On Tue, 7 Mar 2017 09:12:00 -0500
Dianne Skoll wrote:
> SPF chose to use envelope sender not because it's more reliable, but
> (I suspect) so as not to break mailing lists.
More likely because the original intent was to reject as early as
possible.
On Tue, 7 Mar 2017 00:04:59 +
David Jones wrote:
> >Er... well. The envelope-from is not any more trustworthy than
> >the header From:. But it *is* the thing the SPF spec say to check,
> >and *not* the header From:.
> It should be way more trustworthy since it is where
On 03/06/17 15:22, David Jones wrote:
From: Marc Perkel <supp...@junkemailfilter.com>
Sent: Monday, March 6, 2017 11:05 AM
To: users@spamassassin.apache.org
Subject: Re: New whitelisting trick using from and spf
do you mean the header From: address?
because anyone doing SPF does spf
>From: Dianne Skoll <d...@roaringpenguin.com>
>Sent: Monday, March 6, 2017 5:40 PM
>To: users@spamassassin.apache.org
>Subject: Re: New whitelisting trick using from and spf
>On Mon, 6 Mar 2017 23:22:00 +
>David Jones <djo...@ena.com> wrote:
>> Not
On Mon, 6 Mar 2017 23:22:00 +
David Jones wrote:
[...]
> Not good. SPF should be checked against the envelope-from
> address which is more trustworthy.
Er... well. The envelope-from is not any more trustworthy than
the header From:. But it *is* the thing the SPF spec say
>From: Marc Perkel <supp...@junkemailfilter.com>
>Sent: Monday, March 6, 2017 11:05 AM
>To: users@spamassassin.apache.org
>Subject: Re: New whitelisting trick using from and spf
>> do you mean the header From: address?
>>
>> because anyone doing SPF do
On 03/06/17 04:19, Matus UHLAR - fantomas wrote:
On 05.03.17 10:38, Marc Perkel wrote:
Well, new to me. Maybe others have thought of this.
Many domains send nothing but good email and if you whitelist them
based on FCRDNS all is good. Been doing that.
But ...
Many domains send nothing
> On Mar 6, 2017, at 12:58 PM, David B Funk
> wrote:
>
> On Mon, 6 Mar 2017, Alan Hodgson wrote:
>
>>> It seems it should be easy to setup “If mail claims to be From: PayPal.com
>>> and is not from PayPal, score +100” but it is not.
>>
>> This is what DMARC is
On Mon, 6 Mar 2017 11:58:25 -0600 (CST)
David B Funk wrote:
> But that won't help you when the scammers set the user visible from
> as "acco...@paypai.com" or some other variant (with the actual
> address part as or something else.
I recall
On Monday 06 March 2017 11:58:25 David B Funk wrote:
> On Mon, 6 Mar 2017, Alan Hodgson wrote:
> >> It seems it should be easy to setup “If mail claims to be From:
> >> PayPal.com
> >> and is not from PayPal, score +100” but it is not.
> >
> > This is what DMARC is for.
> >
> > Run opendmarc as
On Mon, 6 Mar 2017, Alan Hodgson wrote:
It seems it should be easy to setup “If mail claims to be From: PayPal.com
and is not from PayPal, score +100” but it is not.
This is what DMARC is for.
Run opendmarc as a milter and reject failures. Or score later on DMARC
failure, even if just
> It seems it should be easy to setup “If mail claims to be From: PayPal.com
> and is not from PayPal, score +100” but it is not.
This is what DMARC is for.
Run opendmarc as a milter and reject failures. Or score later on DMARC
failure, even if just selectively for highly phished domains.
On Sun, 5 Mar 2017 10:38:09 -0800
Marc Perkel wrote:
> If the from address is whitelisted AND the SPF of the from address is
> good - I pass the email.
And that's exactly how SPF is supposed to work. You shouldn't whitelist
domains willy-nilly because they can be
On 2017-03-06 (04:45 MST), David Jones <djo...@ena.com> wrote:
>
>> From: @lbutlr <krem...@kreme.com>
>> Sent: Monday, March 6, 2017 5:24 AM
>> To: users@spamassassin.apache.org
>> Subject: Re: New whitelisting trick using from and spf
>
>
Spam/phishing emails pretending to be from Paypal won't have an
envelope-from of *@paypal.com which is why you didn't get the
desired effect. You rarely use the blacklist_from only when there
is very dumb senders that you want to block
that don't matter - "blacklist_from" also bpocks
On 05.03.17 10:38, Marc Perkel wrote:
Well, new to me. Maybe others have thought of this.
Many domains send nothing but good email and if you whitelist them
based on FCRDNS all is good. Been doing that.
But ...
Many domains send nothing but good email and they send through
reputable email
>From: Reindl Harald <h.rei...@thelounge.net>
>Sent: Monday, March 6, 2017 5:58 AM
>To: David Jones; @; users@spamassassin.apache.org
>Subject: Re: New whitelisting trick using from and spf
>Am 06.03.2017 um 12:45 schrieb David Jones:
>>> From: @lbutlr <kr
>From: @lbutlr <krem...@kreme.com>
>Sent: Monday, March 6, 2017 5:24 AM
>To: users@spamassassin.apache.org
>Subject: Re: New whitelisting trick using from and spf
>On 2017-03-05 (18:59 MST), David Jones <djo...@ena.com> wrote:
>>
>> whitelist_auth does
On 2017-03-05 (18:59 MST), David Jones wrote:
>
> whitelist_auth does this against SPF_PASS and DKIM_VALID_AU
I tired to do something along these lines at some point in the past by adding
some lines to my local.cf like these:
blacklist_from *@amazon.com
whitelist_auth
>From: Marc Perkel <supp...@junkemailfilter.com>
>Sent: Sunday, March 5, 2017 12:38 PM
>To: users@spamassassin.apache.org
>Subject: New whitelisting trick using from and spf
>Well, new to me. Maybe others have thought of this.
Been doing this for a couple of years now.
Well, new to me. Maybe others have thought of this.
Many domains send nothing but good email and if you whitelist them based
on FCRDNS all is good. Been doing that.
But ...
Many domains send nothing but good email and they send through reputable
email sender services which are mostly good
21 matches
Mail list logo