On 20.01.25 10:03, Steve Charmer wrote:
spam emails sent by bots using Amazon SES servers are getting through
because i have amazonses.com in my whitelist due to several "important
/ trusted companies" using amazon ses.
How does this rule work, to separate the "Received: ", versus the "From: " ?
the header "From: " is NOT in my whitelist,
but the value of "Amazonses.com" IS IN my whitelist
why is it using the value from the header "Received: " and not the
value from the header "From: " ?
SPF is designed to work over envelope addresses - those that are stored in
headers like Envelope-From, Return-Path, X-Envelope-From.
how can I improve the spam filtering?
be very careful about using welcomelist, especially wildcards
headers:
--------------------------
Received: from [54.240.4.1] (port=52099
helo=a4-1.smtp-out.eu-west-1.amazonses.com)
by mail.eee.com with esmtp (Exim 4.86_2)
(envelope-from
<01020194838ad102-b7f40763-2fee-4834-935a-d1adfa2b0318-000...@eu-west-1.amazonses.com>)
id 1tZqGT-0001qQ-Gq
for st...@eee.com; Mon, 20 Jan 2025 06:48:24 -0500
From: =?utf-8?Q?SUPPORT?= <unterstutz...@frizbiz.cycloid.io>
24 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
-100 USER_IN_SPF_WELCOMELIST From: address is in the user's SPF
welcomelist
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759
