Hi, > This was a set of rules created by Mark back in 2011. Thanks for not > > > flaming me. > > Heh. ;) > > Sorry, but I kind of expect some due diligence, in particular by long > time and experienced community members. Coming across blatantly obvious > cases of local rules being complained about to misfire might make me > snappy. > > Think about it this way: In order to help you, my first step is to find > out details about those rules (grep stock cf files) and their respective > score (your sample). You provided an exemplary, flawless sample. Why did > you not have a look at the rules' sources?
It really was a temporary lapse. I'm now managing so much, and thought for sure it was an SA rule since I didn't immediately recognize it. Also, my local rules all begin with LOC_, or immediately recognizable KAM_ or AXB_. > The rule itself was not that bad. Actually, as Kevin and Anthony pointed > out, Yahoo even expressly states in their DMARC records you should never > have genuinely received those messages, nor accepted them. Yahoo > classifies it forged. > > It is the mass mailer's and its client's fault. (Back to the "cheap" > part. Doing mass mailings but don't own your own domain? Accepting and > actually using free-mailer address as sender? Even worse, failing to get > the note about Yahoo DMARC policy in that business?) Great points. I've found the rule's hit a very large amount of ham, even some that's been whitelisted. Investigating a bit further, it appears to hit quite a few messages that indeed pass through yahoo.com. I've included one such example set of headers here: http://pastebin.com/XiHpRbJb However, it doesn't have the p=reject DKIM auth statement, so I don't yet fully understand how it all works. It hit DKIM_SIGNED but not DKIM_VALID, and in fact hit T_DKIM_INVALID. Thanks, Alex