On 2024-01-04 1:57 p.m., Matija Nalis wrote:
bodyGIFT_CARD /gift card/i
score GIFT_CARD 1.5
metaFREEMAIL_GIFTCARDSGIFT_CARD && (FREEMAIL_FROM || !DKIM_VALID)
score FREEMAIL_GIFTCARDS6.0
If you're not big on gift cards.
Also, you might want to enable and train Bayes...
On 1/4/2024 3:19 PM, Kirk Ismay wrote:
I'm wondering if anyone has any good ideas to catch gift card scam
emails. This latest version came from Gmail, and has valid DKIM
records and the IPs are whitelisted.
Thanks,
Kirk
Here's the hits from SpamAssassin:
X-Spam-Status: No, score=0.3
bodyGIFT_CARD /gift card/i
score GIFT_CARD 1.5
metaFREEMAIL_GIFTCARDSGIFT_CARD && (FREEMAIL_FROM || !DKIM_VALID)
score FREEMAIL_GIFTCARDS6.0
If you're not big on gift cards.
Also, you might want to enable and train Bayes...
On Thu, Jan 04, 2024 at 01:19:28PM -0800,
Hello,
On Wed, Jan 03, 2024 at 01:24:02PM -0600, Thomas Cameron via users wrote:
> On 1/2/24 17:51, Andy Smith wrote:
> > - Have your users collect their your-org email by some means other
> >than SMTP, such as running an IMAP server and having them view
> >both their gmail mailbox and
On 1/4/24 06:35, Matus UHLAR - fantomas wrote:
On 03.01.24 20:36, Thomas Cameron wrote:
Fair point. But I'm guessing that because it has two DKIM signatures,
it's not passing the DKIM check.
only one of those DKIM dignatures needs to pass, with the domain in From:
Yup, and it seems to be
On 1/4/24 06:31, Matus UHLAR - fantomas wrote:
On 03.01.24 19:30, Thomas Cameron wrote:
Thanks for the advice on SRS - I have set it up and it's mostly
working. At least GMail accepts the emails, although it seems to be
failing DKIM and DMARC tests. I'm digging into what, if anything, can
be
Thomas Cameron writes:
Yeah, the weird thing is, when I check the forwarded email on GMail, I
see in the headers that both the original sending email server (call
it mail.somedomain.com) and the relay server (call it
mail.myassociation.org) put DKIM signatures in the message.
On 1/3/24
On 1/3/24 15:44, Bill Cole wrote:
Indeed: your solution is known as "SRS" (Sender Rewriting Scheme)
and it has multiple implementations. If you forward mail, you will
break SPF unless you fix the envelope sender so that it uses a
domain that permits the example.org server to send for it.