Re: New whitelisting trick using from and spf

On 03/06/17 15:22, David Jones wrote: From: Marc Perkel Sent: Monday, March 6, 2017 11:05 AM To: users@spamassassin.apache.org Subject: Re: New whitelisting trick using from and spf do you mean the header From: address? because anyone doing SPF does spf checks

Re: New whitelisting trick using from and spf

>From: Dianne Skoll >Sent: Monday, March 6, 2017 5:40 PM >To: users@spamassassin.apache.org >Subject: Re: New whitelisting trick using from and spf   >On Mon, 6 Mar 2017 23:22:00 + >David Jones wrote: >> Not good.  SPF should be checked against

Re: New whitelisting trick using from and spf

On Mon, 6 Mar 2017 23:22:00 + David Jones wrote: [...] > Not good. SPF should be checked against the envelope-from > address which is more trustworthy. Er... well. The envelope-from is not any more trustworthy than the header From:. But it *is* the thing the SPF spec say

Re: New whitelisting trick using from and spf

>From: Marc Perkel >Sent: Monday, March 6, 2017 11:05 AM >To: users@spamassassin.apache.org >Subject: Re: New whitelisting trick using from and spf >> do you mean the header From: address? >> >> because anyone doing SPF does spf checks does what you describe on the

List of legit mass mailers

Just wondering if anyone has - or in interested in - a list of legit mass mailing sources? There are many domains that remail/deliver for other domains that are 95%+ good email. And they are not perfect and sometimes they get scammed but are mostly good. Just wondering if anyone has a list

Re: New whitelisting trick using from and spf

On 03/06/17 04:19, Matus UHLAR - fantomas wrote: On 05.03.17 10:38, Marc Perkel wrote: Well, new to me. Maybe others have thought of this. Many domains send nothing but good email and if you whitelist them based on FCRDNS all is good. Been doing that. But ... Many domains send nothing

Re: New whitelisting trick using from and spf

> On Mar 6, 2017, at 12:58 PM, David B Funk > wrote: > > On Mon, 6 Mar 2017, Alan Hodgson wrote: > >>> It seems it should be easy to setup “If mail claims to be From: PayPal.com >>> and is not from PayPal, score +100” but it is not. >> >> This is what DMARC is

Re: New whitelisting trick using from and spf

On Mon, 6 Mar 2017 11:58:25 -0600 (CST) David B Funk wrote: > But that won't help you when the scammers set the user visible from > as "acco...@paypai.com" or some other variant (with the actual > address part as or something else. I recall

Re: New whitelisting trick using from and spf

On Monday 06 March 2017 11:58:25 David B Funk wrote: > On Mon, 6 Mar 2017, Alan Hodgson wrote: > >> It seems it should be easy to setup “If mail claims to be From: > >> PayPal.com > >> and is not from PayPal, score +100” but it is not. > > > > This is what DMARC is for. > > > > Run opendmarc as

Re: New whitelisting trick using from and spf

On Mon, 6 Mar 2017, Alan Hodgson wrote: It seems it should be easy to setup “If mail claims to be From: PayPal.com and is not from PayPal, score +100” but it is not. This is what DMARC is for. Run opendmarc as a milter and reject failures. Or score later on DMARC failure, even if just

Re: New whitelisting trick using from and spf

> It seems it should be easy to setup “If mail claims to be From: PayPal.com > and is not from PayPal, score +100” but it is not. This is what DMARC is for. Run opendmarc as a milter and reject failures. Or score later on DMARC failure, even if just selectively for highly phished domains.

Re: New whitelisting trick using from and spf

On Sun, 5 Mar 2017 10:38:09 -0800 Marc Perkel wrote: > If the from address is whitelisted AND the SPF of the from address is > good - I pass the email. And that's exactly how SPF is supposed to work. You shouldn't whitelist domains willy-nilly because they can be

Re: New whitelisting trick using from and spf

On 2017-03-06 (04:45 MST), David Jones wrote: > >> From: @lbutlr >> Sent: Monday, March 6, 2017 5:24 AM >> To: users@spamassassin.apache.org >> Subject: Re: New whitelisting trick using from and spf > >> On 2017-03-05 (18:59 MST), David Jones

Re: New whitelisting trick using from and spf

Spam/phishing emails pretending to be from Paypal won't have an envelope-from of *@paypal.com which is why you didn't get the desired effect.  You rarely use the blacklist_from only when there is very dumb senders that you want to block that don't matter - "blacklist_from" also bpocks

Re: New whitelisting trick using from and spf

On 05.03.17 10:38, Marc Perkel wrote: Well, new to me. Maybe others have thought of this. Many domains send nothing but good email and if you whitelist them based on FCRDNS all is good. Been doing that. But ... Many domains send nothing but good email and they send through reputable email

Re: New whitelisting trick using from and spf

>From: Reindl Harald >Sent: Monday, March 6, 2017 5:58 AM >To: David Jones; @; users@spamassassin.apache.org >Subject: Re: New whitelisting trick using from and spf   >Am 06.03.2017 um 12:45 schrieb David Jones: >>> From: @lbutlr >>> Sent: Monday,

Re: New whitelisting trick using from and spf

>From: @lbutlr >Sent: Monday, March 6, 2017 5:24 AM >To: users@spamassassin.apache.org >Subject: Re: New whitelisting trick using from and spf   >On 2017-03-05 (18:59 MST), David Jones wrote: >> >> whitelist_auth does this against SPF_PASS and DKIM_VALID_AU

Re: Yahoo - Can't figure out a server is down?

On 2017-03-04 (23:32 MST), Rob Gunther wrote: > > In the last few weeks we are finding that SOME (but not all) of Yahoo's > outbound servers are not dealing with this correctly. This may not work for you, but I solved all my yahoo problems by simply blocking their servers

Re: New whitelisting trick using from and spf

On 2017-03-05 (18:59 MST), David Jones wrote: > > whitelist_auth does this against SPF_PASS and DKIM_VALID_AU I tired to do something along these lines at some point in the past by adding some lines to my local.cf like these: blacklist_from *@amazon.com whitelist_auth