> > > > welcomelist_auth *@paypal.com [2] > > blocklist_from *@paypal.com [2] > > the dkim is imho 100% invalid, there missing important headers dkim > signed, eg message-id, doh, reuse forgin is very simple then >
Should all paypal email have a return-path/envelope sender address as paypal.com? DKIM is based on the From address, so if it passes DKIM_VALID_AU, doesn't that mean the From address (serv...@paypal.com) is authenticated? Can I use spamassassin -D on an email I've already received to confirm DKIM signature? > for spamassassin we could add selector blacklistning to solve thease > cases > > if i get the whole email unedited i can make a yara rule to catch it > I will forward it to you separately. I'd be interested in hearing more about blocking based on DKIM selector. Do you have more information on this? I'm aware of yara rules, but can you share more about how you would do this as it applies to SA and how to create the signatures? Is this really any better than reporting to DCC/pyzor/razor and/or clamav or other signature services?
