On 11 Apr 2018, at 15:28 (-0400), Alex wrote:
Hi, this message seems suspicious to me (appears to be some type of
survey), but I don't understand how it was whitelisted when google.com
is not listed among def_whitelist_from_dkim (or at least shouldn't be)
Note that google.com has historically been reserved for Google corporate
mail, NOT GMail. Hence these rules exist in the default rules:
60_whitelist_auth.cf:def_whitelist_auth *@*.google.com
60_whitelist_dkim.cf:def_whitelist_from_dkim
googlealerts-nore...@google.com
60_whitelist_dkim.cf:# def_whitelist_from_dkim *@google.com
https://pastebin.com/raw/h1370F1F
I'd appreciate any clarification on what's going on here...
The envelope sender is
3ue3owhmjamkzhabyuuhahsbe.qpzhvnthps.jvtytilzadlzalyu....@trix.bounces.google.com
and the SPF-relevant relay IP is 209.85.223.199, so SPF passes. That's
good enough for def_whitelist_auth.
Messages of this sort make an irrefutable argument for removing the
general pass given to Google in the default ruleset, as it is clearly
based on a use model of the domain which no longer is true.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
