On 2/16/2018 12:57 PM, Alex wrote:
I think it's a mistake to whitelist (or even deduct significant
points) based on a header that can be controlled by a spammer.
We see tons of spam that has properly crafted MIDs. If you're using
procmail, it sounds like this is on a personal account, so perhaps
it's not so bad, but I wouldn't roll this out broadly.
It's just for my family domain.
If you're going to continue to use this, I'd then suggest at least
adding some other qualifiers like SPF or DKIM or
!KAM_LAZY_DOMAIN_SECURITY or !FREEMAIL_FROM etc...
Agreed. The whitelist rule isn't one I'd spread. It's the other one that
catches the malformed header that I mainly want to share. Eventually
the bad actors will catch up and fix their header but for now this seems
pretty good at spotting "lists" I didn't sign up for. When they DO fix
their header, their lists will drop into my Unknown Lists folder and
I'll adjust the rule as necessary.
