On 5/10/19 1:52 AM, Pedro David Marco wrote:
On the contrary, most spam i see is valid DKIM signed... tons of
hacked sites... tons of emails from free trials of big-cheeses...
Nevertheless...
meta NO_DKIM_SIGNED ! DKIM_SIGNED
score NO_DKIM_SIGNED 2
describe NO_DKIM_SIGNED Email does not have DKIM signature
On 10.05.19 14:48, David Jones wrote:
That alone is too risky to score alone and should be used in a meta rule
like this:
meta SPAM_NOT_DKIM_SIGNED !DKIM_SIGNED && (MISSING_HEADERS ||
FSL_BULK_SIG || RDNS_DYNAMIC || OTHER_RULE_COMMONLY_SEEN_AS_SPAM)
score SPAM_NOT_DKIM_SIGNED 2
describe SPAM_NOT_DKIM_SIGNED Spammy characteristics and not DKIM signed
I wanted to comment OP's mail, but since I don't have DKIM set up, I wasn't
sure it would pass :-)
>On Friday, May 10, 2019, 4:26:46 AM GMT+2, Kurt Fitzner
<k...@va1der.ca> wrote:
>
>I've noticed on my mail server that DKIM signing is almost diagnostic of
>spam. Almost no legitimate sender is without DKIM, and about 90% of my
>spam is unsigned, so I want to bias non-DKIM-signed heavily towards
>spam. To that end I was wondering if there are any built-in rules I can
>activate to score emails that are not DKIM-signed? I'd rather use a
>built-in rule than roll my own.
I caution against this since non-DKIM signed email has no relation to
spam or ham. How did you come up with the "about 90%" number? Did you
grep logs to get real numbers over a couple of months?
Any compromised account from Office 365 (and there are a lot) is going
to have DKIM_SIGNED by Microsoft's "tenant.onmicrosoft.com" domain which
means absolutely nothing when determining ham/spam. All that means is
it was signed by Microsoft mail servers on the way out. If DKIM_VALID
was hit, then it means the spam wasn't modified.
I also doubt if DKIM_VALID is enough. To be sure, the mail should hit
DKIM_VALID_AU to prove it was signed by the sender's mail server...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm