On 2024-02-06 at 21:52 +0100, Andreas Schamanek wrote: > Thanks, that's the aspect my foggy brain missed. It only matters for > those who check URIs, especially if found in the body, or more > precisely the IPs of the hostnames of these URIs. > > (...) > > So, I still got questions :) like why did these IPs end up on SBL in > the first place, and why does Spamhaus check against them?
Since you noticed this, you must be receiving emails containing urls to fonts.googleapis.com (most probably inside some CSS rule to explicitly set an specific typeface). Just like whoever is sending you this, some spammers will be doing the same. And thus, fonts.googleapis.com ends up listed. I see little reason to hotlink a font in an email, but either those doing that care a lot about the typeface, or they are blindly copying their website CSS which contains those urls. Checking of the urls included in the mail was probably intended for linkable urls (and, maybe, images), but if the email contains more urls, checking them is one more point that can be used on the war of discerning ham from spam. I think there is a spamassassin setting you could use so that fonts.googleapis.com bypass the filter. Regards _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop