On 11 Apr 2018, at 15:28 (-0400), Alex wrote:

Hi, this message seems suspicious to me (appears to be some type of
survey), but I don't understand how it was whitelisted when google.com
is not listed among def_whitelist_from_dkim (or at least shouldn't be)


Note that google.com has historically been reserved for Google corporate mail, NOT GMail. Hence these rules exist in the default rules:

60_whitelist_auth.cf:def_whitelist_auth *@*.google.com
60_whitelist_dkim.cf:def_whitelist_from_dkim googlealerts-nore...@google.com
60_whitelist_dkim.cf:# def_whitelist_from_dkim  *@google.com


https://pastebin.com/raw/h1370F1F

I'd appreciate any clarification on what's going on here...

The envelope sender is 3ue3owhmjamkzhabyuuhahsbe.qpzhvnthps.jvtytilzadlzalyu....@trix.bounces.google.com and the SPF-relevant relay IP is 209.85.223.199, so SPF passes. That's good enough for def_whitelist_auth.

Messages of this sort make an irrefutable argument for removing the general pass given to Google in the default ruleset, as it is clearly based on a use model of the domain which no longer is true.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole

Reply via email to