Well i can help with a plugin to automate things but i can only automate 
something once it is done a few times. Have you written the rules you think 
will help for say two of the domain's?
Have you collected example ham and spam?

You have a good idea but without specifics, i don't know the pattern we are 
looking for that matches this subset of domains.
Regards,
KAM

Marc Perkel <supp...@junkemailfilter.com> wrote:


On 8/22/2012 8:31 PM, Kevin A. McGrail wrote:
> On 8/22/2012 8:33 PM, Ned Slider wrote:
>> So if I hit all mail claiming to be sent from fedex.com that fails 
>> SPF I can easily weed out all the fakes:
>>
>> # Fedex
>> header __LOCAL_FROM_FEDEX Return-Path:addr =~ /\@fedex\.com$/i
>> meta LOCAL_SPF_FEDEX ((SPF_SOFTFAIL || SPF_FAIL) && 
>> __LOCAL_FROM_FEDEX)
>> describe LOCAL_SPF_FEDEX Fedex SPF Fail
>>
>> and if I want to make sure all the legit fedex mail gets through I 
>> can further whitelist mail from fedex that passes SPF
>>
>> whitelist_from_spf *@fedex.com
>> whitelist_from_spf *@*.fedex.com
>>
>> and that will virtually guarantee all the spam/viruses claiming to be 
>> from fedex are blocked and all the legitimate mail from fedex gets 
>> through. It's no different with banks.
>>
>> However, this approach doesn't scale particularly well. It's OK for 
>> 10 or 20 domains, but for many more it would be far easier to manage 
>> using a plugin.
> So really want you want is a plugin that can take a list of domains 
> that we've verified support SPF using -all and make that a stronger 
> score?
>
> Regards,
> KAM
>
>
>

My idea it to take a list of the most spoofed domains and create rules 
around them so that we can be 100% accurate on blocking and passing 
those specific domains. Most of these domains should be easy to detect 
once we know where they send legitimate email from. This would be a 
devastating blow to spammers.



-- 
Marc Perkel - Sales/Support
supp...@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400

Reply via email to