Alex skrev den 2024-11-07 03:02:
welcomelist_auth *@paypal.com [2] blocklist_from *@paypal.com [2]
the dkim is imho 100% invalid, there missing important headers dkim signed, eg message-id, doh, reuse forgin is very simple then
for spamassassin we could add selector blacklistning to solve thease cases
if i get the whole email unedited i can make a yara rule to catch it
------ [1] http://protection.outlook.com [2] http://paypal.com [3] http://mx9.phx.paypal.com [4] http://DU6PEPF0000A7E1.mail.protection.outlook.com
