Based on the ease of abuse, and samples in the wild, I am also plus one to remove the drives no reply email address from the default dkim welcome list.
Regards, KAM On Wed, Dec 28, 2022, 06:16 Sidney Markowitz <sid...@sidney.com> wrote: > Giovanni Bechis wrote on 28/12/22 11:43 pm: > > Hi, > > recently I started receiving more spam from "drive-shares-noreply at > google.com", this spam bypasses filters because it matches > USER_IN_DEF_DKIM_WL that gives the email -7.5 points. > > Should we remove google.com from default whitelists ? > > > > Spample at: https://pastebin.com/hVD3FCCe > > > > Giovanni > > I just generated one of those as a test by going to Google Slides, > creating a slide presentation, then File | Email and sent the > presentation to arbitrary email addresses with a message I typed in. > > The email arrives from drive-shares-noreply just like your sample, with > my Google account's email address as the Reply-To. > > As Henrik pointed out, there are legitimate Google addresses in > USER_IN_DEF_DKIM_WL, but email from drive-shares-noreply at google.com > can be generated by anybody from throwaway accounts and should not be > automatically welcome listed. > >
