RE: PayPal spam filter?

; From: Juerg Reimann [mailto:j...@jworld.ch] > Sent: Wednesday, June 26, 2013 6:42 PM > To: users@spamassassin.apache.org > Cc: 'Benny Pedersen' > Subject: RE: PayPal spam filter? > > Hi Benny > > Thanks for your tip. Could you elaborate on this a bit?

RE: PayPal spam filter?

> Sent: Wednesday, June 12, 2013 9:38 PM > To: users@spamassassin.apache.org > Subject: Re: PayPal spam filter? > > Juerg Reimann skrev den 2013-06-12 21:30: > > > Is there a filter to block PayPal phishing mails, i.e. everything that > > claims to come from PayPal bu

Re: PayPal spam filter?

On Mon, 17 Jun 2013 10:48:34 +1200 Jason Haar wrote: > Just a FYI but SA scores failures of "~all" much stronger than it does > for "-all" They all score under one point. > > http://spamassassin.1065346.n5.nabble.com/default-score-for-SPF-HELO-FAIL-too-low-td13894.html > > > That's it - I'm r

Re: PayPal spam filter?

On Mon, 2013-06-17 at 18:51 +1200, Jason Haar wrote: > On 17/06/13 16:14, Benny Pedersen wrote: > > Jason Haar skrev den 2013-06-17 00:48: > > > >> That's it - I'm removing SPF... > > > > hardfail is for mta, softfails is for spamassassin, if your mta accept > > hardfail spf, then you self ask for

Re: PayPal spam filter?

Jason Haar skrev den 2013-06-17 08:51: ?? SA scores hardfails as 0.0 due to the high positive rate. Therefore blocking on SPF hardfails must lead to a high FP rate too? If your organization is willing to live with valid email being bounced, fine - but I'm going to listen to our SA overlords

Re: PayPal spam filter?

On 17/06/13 16:14, Benny Pedersen wrote: > Jason Haar skrev den 2013-06-17 00:48: > >> That's it - I'm removing SPF... > > hardfail is for mta, softfails is for spamassassin, if your mta accept > hardfail spf, then you self ask for it > ?? SA scores hardfails as 0.0 due to the high positive rate. T

Re: PayPal spam filter?

Jason Haar skrev den 2013-06-17 00:48: That's it - I'm removing SPF... hardfail is for mta, softfails is for spamassassin, if your mta accept hardfail spf, then you self ask for it -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get repl

Re: PayPal spam filter?

On 06/16/2013 06:48 PM, Jason Haar wrote: > Just a FYI but SA scores failures of "~all" much stronger than it does > for "-all" > > eg I just deliberately forged an email for my own domain and SA picked > up the SPF hard failure and added 0.0 to the final score :-( > > The logic of the score

Re: PayPal spam filter?

Just a FYI but SA scores failures of "~all" much stronger than it does for "-all" eg I just deliberately forged an email for my own domain and SA picked up the SPF hard failure and added 0.0 to the final score :-( The logic of the score is well documented, just shows how much SPF doesn't work

Re: PayPal spam filter?

On Fri, 14 Jun 2013 12:38:47 +1200 Jason Haar wrote: > On 14/06/13 07:08, Neil Schwartzman wrote: > > Sure is. Also DMARCed and SPFed too. > > > > ;; QUESTION SECTION: > > ;paypal.com .INTXT > > > > ;; ANSWER SECTION: > > paypal.com .7INTXT"v=spf1 > > include:

Re: PayPal spam filter?

Jason Haar skrev den 2013-06-14 02:38: Yeah but notice "~all" is not "-all". ie they are saying that legitimate Paypal email comes from those specific sources - except when it doesn't if its pass then its paypal, if its softfail then we are unsure is what it means I don't understand why "

Re: PayPal spam filter?

On 14/06/13 07:08, Neil Schwartzman wrote: > Sure is. Also DMARCed and SPFed too. > > ;; QUESTION SECTION: > ;paypal.com .INTXT > > ;; ANSWER SECTION: > paypal.com .7INTXT"v=spf1 > include:pp._spf.paypal.com > include:3rdparty._spf.paypa

Re: PayPal spam filter?

On Jun 12, 2013, at 3:37 PM, Daniel McDonald wrote: > I believe Paypal is DKIM signed, Sure is. Also DMARCed and SPFed too. ;; QUESTION SECTION: ;paypal.com.IN TXT ;; ANSWER SECTION: paypal.com. 7 IN TXT "v=spf1 include:pp._spf.paypal.co

Re: PayPal spam filter?

On Wed, 12 Jun 2013 15:26:29 -0500 (CDT) David B Funk wrote: > However this will not hit all the "human engineered" varients which > try to fool people into thinking that they're PayPal (EG: PayPaI) > or which have "PayPal" in the comment field part of the address/URL > but have a completely diff

Re: PayPal spam filter?

On Wed, 2013-06-12 at 21:30 +0200, Juerg Reimann wrote: > Is there a filter to block PayPal phishing mails, i.e. everything that > claims to come from PayPal but is not? > I was going to suggest that you could treat anything whose Message-ID doesn't end with 'paypal.com' as spam, but its a bit mo

Re: PayPal spam filter?

David B Funk skrev den 2013-06-12 22:26: You could create rules to try to spot all those varients but it's a "catchup" game. its more easy in clamav, but i have seen paypal emails orginate from paypal ip, but contains there so called analyzin urls, only test that works is if there is https a

Re: PayPal spam filter?

On Wed, 12 Jun 2013, Daniel McDonald wrote: On 6/12/13 2:30 PM, "Juerg Reimann" wrote: Hi there, Is there a filter to block PayPal phishing mails, i.e. everything that claims to come from PayPal but is not? I believe Paypal is DKIM signed, so it shouldn't be hard to modify these rules for

Re: PayPal spam filter?

Juerg Reimann skrev den 2013-06-12 21:30: Is there a filter to block PayPal phishing mails, i.e. everything that claims to come from PayPal but is not? meta SPF_DID_NOT_PASS (!SPF_PASS) simple ? :=) if paypal do use dkim then it could be checked with meta DKIM_DID_NOT_PASS (!DKIM_VALID_AU)

Re: PayPal spam filter?

On 6/12/13 2:30 PM, "Juerg Reimann" wrote: > Hi there, > > Is there a filter to block PayPal phishing mails, i.e. everything that claims > to come from PayPal but is not? I believe Paypal is DKIM signed, so it shouldn't be hard to modify these rules for PayPal: header __L_ML1 Precedence

PayPal spam filter?

Hi there, Is there a filter to block PayPal phishing mails, i.e. everything that claims to come from PayPal but is not? Thanks, Juerg