> steve skrev den 2015-11-23 13:31: > > >>> asn plugin currently does not work with ipv6 > > I'll cross that bridge when I come to it. > > i just still need self to debug why it fails, currently i have seen > 2.0.0.0/8 when ipv6 recieved in 26xx: :=) > > >> and if you see mails pretending sent from google/gmail it wont be dkim > >> pass and spf pass > > > > The example i saw last week was from "Google Audit" > > <sec...@googletechteam.co.uk>, was DKIM signed and valid [but > > obviously not by Google's key :)] and was asking a user to verifiy > > thier account... URIs weren't blacklisted at the time. > > co.uk is a domain and a tld, very cool :) > > dont blame me on that > > i can make google.junc.eu is it now google that spams you ?
That was just one example I received. Yes, you can very well use google.junc.en and no that doesn't mean Google spams me. My eventual goal is to test for "Has google in the sender name OR domain" and "is NOT from a ASN owned by Google". https://www.ultratools.com/tools/asnInfoResult?domainName=Google Am I'm not explaining myself correctly? > > yes i know co.uk is a valid tld, but spammers seems not knowing why not > to use it > > > Test results of that scan were... > > > > DKIM_SIGNED=0.1 > > DKIM_VALID=-0.1 > > DKIM_VALID_AU=-0.1 > > HTML_MESSAGE=0.001 > > KAM_COUK=0.1 > > MIME_HTML_ONLY=0.723 > > RP_MATCHES_RCVD=-0.582 > > SPF_PASS=-0.001 > > TXREP=1.105 > > what dkim domain, whois dkim-domain It was DKIM signed by the senders domain googletechteam.co.uk. > > > My thought process was that emails with Google in the Senders Name or > > email address should only really originate from IP addresses / ASN's > > Google own (initial invesgation suggest gmail.com comes from AS15169 > > thought I've not thrown a wide net yet). > > > >> asn is nice but too unstable to make rules on > > I feel its worth exploring for my purposes. > > okay with me if you do with stable data Thanks > > > Any further advice will be grafefully recived. > > possible start using dmarc ? Not sure how that would help in the situation I've outlined? Overall, while i appericate your efforts and discussions about the validatility of my objectives, what I'm really after is how can I query the X-ASN header? If this turns out to be a waste of time I'll be the first to let you know. Many thanks Steve > > To: users@spamassassin.apache.org
