Am 2014-04-24 12:58, schrieb Axb:
On 04/24/2014 12:52 PM, Michael Storz wrote:
Since Yahoo and AOL have moved to a DMARC policy of reject, mail
senders
are changing the way they are sending their emails. Instead of using
the
email address of an user in RFC5322.From they use their own address
and
put the address of the user in the Reply-To field.
FREEMAIL_FORGED_REPLYTO fires on these emails and produce false
positives.
From examples taken from log lines of amavisd:
From: GIVENNAME_SURNAME_via_LinkedIn_<mem...@linkedin.com>
(dkim:AUTHOR)
From: NAME_via_Dropbox_<no-re...@dropbox.com> (dkim:AUTHOR)
Since more and more such emails will occur, for example all web
forms
will send their emails in this way, the rule does not make sense
anymore.
good thing you can lower the score if that rule can cause FPs on its
own.
Sure, that's what I have done already.
The rule does what it was designed to.
Well, if we want to do hairsplitting, then the answer is no: it is not
forged anymore, therefore the name is wrong ;-)
--
Michael
