On Sun, Sep 23, 2018 at 09:15:33AM -0500, Dave Jones wrote: > > Keep in mind that these entries are usually subdomains that will not be > user/human mailboxes that can be compromised. These entries are verified to > be system-generated and have other rule hits making them trustworthy senders > that honor opt-out requests without harvesting/validating the email > addresses and handle abuse reports of their rogue customers.
I guess that makes sense since system-generated messages are more prone to FPs, perhaps being identical looking and mass sent. But lets say we take for example the 5 biggest banks, healthcare or insurance companies in some country (Finland? I trust them to be competent enough. :-D). What are the chances of someone hijacking a mailbox there and sending masses of spam? They can't even anonymize themselves. Or if they tried to impersonate someone, what difference would SA default whitelisting make? Very likely custom phishing would not be caught in any filters anyway, unless foolishly having some uribl links etc. If backgrounds are checked carefully, I don't think there is much difference in whitelisting system or user domains. Someone could as easily hack a mass-mailer account. It would be nice to create to guidelines on what to check if considering adding something, and not having a private backend to utilize.. For example, if this is the SPF record: include:spf.messagelabs.com include:_spf.anpdm.com ip4:194.9.95.111 -all That does have quite many loopholes, even though you see reputable companies handling the mail. Would this be considered safe for whitelisting then? Of course there is DNSWL etc which can be utilized. -hk
