Giovanni Bechis wrote on 28/12/22 11:43 pm:
Hi,
recently I started receiving more spam from "drive-shares-noreply at
google.com", this spam bypasses filters because it matches USER_IN_DEF_DKIM_WL that
gives the email -7.5 points.
Should we remove google.com from default whitelists ?
Spample at: https://pastebin.com/hVD3FCCe
Giovanni
I just generated one of those as a test by going to Google Slides,
creating a slide presentation, then File | Email and sent the
presentation to arbitrary email addresses with a message I typed in.
The email arrives from drive-shares-noreply just like your sample, with
my Google account's email address as the Reply-To.
As Henrik pointed out, there are legitimate Google addresses in
USER_IN_DEF_DKIM_WL, but email from drive-shares-noreply at google.com
can be generated by anybody from throwaway accounts and should not be
automatically welcome listed.
