On 04/11/2018 05:18 PM, Bill Cole wrote:
On 11 Apr 2018, at 17:50 (-0400), Dave Jones wrote:
On 04/11/2018 04:29 PM, billc...@apache.org wrote:
Date: Wed Apr 11 21:29:08 2018
New Revision: 1828937
Google Forms has generated spam, befouling the google.com reputation
--- spamassassin/trunk/rules/60_whitelist_auth.cf (original)
+++ spamassassin/trunk/rules/60_whitelist_auth.cf Wed Apr 11 21:29:08
@@ -80,7 +80,6 @@ def_whitelist_auth *@visadpsmessage.com
Do you have an example email of this?
Discussed on the Users list today. A mostly-Thai form with an internal
If we report this to Google and they handle it properly, it doesn't
mean that we need to remove this entry unless there is a major problem
I disagree. Handling complaints (which Google mostly doesn't in any
case) is entirely inadequate to justify trusting mail sent by users they
don't actually know with an active backend that has a track record of
abuse. Google Docs has become a phishing platform and we should not be
telling people to trust it by default.
A single email occurrence is not enough to remove them.
I don't have copies of the similar-sender garbage I've been rejecting
because it has been aimed at bogus local addresses.
Besides, this *@*.google.com shouldn't be that common under a
subdomain of google.com. It's not *@google.com which would be a
No, *@google.com is still apparently only Google corporate mail. The
only spam I've ever seen from such addresses is stupid recruiter tricks.
I still contend that the benefits of that entry far outweigh a single
report of spam that Google will handle if reported to them. They do
handle abuse reports and lock accounts all of the time. I know this
first hand from my own customers.
The def_white_auth entries aren't only for perfect senders but for
senders that are targets of spoofing. They say that this email was from
Google so we can block other non-Google senders spoofing Google Docs
shares with malicious links.
No one can say that the have never sent spam outbound. It happens once
in a while even to the best of us that go to great lengths to detect and
prevent it. Most RBLs will tolerate a small amount junk email and only
list an IP when it's persistent. These def_whitelist_auth entries
should be treated the same way.