spamassas...@linkcheck.co.uk wrote:
The code below is found in several places online and for some months I
have been trying to get it to work, but whatever I do it flags up Fail
even if the source is good. Typically I have been concentrating on
gmail: from known good contacts I always get NOTVALID_GMAIL (I have
reduced the scores to 0.01 to avoid false rejections). Is this code
known to fail or is it something I'm doing wrong?
Spamassassin version: 3.3.2
Perl version: 5.14.2
OS: Linux Mint 13
=============
The section header for the code runs...
"penalize mail claiming to be from PayPal, eBay, Yahoo or Gmail but was
not signed by their official mailers:"
---
Someone is mixing apples and oranges in that rule.
Mail from PayPal and eBay would be coming from those companies, AFAIK,
not end users. Same with email from "google.com". But 'yahoo.com' and
gmail.com are both *end-user* services. I don't know if yahoo mixes
it's official email sendings with user-email sendings, so it might be
an odd case,
But on the above list, "gmail" should be replaced with "google".
gmail allows "email-client" access via IMAPS as well as forwarding
to an external address (say 'gmail(at)tlinx(dot)org'). If one reads
gmail via an email-client, it would have to be running on an external
machine -- which means reply email would, by default, come from
an external machine (outside of gmail.com).
*If* it is possible to configure my email client to send
through gmail.com, it wouldn't be trivial, since my email client usually
has no direct access to the internet (it's behind a server that
runs a firewall). Web-access and mail both go through the server
gateway machine. This means that any gmail that comes in and is
read on my internal client machine(s), if responded to, would likely
go out through the gateway machine -- not through a 3rd party server.
So normally, email sent from my "gmail" account goes out through
my private servers -- not through a third party.
Once you involve a 3rd party, the Patriot Act (in the US) defines
anything shared or stored with them as having "no expectation of
privacy", and as such, doesn't even require a search warrant for
law-enforcement access. Not only is there no official oversight of
searches, but usually the 3rd party is "gagged" from telling anyone
that their 3rd-party handled material was searched or even that any
search was done. In some instances, even contacting a lawyer for
advice or defense, can be considered a violation of the gag rule!
Third parties include any cloud services or storage (a major
impediment to US-based website-hosting and cloud providers).
In other words, any rule that lumps end-user email in the same
class as official, company-only email is flawed. Email from
company-private domains (paypal.com, ebay.com, google.com) come
from company "representatives", which likely, *should* becoming
through official company email servers. However, email coming
from user-email domains (e.g. gmail) that can be read w/o
logging into google w/your web-browser, should not be expected
to only come from official company email servers.
Obviously, any individual can filter out and block any email
they want, but I'm arguing against such a rule being part of
an email-integrity check distributed by a multi-user-serving
project like SpamAssassin.
-l
