers etc? Most of the listed stuff seems pretty pointless for general population. Paypal and other _globally_ known services make sense. Should we encourage committers to add lists of say local banks and government institutions? I would have plenty, but I don't know if it's SpamAssassins purpose to be a global reputation service with all the maintenance work it requires. -hk
