On 4/28/21 12:59 PM, Matus UHLAR - fantomas wrote: >>> On 4/28/21 11:44 AM, Matus UHLAR - fantomas wrote: >>>>> -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list >>>>> manager >>>> >>>> I have disabled his rule some time ago. >>>> Many spammers use mailing list or their signatures. > >> On 2021-04-28 11:55, Giovanni Bechis wrote: >>> Same here, is it worth to keep MAILING_LIST_MULTI to that hardcoded score ? > > On 28.04.21 12:18, Benny Pedersen wrote: >> i have -20 there :=) > >> but also local uribl enlists to catch spam >> >> no dns for me >> >> keep it very negative ensures not rejecting maillists >> >> maybe harden with !FREEMAIL_FROM >> >> or DKIM_VALID_EF >> >> if that hits its direct mailling and possible spam, while ! is maillist >> often :=) > > I looked around my spam folder, I see that I did: > > score MAILING_LIST_MULTI -0.001 > > just to see the rule if it hits. > > out of 120 spams currently, I see many spams from google(groups), mailjet > and other list providers I haven't signed for. > > some do hit FREEMAIL_FROM, some don't. > ~8% of my daily spam hits MAILING_LIST_MULTI and only 0.2% hits both MAILING_LIST_MULTI and FREEMAIL_FROM for me.
> funny is that they hit FREEMAIL_FORGED_FROMDOMAIN because of > @googlegroups.com envelope but gmail.com From, which is expected for mailing > list. > > some hit DKIM_VALID_EF, some don't > > ...DKIM_VALID_EF is imho useless, because mail should to be signed with DKIM > of > header domain, not envelope. > > > while I agree that MAILING_LIST_MULTI can be used in meta rules, it's > neither of those, and none I currently know of.
OpenPGP_signature
Description: OpenPGP digital signature
