Arne Jensen <darkde...@darkdevil.dk> writes: > Den 11-11-2021 kl. 20:21 skrev Greg Troxel: >> It's a really interesting question what DNSWL_MED ought to be for score. >> Given what MED is supposed to be: >> >> Medium Rare spam occurrences, corrected promptly. >> >> -2.3 points seems entirely reasonable. >> >> But I don't see how gmail makes sense being medium, as spam from gmail >> is not rare. Probably it happens to me every day. NONE seems more >> appropriate, especially since I have no perception of google making a >> serious attempt to avoid emanating spam. (I realize this comment >> belongs on the DNSWL list, but for now I'm not bothered personally >> because the v6 addrs aren't listed.) > > Google (Gmail) is not, and have never been on medium. > > Last score change on Google's addresses, was in June 2018, demoting > the last remaining ones from "low" to "none". > > Are you by any chance forwarding traffic from one server to another, > and/or potentially missing something in your trusted_networks and/or > internal_networks? This one is *very* common.
Sorry for being fuzzy. What I meant, and didn't say clearly, is: I get a lot of spam from gmail (that is properly DKIM signed and passes SPF). I'm not seeing any of it get tagged as coming from DNSWL_MED. Having seen other people claim that google servers are on MED, I was opining that this didn't make sense. (It seems that everybody agrees that it doesn't make sense and also that it has never been true.) > Checking up with DNSWL is actually done by checking the first server > in reverse order, that your own server does not trust, so if the > inbound message you see was sent from Gmail, relayed over your > friend's server (which is/was at medium), and then finally hitting > yours, and that you do not have set your friend's server as one of > your trusted ones, the DNSWL check will be done on your friend's > server, ending up with flagging the message as medium. For me, the trickiness is in mailinglists, especially when they are set up without restrict-to-list-member and without good filtering. So I have put their addresses into trusted_networks. This isn't quite the same as someone MX-catching for me, but I think it works out the same. Greg
signature.asc
Description: PGP signature