Re: google.com spam

Sun, 04 Apr 2021 07:47:26 -0700 

On 04.04.21 13:09, Benny Pedersen wrote:
>change score to 7.5
>change score to -3.5



On Sun, 4 Apr 2021 13:21:08 +0200 Matus UHLAR - fantomas wrote:

I prefer to solve problems instead of playing with scores.

It seems that abusers have worked around SA by using google domains
and addresses for sending spam from.


On 04.04.21 14:19, RW wrote:

If google have been foolish enough to allow abuse on the organizational
domain it should definitely be taken out of the def whitelists until
they move anything abusable to a different subdomain/domain.


That's what I'm trying to say.

Their sites.google.com has been used for spam links for months, I just
found the same account being used 4 times since Jan. I have reported allspam
accounts but they were apparently kept alive.

...it's also why I put google.com into util_rb_2tld and
clear_uridnsbl_skip_domain.


However, the point about scores is a valid one in this case.


of course, but as time advances, scores in SA are re-evaluated and changed,
which I'm hoping for.

even without that, changing one score can have strange results later with
different mail, so any tuning should be handled with care.


For the
'def' whitelists to have any point they should be tuned to prevent most
such FPs while having a minimal impact on TPs. The rules are scored far
too strongly, but the fact they are additively scored makes it
impossible to fine tune them.

There's no point in additive scoring anyway. If any of them is hit it's
most likely the spam has gone through an abused server.


if you mean using combination of USER_IN_DEF_SPF_WL, USER_IN_DEF_DKIM_WL and
USER_IN_DEF_WELCOMELIST, they could be put into if condition.

Also, old syntas shoulx make those lists a bit less efficient, so this
should be:

     score USER_IN_DEF_WELCOMELIST      0.01
     score USER_IN_DEF_WHITELIST       -15.0

instead of:

     score USER_IN_DEF_WELCOMELIST     -0.01
     score USER_IN_DEF_WHITELIST       -15.0


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watkins.  -- Daffy Duck & Porky Pig






















					Reply via email to