On 1/30/25 1:53 AM, Greg Troxel wrote:
Mark London <m...@psfc.mit.edu> writes:Alan, you’ve pointed out the issue with the scam emails. Specifically with the phone number. Venmo emails are doing something similar. I’m sure thst PayPal and Venmo will not do anything to stop these. PayPal knows about it. They have warnings on their website about the scams. That’s all they will do.If paypal is allowing user-generated content to leave @paypal.com with valid DKIM, then they should be immediately removed from default WL. The usual responsible practice is to have a separate domain for customer mails and company-originated mail. E.g. verizon.com vs verizon.net, google.com vs gmail.com.
Paypal[.]com has been removed from default WL in November (https://github.com/apache/spamassassin/commit/76906e0c7c064391bf832b3eb885ae74aed6c8b5) With updated rules USER_IN_DEF_DKIM_WL should not hit. Regards Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
