I have also seen the PayPal ecosystem being abused by bad actors sending things like fake invoices. I am also +1 to remove the domain from the dkim wl.
Regards, KAM On Mon, Nov 14, 2022, 16:01 Shawn Iverson <shawniver...@gmail.com> wrote: > Bottom line is I don't think paypal deserves to be default whitelisted in > recent history. I've received a lot of spam actually from paypal and > judiciously report it to phish...@paypal.com with no apparent action or > response. > > On Mon, Nov 14, 2022 at 3:56 PM Shawn Iverson <shawniver...@gmail.com> > wrote: > >> So what I'm going to do is turn shortcircuit off for >> USER_IN_DKIM_WHITELIST >> >> Create a meta to catch papal.com as the from address and score >> appropriately >> Create a counter meta to score other deserving DKIM-signers appropriately >> >> On Mon, Nov 14, 2022 at 3:43 PM Alan Hodgson <ahodg...@lists.simkin.ca> >> wrote: >> >>> On Mon, 2022-11-14 at 15:14 -0500, Shawn Iverson wrote: >>> > How do I stop this? paypal.com is in the default DKIM whitelist! >>> > >>> >>> That message really looks like it came from Paypal and then was >>> forwarded by Microsoft to your server. Was it really a fake? That's a >>> lot of headers to fake if so. >>> >>> If it was really fake and that paypal-supplied DKIM signature doesn't >>> validate (I didn't check that), then checking DMARC when you receive >>> mail and rejecting on p=reject failures would block it. >>> >>