Well i can help with a plugin to automate things but i can only automate something once it is done a few times. Have you written the rules you think will help for say two of the domain's? Have you collected example ham and spam?
You have a good idea but without specifics, i don't know the pattern we are looking for that matches this subset of domains. Regards, KAM Marc Perkel <supp...@junkemailfilter.com> wrote: On 8/22/2012 8:31 PM, Kevin A. McGrail wrote: > On 8/22/2012 8:33 PM, Ned Slider wrote: >> So if I hit all mail claiming to be sent from fedex.com that fails >> SPF I can easily weed out all the fakes: >> >> # Fedex >> header __LOCAL_FROM_FEDEX Return-Path:addr =~ /\@fedex\.com$/i >> meta LOCAL_SPF_FEDEX ((SPF_SOFTFAIL || SPF_FAIL) && >> __LOCAL_FROM_FEDEX) >> describe LOCAL_SPF_FEDEX Fedex SPF Fail >> >> and if I want to make sure all the legit fedex mail gets through I >> can further whitelist mail from fedex that passes SPF >> >> whitelist_from_spf *@fedex.com >> whitelist_from_spf *@*.fedex.com >> >> and that will virtually guarantee all the spam/viruses claiming to be >> from fedex are blocked and all the legitimate mail from fedex gets >> through. It's no different with banks. >> >> However, this approach doesn't scale particularly well. It's OK for >> 10 or 20 domains, but for many more it would be far easier to manage >> using a plugin. > So really want you want is a plugin that can take a list of domains > that we've verified support SPF using -all and make that a stronger > score? > > Regards, > KAM > > > My idea it to take a list of the most spoofed domains and create rules around them so that we can be 100% accurate on blocking and passing those specific domains. Most of these domains should be easy to detect once we know where they send legitimate email from. This would be a devastating blow to spammers. -- Marc Perkel - Sales/Support supp...@junkemailfilter.com http://www.junkemailfilter.com Junk Email Filter dot com 415-992-3400