Re: wordpress whitelist entry
On Tue, 9 Oct 2018 20:04:53 + David Jones wrote: > On 10/9/18 2:21 PM, RW wrote: > > > > I've recently noticed that newsletters from a small wordpress site > > are hitting USER_IN_DEF_SPF_WL. > > > > The headers are of the form: > > > >Return-Path: > >... > >To: m...@example.com > >From: Some Amateur Website > > > > and the use of the bounce handling subdomain b.wordpress.com is > > causing a match on: > > > >def_whitelist_auth *@*.wordpress.com > > > > Theses emails are legitimate, and I've not had much wordpress spam, > > but they are essentially freemail bulk mail. > > > > I am not understanding the question or issue. If they 1) don't send > spam, 2) only send opt-in email with a valid opt-out option and 3) > they quickly handle any abuse reports then they should be considered > a trusted sender. Since these are system-generated emails and not > real human mailboxes that can be compromised to send spam, then that > def_whitelist_auth entry is safe. They aren't system generated, they come from individual end-users. For all we know, users who run XP boxes and don't know what a firewall is. It may well be that wordpress has the whole thing nailed down with enforced opt-ins, CAPTCHAs etc. Without actually knowing that, it seems a legitimate cause for concern.
Re: wordpress whitelist entry
On 10/9/18 2:21 PM, RW wrote: > > I've recently noticed that newsletters from a small wordpress site are > hitting USER_IN_DEF_SPF_WL. > > The headers are of the form: > >Return-Path: >... >To: m...@example.com >From: Some Amateur Website > > and the use of the bounce handling subdomain b.wordpress.com is > causing a match on: > >def_whitelist_auth *@*.wordpress.com > > Theses emails are legitimate, and I've not had much wordpress spam, but > they are essentially freemail bulk mail. > I am not understanding the question or issue. If they 1) don't send spam, 2) only send opt-in email with a valid opt-out option and 3) they quickly handle any abuse reports then they should be considered a trusted sender. Since these are system-generated emails and not real human mailboxes that can be compromised to send spam, then that def_whitelist_auth entry is safe. Once we find evidence that any def_whitelist_auth sender fails to follow all 3 rules above then post an example here via pastebin.com and we will take appropriate action. -- David Jones
wordpress whitelist entry
I've recently noticed that newsletters from a small wordpress site are hitting USER_IN_DEF_SPF_WL. The headers are of the form: Return-Path: ... To: m...@example.com From: Some Amateur Website and the use of the bounce handling subdomain b.wordpress.com is causing a match on: def_whitelist_auth *@*.wordpress.com Theses emails are legitimate, and I've not had much wordpress spam, but they are essentially freemail bulk mail.
