My eventual goal is to test for "Has google in the sender name OR
domain" and "is NOT from a ASN owned by Google".
https://www.ultratools.com/tools/asnInfoResult?domainName=Google
Am I'm not explaining myself correctly?
... nevertheless ... a valid DKIM signature by google is as good
if not a better proof that a mail is coming from Google:
full _DKIM_VALID_GOOGLE eval:check_dkim_valid(gmail.com,
googlemail.com, googlegroups.com)
header _GOOGLE_ANYWHERE_IN FROM From =~ /google|gmail/i
meta GOTTA _GOOGLE_ANYWHERE_IN FROM && !_DKIM_VALID_GOOGLE
Anyway, an ASN test would fail on mailing list mail by google senders.
A DKIM test would also likely but not necessarily fail in such mail,
depending how a mailing list is configured. For example this
SpamAssassin mailing list preserves DKIM signature validity just fine.
Mark