Hi, On Fri, Feb 16, 2018 at 12:41 PM, Kenneth Porter <sh...@sewingwitch.com> wrote: > I just put this into service. I'm white-listing mailing lists. Most go to > their own folder via procmail filtering, and unrecognized ones go to the > folder Lists/Unknown until I write a procmail rule. But this rule should > catch lazy abusers. After a bit more experience I'll crank up the punishment > score for those. > > header __KP_LIST_ID_DOMAIN_IN_BRACKETS List-id =~ /<([\w-]+)?(\.[\w-]+)+>/ > > describe KP_LIST_ID_DOMAIN_IN_BRACKETS List-id has domain in angle brackets > meta KP_LIST_ID_DOMAIN_IN_BRACKETS __KP_LIST_ID_DOMAIN_IN_BRACKETS > score KP_LIST_ID_DOMAIN_IN_BRACKETS -15.0 > > describe KP_LIST_ID_IMPROPER_FORMAT List-id has improper format > meta KP_LIST_ID_IMPROPER_FORMAT __HAS_LIST_ID && > !__KP_LIST_ID_DOMAIN_IN_BRACKETS > score KP_LIST_ID_IMPROPER_FORMAT 0.1
I think it's a mistake to whitelist (or even deduct significant points) based on a header that can be controlled by a spammer. We see tons of spam that has properly crafted MIDs. If you're using procmail, it sounds like this is on a personal account, so perhaps it's not so bad, but I wouldn't roll this out broadly. If you're going to continue to use this, I'd then suggest at least adding some other qualifiers like SPF or DKIM or !KAM_LAZY_DOMAIN_SECURITY or !FREEMAIL_FROM etc...
