On 2022-11-14 at 16:11:10 UTC-0500 (Mon, 14 Nov 2022 16:11:10 -0500) Kevin A. McGrail <kmcgr...@apache.org> is rumored to have said:
> I have also seen the PayPal ecosystem being abused by bad actors sending > things like fake invoices. I am also +1 to remove the domain from the dkim > wl. Same. Paypal could fix this abuse by over-signing the Resent-From header. > Regards, KAM > > On Mon, Nov 14, 2022, 16:01 Shawn Iverson <shawniver...@gmail.com> wrote: > >> Bottom line is I don't think paypal deserves to be default whitelisted in >> recent history. I've received a lot of spam actually from paypal and >> judiciously report it to phish...@paypal.com with no apparent action or >> response. >> >> On Mon, Nov 14, 2022 at 3:56 PM Shawn Iverson <shawniver...@gmail.com> >> wrote: >> >>> So what I'm going to do is turn shortcircuit off for >>> USER_IN_DKIM_WHITELIST >>> >>> Create a meta to catch papal.com as the from address and score >>> appropriately >>> Create a counter meta to score other deserving DKIM-signers appropriately >>> >>> On Mon, Nov 14, 2022 at 3:43 PM Alan Hodgson <ahodg...@lists.simkin.ca> >>> wrote: >>> >>>> On Mon, 2022-11-14 at 15:14 -0500, Shawn Iverson wrote: >>>>> How do I stop this? paypal.com is in the default DKIM whitelist! >>>>> >>>> >>>> That message really looks like it came from Paypal and then was >>>> forwarded by Microsoft to your server. Was it really a fake? That's a >>>> lot of headers to fake if so. >>>> >>>> If it was really fake and that paypal-supplied DKIM signature doesn't >>>> validate (I didn't check that), then checking DMARC when you receive >>>> mail and rejecting on p=reject failures would block it. >>>> >>> -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire